This section will contain featured articles and minutes from our monthly and quarterly meetings; and any special events that members or officers may participate in and want to provide feedback.
To submit an article for this section, please send your document to: Oklahoma InfraGard
October 2, 2013 – Information Warfare Summit (IWS) 6 Conference
Our sponsors for the 2013 event included:
The event agenda included:Agenda Track 1 – West Track (Northwest Hall)
08:00-08:30 Doors & Registration open
08:30-09:50 video telecast from West Track – Welcome and Keynote: Brian Tokuyoshi
10:00-10:45 Charlie Southern, “Logs and Backups: The Best Offense, Yet Worse Defense against Insider Threats”
11:00-11:50 video telecast from West Track – Keynote: Brenda Santos
12:00-12:30 Lunch with Websense in Northwest Hall Atrium
12:30-13:15 Rich Lay, “e.p.c.D. (Help Fight the Evil)”
13:25-13:45 Dan Weaver, “Encryption for Newbies”
13:45-14:00 Ice Cream Break with Rapid7 in Northwest Hall Atrium
14:00-14:45 Tim Elrod, “Pentesting Pitfalls”
14:55-15:15 Mia Bottoms, “The Carebear Stare & the Reading Rainbow”
15:35-16:20 Sean Satterlee, “I Am Your Insider Threat”
Mia Bottoms is a local technology enthusiast with roots in IT, equipment mods, and general puzzle solving.
Childhood Philosophies against adult threats, minimizing and eliminating insider threats through education and loyalty are covered in “The Carebear Stare & the Reading Rainbow”.
Tim Elrod of Bastard Labs has been in information security for over ten years and has spoken at multiple Information Security conferences including BlackHat USA and DefCon. He enjoys pushing the cutting edge of information security and affecting the industry as a whole, and has helped multiple companies come into compliance with a variety of federal and industry regulations including HIPAA, GLBA, SOX, and PCI.
“Pentesting Pitfalls” will cover common pitfalls that companies fall into when conducting a penetration testing engagement. Discussing these challenges will provide you with solutions to help maximize the effectiveness of your next Penetration Test.
Michael Haney is currently pursuing his Ph.D. in Computer Science at the University of Tulsa. He holds CISSP, GSEC, GCIH, GCIA, GCFA, and QSA, as well as several CNSSI certifications. Having worked in IT for 15 years and focused on information security for the past 13, he has seen many things go right with information security policies and practices, and many things go very wrong.
Discussing the interdependencies of various IT operations procedures and policies, examining how they help (or hinder) preparation for a cybersecurity disaster, and strategizing how being prepared for cyber security incidents to occur, organizations can become better at “Seeing Clearly through the Fog of War”.
Jeff Landrith works for L-3 National Security Solutions. His interests are privacy and cyber warfare.
“3-D Printing and the 3-D Printed Plastic Gun” is a discussion of where 3-D printing is now, how it is changing the manufacturing landscape, and how items such as weapons are readily available to the public of all ages.
“Circle of Friends – Your Greatest Enemy” is based on how to infiltrate or defend from being infiltrated using social media and personal contacts as a starting point.
James Lawler is (in no particular order) a civilian, Guardsman, paranoid Security Analyst, student, and happy husband. He also happens to work for 21CT and the Air National Guard.
The need for data analytics and visualization in security analysis is evident. Learn to “Make Your Data Dance” to uncover some common myths of Big Data and the definition of analytics in network security monitoring with free open source software. Learn definitions of visualization and see how our tool, LYNXeon, does this with intelligent data analytics and visualization.
Rich Lay is a native Oklahoman and has been a Special Agent with the FBI for over 16 years. His area of investigative emphasis has been computer intrusions, with a little economic espionage thrown in for good measure.
“e.p.c.D.” will share some things YOU can do to help fight the evil!
Brenda Santos is an information security and strategist officer for Websense, Inc. With 20 years of IT infrastructure and information security industries experience, she counsels global security teams, CSOs, CIOs and CISOs on best practices to prevent advanced attacks and data theft.
“Rethinking your Security Strategy: Fend off Attacks with New Models and Methods” helps you hit the refresh button on your cybersecurity program. Learn how to identify your greatest vulnerabilities and deploy new tactics that stop advanced attacks in their tracks.
