Office of Cyber Security & Critical Infrastructure Coordination

Save the Date!
10th Anniversary
NYS Cyber Security Conference
June 6-7, 2007

2006 NYS Cyber Security Conference

June 14 - 15
Empire State Plaza - Albany, NY

Confidentiality Integrity Availability

The 9th Annual New York State Cyber Security Conference, held June 15 and 16, 2006 in Albany, New York was a great success with the attendance of over 1,000 participants. The Conference was sponsored by the NYS Office of Cyber Security and Critical Infrastructure Coordination (CSCIC), the NYS Forum, Rockefeller Institute of Government(New Window) (NYS Forum) and the NYS Center for Information Forensics and Assurance at the University at Albany(New Window) (CIFA).

This year’s theme was CIA: Confidentiality, Integrity, Availability, the three cornerstones of information security. Once again, we welcomed an expanded audience from State, county and municipal governments, academia, nonprofits and the private sector. The Conference featured engaging sessions from industry experts and provided networking opportunities that crossed sector and state lines.

This year’s Conference marked the first time an entire track was dedicated to local government employees and officials. CIFA, as a Conference sponsor, offered the Symposium on Information Assurance, in conjunction with the Conference for the first time as well.

The VIP Reception was held at the historic Palace Theatre in Albany with two featured keynotes: Derek Slater, Editor-in-Chief, CSO Magazine and George Samenuk, Chairman and CEO, McAfee, Inc.

Professor Sanjay Goel and his CIFA team helped to kick the event off on June 14th with a wireless attack demonstration. The Introduction was given by William Pelgrin, Director of NYS CSCIC, followed by the Welcome provided by Rochelle Stein, Supervisor of the Town of LeRoy, NY. The featured keynote was presented by Dr. Edward G. Amoroso, Vice President, AT&T Chief Security Officer and AT&T Client Executive for the State of New York.

We wish to thank all who participated and whose efforts and talents contributed to making this event a continued success! We look forward to another great session in 2007.

Conference Session Agenda ( pdfpdf )

Opening Day Events

Keynote

Edward AmorosoEdward G. Amoroso
Vice President
AT&T Chief Security Officer and
AT&T Client Executive for the State of New York

Dr. Amoroso's present role involves leading the corporate-wide global network security protection initiatives for AT&T. This involves 7 by 24 protection of AT&T's vast IT and network infrastructure base. It involves management of several hundred security specialists, engineers, analysts, and developers charged with building security services for AT&T and its clients. Ed's team supports active military-style protection for AT&T round-the-clock, including best-in-class services for firewall management, intrusion detection, anti-virus services, managed authentication, and PKI.

Ed held a previous position as Technical Division Manager in AT&T Laboratories in affiliation with AT&T Government Markets, National Information Systems. In that role, Ed led a large team of security engineers located around the country that were responsible for research and development in intrusion detection, emerging data network service security infrastructure design, Internet and intranet security engineering, public key technology and infrastructure issues, Internet and intranet firewall and router integration, and client/server authentication techniques.

During his 19 years with AT&T, Ed has been involved in a variety of different computer and network security projects. He helped engineer the security-enhanced UNIX System V/MLS operating system which underwent formal B1 Orange Book certification in 1989. He was chief author of the Trusted Software Development Methodology created for the Ballistic Missile Defense Organization in the late 1980s. He was also lead security engineer on the development of the US Army's Sustaining Base Information Services (SBIS) massive network infrastructure.

In addition to his duties at AT&T, Ed has also written or co-authored a large number of scientific papers and three books, the latest one entitled "Intrusion Detection - An Introduction to Internet Surveillance, Correlation, Traps, Trace-Back, and Response" (1999). A fourth book on protecting national infrastructure from cyber attack is expected later in 2006. He is a frequent lecturer around the world on topics related to the Internet and network security. Ed also has held an active adjunct faculty position in the Department of Computer Science at the Stevens Institute of Technology, Hoboken, NJ since 1989.

“Innovations in Network Security�
Recent innovations in IP network-based security suggest that a more carrier-centric model could be more effective for most organizations. Drawbacks in the perimeter approach are outlined and shown to be addressed by novel "in-the-cloud" mediation, intrusion detection, filtering, and warning notification. Examples are drawn from practical applications of network-based security in AT&T's IP backbone network, with particular attention to recent worms and denial of service attacks. Suggestions for infrastructure cyber security improvements are offered as well.