Sean Satterlee is the principal security consultant for NetSource Secure, a Denver-based firm with a strong presence in Oklahoma for multiple verticals. Sean has spoken at IWS since its inception as well as at DefCon 21, rmisc, Berlinsides, ph-neutral, TOG hackerspace, root-66, innotech Oklahoma, 2600.net, ISSA, and Rapid7's Security Summit. Sean is one of the founders of BlueAnt Security and the DC405, and is currently active in the Oklahoma hacking scene.
“I Am Your Insider Threat” fills the physical gaps in InfoSec, addressing some uncommon and not- so-common attack vectors that are usually overlooked by industry professionals.
Matthew Seyer is a consultant at G-C Partners, LLC where he is currently focusing research efforts around file system journal forensics. He has recently presented with David Cowen at CEIC, SANS DFIR Summit, and multiple webcasts. They conduct the Forensic Lunch every Friday at noon on Google Hangout. You can follow Matthew on twitter @forensic_matt.
A look into file system journaling and its purpose, “File System Journal Analysis" can provide valuable information in both digital forensics and incident response. Three common file system journals will be discussed (NTFS, EXT3/4, HFS+) and the types of information they can retain.
Charlie Southern is co-founder of Stuph Labs, Senior Data Engineer at ONEsite, a member of OKC LUGnuts and OKC2600/DC405, and a free software advocate.
“Logs and Backups: The Best Offense Yet Worst Defense against Insider Threats" discusses the pros and cons of log management.
Brian Tokuyoshi is a Senior Solutions Analyst for Palo Alto Networks, where he researches the mobility and wireless network security landscape. Brian has an extensive career in computer security, with domain expertise in encryption, data protection, and identity.
Dan Weaver runs a managed services company (aka Bastard Labs) in Oklahoma City, where he occasionally finds time for his passion, Information Security. He is a regularly contributing member of the DC405 and Oklahoma City 2600 groups.
Calvin Weeks is President of Calvin Weeks & Associates, LLC, an Oklahoma-based corporation providing electronic discovery, technology litigation support, managed security and computer forensics services for a wide range of clients including members of the private sector and attorneys.
“Insiders: How to Detect and Respond to Your Biggest Threat” will provide conceptual and procedural foundationd to help you protect your organization from the threats within, because unlike malicious code, technology doesn’t exist to protect you from insider threats.
Below are the 2013 photographs from the IWS 6 event:
October 3, 2012 – Information Warfare Summit (IWS) 5 Conferenceo:p>
Our sponsors for the 2012 event included:
Primary Event Sponsors
Ice Cream Break Sponsor
The event agenda included:
Track 1 - Large Conference Area
08:00-09:00 Registration open
09:00-09:15 Dan Connett and Kevin Turner, “Welcome to Information Warfare Summit V”
09:15-10:15 Keynote: Bill Payne, “Wireless???”
10:20-11:05 Justin Tibbs
11:10-11:45 Justin Williams
11:50-12:30 Alan Abrams, “Building an InfoSec program in an e-commerce company”
12:30-13:00 Lunch with ISSA / IOMA
13:00-13:40 Sean Satterlee, “Physical Insecurity”
13:45-14:15 Charles Fair, “It's Full Of Stars!”
14:20-14:50 Chris Rooney, “Simple HBSS//ePO tricks for spotting malware without a signature”
15span style="letter-spacing: -.05pt">:00-15:45 Charlie Sutherland
15:50-16:30 Rhett Greenhagen, “Deception: Counter-intelligence and Counter-Exploitation within the network”
16:30 Concluding remarks
2 - Small
10:15-12:20 30 minute slots, 5 min setup, 20 min talk, & 5 min tear down
10:20-10:50 Mia Bottoms, “Rooting for Squares”
10:50-11:20 Anthony Towry, “Up and Running with Cortana”
1/span>1:20-11:50 Derek Hubbard, “Physical Security: Methods of Circumvention”
11:50-12:30 Danny Weaver “Worms: Old and New”
12:30-13:00 Lunch with ISSA / IOMA
13:00-16:30 1st Annual Bastard Labs Mini-Con
The Bastard Labs Research Team is bringing a taste of old school hacker cons to the IWS with the first ever Bastard Labs Mini-Con. Our researchers will hit you with technical knowledge presented with that unmistakable Bastard Labs style that will have you owning the world in no time.
Speaker Bios and presentation summaries:
Alan Abrams, CISSP, is an information security professional with ten years of experience in Information Technology. He has held positions in a variety of industries including Health Care, Financial, Government, Retail, and E-commerce, obtaining experience in penetration testing, risk assessments, network and computer forensics, security architecture, engineering, and compliance. Alan currently holds the position of Manager, Governance and Compliance with Teleflora, the largest wire floral service in the world. He is an active board member on the board of IT Curriculum for Oklahoma State University Oklahoma City, having also been a member of many Oklahoma City and Dallas information security groups.
“Building an InfoSec Program in an e-Commerce Company”
Bastard Labs is a loosely organized group of vulnerability researchers dedicated to the discovery and exploitation of security flaws in major operating systems and software packages. They have been credited with discovering vulnerabilities in everything from major network operating systems to enterprise level security software.
Mia Bottoms is a local technology enthusiast with roots in IT, equipment mods, and general puzzle solving.
“Rooting for Squares” provides a broad overview of the process of gaining root access to an android device, with pictorial demonstration. General assessment of the pros and cons of root access will be covered, with an emphasis on the capabilities gained after rooting.
Charles A. Fair is an independent information security researcher and a U.S. Army Staff Sergeant (SSG) Cyber Incident Responder with the Oklahoma National J6 Guard Computer Network Defense Team (CNDT-NGOK) for the past ten years, originally from Oklahoma City. He has lived in a variety of locations and countries, returning recently from a four year assignment to Iraq and Kuwait. Chuck has worked in a variety of positions in both the private and military sector as digital information security, intelligence, independent researcher, military parachute team demonstrator, and an Airborne Infantry Paratrooper with the 504th Parachute Infantry Regiment of the 82nd Airborne Division. Chuck is a regular at Black Hat, DEFCON, and other information security/hacking-enthusiast conferences.
“It's Full of Stars!” addresses malicious network traffic visualization.
Rhett Greenhagen has worked for the U.S. Government in multiple contracting positions since the age of 20, working for the Air Force, Army, and other agencies within Department of Defense (DoD). He is currently the primary Incident and Forensics Analyst for the largest DoD data center in the United States. Rhett specializes in cyber counter-intelligence, anti-forensics and penetration testing.
Most advanced cyber-attacks are used for intelligence purposes. “Deception: Counter-Intelligence and Counter-Exploitation within the Network” will discuss tools, ideas, and methods to counter intelligence gathering within the network. From stealing financial data and combining it with work orders to form actionable intelligence on troop strength, to hijacking Voice over IP communication between units. All of these attacks put us at a greater risk. The role of cyber counter-intelligence units is to mitigate and stop this threat for harming U.S assets and commands.
Taylor Hayes is an Infosec enthusiast and independent IT Consultant with five years IT experience and over 13 years of working with people. His specialty is in studying how people give away sensitive information is the basis for his “Social Engineering – People are the Weakest Link” presentation.
Derek Hubbard’s “Physical Security: Methods of Circumvention” will focus on how attackers are exploiting the weaknesses in physical security.
Bill Payne is the Wireless Information Assurance Program Manager (WIAPM) for the FBI Security Division. His program is responsible for ensuring awareness of and FBI compliance with National, Departmental, Intelligence Community (IC), and industry best practices and regulations for current and emerging wireless technologies. Located in Washington, D.C. , Bill is an internationally published technology author and holds eight patents in the semiconductor industry. Bill is also an amateur radio operator and holds an Amateur Extra license, is a member of the SKYWARN network, and has a FCC Radio Authorization for a GMRS radio station. Mr. Payne is also member of the Committee on National Security Systems (CNSS) wireless working group for federal classified systems.
“Wireless???” addresses (at the unclassified level) aspects of the paradigm shift that occurs with the introduction of wireless technologies into an organization. It will discuss changing requirements for supporting wireless technologies, legal aspects, risks, and threats with these technologies. The introduction of the concept of "Defensive Counter Intelligence" will also be presented.
Chris Rooney is a senior incident handler with additional responsibilities in network- and host-based IDS and IPS systems, vulnerability management, and security testing. Chris started at a helpdesk before moving on to network and systems administration, satellite communications and eventually information security. Chris has too much time on his hands, spending most of his time preventing others from doing whatever dumb thing he just did.
“Simple HBSS/ePO Tricks for Spotting Malware without a Signature” will discuss how the HBSS/ePO has several methods for announcing possible malware even when signatures don't exist. Learn how to listen using simple tricks.
Sean Satterlee (0hm, b0xadjuster) is the Principal Security Consultant for Netsource, a Denver based corporation that hosts Netsource Labs security research division. Sean is an international speaker and panelist on security matters, having won and or placed in several DEFCON competitions. He has experience with Tribal Government, Tribal Gaming, Health Industry (HIPAA/HITECH Security Specialist) U.S. Federal contracting and consulting with agencies including DoD, NSA, and the US Marshall's service. Sean was one of the founding members of the OHMspace in Oklahoma City as well as a founding partner for BlueAnt Security. Sean started his career just before the turn of the century as a teenaged Network Security Admin with PSINet. Sean has been described by the hacking community as "leaving a litter of broken and/or shelled systems in his wake".
“Physical Insecurity” fills the physical gaps in InfoSec, addressing some uncommon and not- so-common attack vectors that are usually overlooked by industry professionals. In an industry where the next 0day is all hype, physical security gets overlooked on a day-to-day basis. Surprisingly, the old adage of, "I have boot, I have root" still applies. Sean will go through reconnaissance methodology, social engineering, and breaching physical security. This talk will also cover why knowing how to "dox" someone using OSINT (Open Source Intelligence) will assist you in a penetration test and more properly hone your attack attempts for social engineering as well as spear-phishing/whaling attempts.
Below is a collection of photographs from the IWS 5 event:
Our December monthly meeting was held in OKC at the Symposium Conference Room of the Presbyterian Health Foundation (PHF) Conference Center. Elaine Dodd, our InfraGard Banking and Finance Sector Chief (see below), discussed recent fraud activities related to bankers and customers (both personal and retail), which included a discussion of the recent debit card breaches, ACH batch fraud and other scams. Elaine discussed the layers of security that banks are now employing and explore ways that our cyber experts can help on this frontier. As the issues change daily, this was an up-to-the-minute exploration of a topic that impacts us all.
Additionally, Supervisory Special Agent Matt Harper (not shown) provided an overview of "US v Petrov, Krivosheev, and Illarionov", which was an online wire fraud case where a small Oklahoma company initially lost approximately $1.2 million via unauthorized wire transfers out of their bank account. The Oklahoma FBI Office worked the investigation, which recently concluded in a trial where two of the subjects were convicted.
Our November 3rd monthly meeting was held in OKC, at the Symposium Conference Room of the Presbyterian Health Foundation (PHF) Conference Center; and was broadcast via video conference to our Satellite Organizations at OSU Tulsa and to our Satellite at Western Oklahoma State College in Altus.
The presentation addressed "Education Sector", which is 1 of the 18 Critical Infrastructure and Key Resource (CI/KR) sectors established by the U.S. Department of Homeland Security (DHS). Our scheduled speaker was Troy Milligan and his presentation will focus on the Family Educational Rights and Privacy Act (FERPA).
Troy is Director of Institutional Research at Redlands Community College, the President, 2009-2012, of the Oklahoma Association for Institutional Research & Planning (OKAIRP) and a member, 2010-2013, of the POISE Users Group to advance the effective utilization of the software products sold by Campus America, Incorporated.
Ken Ontko opened the Meeting with several announcements prior to introducing Troy Milligan. Our first order of business was to recognize several members of the management from on of our Platinum Sponsors, the Presbyterian Health Foundation. Accepting on behalf of Michael D. Anderson, Foundation President and CEO., J.R. Caton, Vice President and Tim Finkle, Director, Executive Conference Center was Tim Finkle (shown below) receiving all three "certificates of appreciation" from Assistant Special Agent in Charge of the Oklahoma FBI Office, Greg Melzer.
Following the awards ceremony, Ken introduced Troy, who proceeded to provide a concise, but thorough review of FERPA. The Family Education Rights and Privacy Act of 1974, commonly known as FERPA, is a federal law that protects the privacy of student education records. Students have specific, protected rights regarding the release of such records and FERPA requires that institutions adhere strictly to these guidelines. Therefore, it is imperative that the faculty and staff have a working knowledge of FERPA guidelines before releasing educational records.
On October 6th, we held our third Quarterly Conference, which was at the Francis Tuttle Bruce Gray Center, 3500 NW 150th St., Oklahoma City, OK 73134. The Critical Infrastructure and Key Resource (CI/KR) theme for October was the Information Technology sector in general and Cyber Security specifically.
This was a "joint conference" with the Information Systems Security Association (ISSA), the InfraGard Oklahoma Members Alliance (IOMA) and the Association for Contingency Planners (ACP).
Information Warfare Summit III Agenda
7:30 Registration Opens -- 170 IOMA members and guests participated in this event
8:15 Opening Remarks by Ken Ontko, Eryn Tribble and Kevin Turner (MC) [below left]; and Assistant Special Agent in Charge of the Oklahoma FBI office, Greg Melzer [below right], acknowledged the FBI's commitment to InfraGard, explaining the value of the information his office receives from our members; ASAC Melzer expressed his appreciation for the contributions from the InfraGard officers, board, ISSA, ACP and others involved in the planning and preparation for this event.
8:30 Tim Elrod - "Adventures in Limited User Post Exploitation"
Just how much damage *can* be done with EIP under a non-Administrative Windows environment? Much, much more than you likely think. Through new techniques and live examples, attendees will be guided through the modern day attack surface of a restrictive corporate Windows world. Based purely on the Windows privilege model, demonstrations and new code will cover techniques related to collecting and replaying passwords and password hashes, destroying the browser trust model, attacking the network and the domain, and more, all without administrative access.
Moving into a world of Windows Vista, 7, and hardened XP environments, the days of easily popping shells with Admin access are becoming less common. When a Limited User is exploited via client side vulnerability, damage is often believed to be lessened due to the inability of attacker code to access sensitive portions of the OS, such as those containing passwords and password hashes, without an additional privilege escalation exploit. Despite conventional wisdom from vendors and security press, taking your users out of the 'Local Administrators' OU doesn't mean your environment is magically protected from privilege-agnostic attackers.
9:30 Sean Satterlee - "Egress: What's better than walking out the door?"
Long gone are the days where hackers simply broke in to a network to read data, break a system, or deface a website. The modern hacker is interested in stealing data for profit. This can be realized by a short-term vulnerability where the hacker is in and out, but often it's a long term penetration where the intruder sits for months inside your system collecting data. Hear this explanation of how easy it is to remove data from a secured network and how that stolen information is exploited.
10:15-10:45 am Justin Williams - iPhone Hacking--Jail Breaking iPhone 3 and 4
Justin demonstrated several established vulnerabilities on the iPhone 3 and Wowed the audience with a "zero day" weakness on the iPhone 4.
10:45-Noon - DC405 Presents "Hacking in Real Time" — a real time demonstration of what hackers do: finding vulnerabilities and exploiting them.
DC405 is a information security/technology user group located in Oklahoma City, OK. Organized in October 2007, the DC405 group was created under the DEFCON groups' banner to provide group members an opportunity to discuss interests and share technical presentations. DC405 members are active in the IT, InfoSec, and technology industries. Below, Sean, Justin, Tim and Kevin collectively showed their collective skills on several different platforms and operating system vulnerabilities.
Noon-1:00pm - Box Lunches for a majority of our attendees, courtesy of FishNet Security
1:30-2:25 pm - Lloyd Smith - "Improving Total Continuity of Operations"
To meet the threats of the future (including Cyber attacks) total Continuity of Operations is required. Effective emergency response, disaster recovery for IT, business continuity for functional continuity and government and community continuity to ensure public safety, the protection of our infrastructure and continuation of necessary and desired services for communities, employees and families are required. Col Smith discussed the compelling case for continuity planning to include issues and considerations. If all components don't recover effectively, severe operational, economic, community and personal impacts will likely result. He discussed essential basics and best practice principles for successful contingency planning as well as shared responsibilities. The presentation included lessons learned from disasters and trends and challenged future contingency planning to include these requirements for effective cyber security.
2:30-3:45 pm - Dr. John Hale - "Transforming the Risk Assessment Pipeline"
Information security risk assessment methodologies are typically driven by a loosely connected set of processes that integrate a mixture of quantitative and qualitative data. The ad hoc and subjective nature of these methodologies hinders objective analysis of security risk and stunts the opportunity for a more systematic and sweeping application of risk management principles in the system development life cycle. This presentation characterizes the risk assessment pipeline and describes on-going research in the Institute for Information Security at The University of Tulsa to develop next generation technologies for IT. iSec researchers are developing an array of technologies -- centered around adversary profiling, mission modeling, adaptive attack graphs, and real time attack management -- to improve the state of the art for risk assessment. Their efforts are aimed at seamlessly integrating an objective and unified collection of solutions into the pipeline, affording a more refined view of risk to support informed security decision making.
4:00 Closing remarks and door prizes.
Door prizes included two Kindle wireless electronic readers, two 500GB external hard drives, two $100 American Express gift certificates and a many other nice items donated by several of our generous sponsors.
Our September 1st monthly meeting was held in OKC at the Symposium Conference Room of the Presbyterian Health Foundation (PHF) Conference Center; and was broadcast via video conference to our Satellite Organizations at OSU Tulsa and to our newest Satellite at Western Oklahoma State College in Altus.
The presentation addressed "National Monuments", which is 1 of the 18 Critical Infrastructure and Key Resource (CI/KR) sectors established by the U.S. Department of Homeland Security (DHS). Our scheduled speaker was Leon Gillum, Director of Security for the Oklahoma City National Memorial.
Ken Ontko opened the Meeting and introduced Mr. Gillum (below).
Mr. Gillum's topic was on our very own Oklahoma City National Memorial-Then and Now. He talked about the events that led to the creation and building of the Memorial and discuss the ownership and operations of the Memorial focusing on general safety, security issues and the resolutions.
Leon came to the Memorial after retiring from the Oklahoma State Bureau of Investigation as Inspector-in charge of the Criminal Intelligence Unit. He was a responder and investigator with the FEMA-DMORT team during the April 19, 1995 bombing of the Alfred P. Murrah Federal Building. A former police officer, undercover narcotics agent and US Marine, Mr. Gillum holds a Bachelors Degree in Social Psychology and a Masters Degree in Criminal Justice Administration.
Our August 4th monthly meeting was held in OKC at the Symposium Conference Room of the Presbyterian Health Foundation (PHF) Conference Center; and was broadcast via video conference to our Satellite Organizations at OSU Tulsa and to our newest Satellite at Western Oklahoma State College in Altus.
The presentation addressed "Healthcare and Public Health", which is 1 of the 18 Critical Infrastructure and Key Resource (CI/KR) sectors established by the U.S. Department of Homeland Security (DHS). The topic was the Oklahoma Medical Reserve Corps (OKMRC), which is Oklahoma's only medical and public health volunteer program. The OKMRC is a statewide system comprised of specialty teams, and county units operating under the authority of local county health departments. In a large-scale event that impacts or threatens the health of a community, local emergency response systems and personnel will likely become overwhelmed and OKMRC volunteers may be requested to assist with preparedness, response and recovery efforts. The OKMRC may also be utilized to strengthen Oklahoma's public health infrastructure by participating in activities which promote the U.S. Surgeon General's initiatives.
Ken Ontko opened the Meeting and introduced the speakers: Kendal Darby (below left) and Debra Wagner (below right)
Kendal Darby received her Bachelor of Science degree from Oklahoma State University in 1997. In 2005, she completed a Master of Public Health at The University of Oklahoma and was the first graduate with a degree in Public Health Preparedness and Terrorism Response. Kendal currently works for the Emergency Medical Services Authority (EMSA) as the Oklahoma Medical Reserve Corps State Administrator.
Debra Wagner, CVA, is a native of Western New York. She earned a Bachelor's Degree with honors in Criminal Justice and Sociology from Alfred University in May of 1988. She has experience in security management, law enforcement, child protective services, and mental health case management. Debra earned her Professional Certification in Volunteer Administration in October of 2008, and is one of less than 1,000 individuals worldwide who hold this credential. She has been featured twice in the Volunteer Management Report publication, and presented at the National Healthcare Preparedness Evaluation and Improvement Conference in Washington, D.C. in July of 2009, and the Public Health Preparedness Summit in Atlanta, GA in February 2010. She recently earned licensure as an EMT-B, and will begin work on a Masters in Public Safety Administration in August.
On July 14th, we held our second Quarterly Conference at the Francis Tuttle Bruce Gray Center, 3500 NW 150th St., Oklahoma City, OK 73134. The conference focused on the "Chemical and Transportation Sectors", which are 2 of the 18 Critical Infrastructure and Key Resource (CI/KR) sectors established by the U.S. Department of Homeland Security (DHS).
Chemical and Transportation Sector Conference Agenda
51 IOMA members and guests registered the day of this event
8:30-8:50am Welcome and Opening Comments
Ken Ontko, IOMA President, welcomed those in attendance; following a brief review of the facilities and emergency exits, Ken asked Linda Baggett to come to the podium and she was recognized for all the work she did in preparation for the event.
Assistant Special Agent in Charge of the Oklahoma FBI Office, Greg Melzer, acknowledged the FBI's commitment to InfraGard, explaining the value of the information his office receives from our members; ASAC Melzer expressed his appreciation for the contributions from the InfraGard officers, board and others involved in the planning and preparation for this event.
Ken Ontko introduced Martin Rojas.
8:55-9:50 am Martin Rojas - VP of Security, American Trucking Association
Presentation: Trucking industry security/Information sharing update: An overview of current ATA Industry security standards and trends
Martin provided a view of the challenges associated with establishing and ensuring that appropriate security measures are in place to protect drivers and to classify the categories of freight being transported across the U.S. He explained that 80% of U.S. communities depend solely on trucking industry deliveries.
Bio: Martin Rojas serves as Vice President for Security and Operations at the American Trucking Associations ("ATA"). Prior to his present job he was Executive Director for Safety, Security and Operations since 2004 and Director of the Office of Customs, Immigration and Cross-Border Operations since 1999 at ATA. He joined ATA in 1996 as its Director for International Affairs. Established in 1933, ATA is the national trade organization representing the interests of the U.S. trucking industry. His primary duties are to coordinate ATA's security related policies and activities impacting the trucking industry, focusing on making the movement of trucks throughout North America as safe, efficient, effective and secure as possible. He served as the first Chair of the Highway and Motor Carrier Sector Coordinating Council ("SCC") established by the Department of Homeland Security ("DHS") and served as an industry representative to the Subcommittee on Transportation of the Commercial Operations Advisory Committee ("COAC") designing the Customs - Trade Partnership Against Terrorism ("C-TPAT") and the Free and Secure Trade Program ("FAST"). He has been active in the implementation of various security and trade programs including background-check programs, such as the TWIC and for Hazmat Endorsements, the Bioterrorism Act, Air Cargo Security, Trade Act requirements, among others. Mr. Rojas works closely with ATA's private sector counterparts in both Canada and Mexico in improving cross-border operations throughout North America, and in finalizing the implementation of the North American Free Trade Agreement ("NAFTA"). He also serves as ATA's representative before the International Road Transport Union (IRU), based in Geneva, Switzerland. Prior to joining ATA, Mr. Rojas worked since 1992 for the U.S.-Mexico Chamber of Commerce representing and developing positions for private sector interests towards the implementation of NAFTA. Mr. Rojas holds a BA in International Affairs and a Masters in Public Administration, both from the George Washington University in Washington, D.C.
10:00-10:50 am Steve Niswander - VP Safety Policy and Regulatory Relations, Groendyke Transport, IOMA Member
Presentation: Hazardous Materials Security in the Tank Industry (shipper & consignee), in the Chemical Sector Steve took a deeper dive into the risks and threats associated with transporting hazardous materials, including the regulations and standards that must be observed to avoid mixing volatile combinations in the same shipment. He also pointed out the danger associated with improper cleaning and maintenance of transport container trailers and what can happen if improper maintenance allows leakage between compartments.
Bio: Steve Niswander grew up in Ohio and came to Enid Oklahoma in 1967 in the United States Air Force stationed at Vance Air Force Base. He graduated from Phillips University in 1975 with a BS in Business Management and Economics and has been employed at Groendyke Transport for over 32 years in the Safety arena, the last 17 years as Vice President of Safety for Groendyke. Steve is a member of the American Trucking Association, currently the Chairman of the Hazardous Material Committee. He is also a member of the National Tank Truck Carriers (NTTC), having served as Chairman of the NTTC Safety Management Council and over the past 5 years has been Chairman of the Tank Truck Rollover Committee. For the past 25 plus years a member of the Commercial Vehicle Safety Alliance and have served on the Hazardous Material Committee the entire time, also the past chairman of the Industry Advisory Committee at CVSA. Steve has been the past chairman of the Oklahoma Trucking Association and twice Chairman of the Oklahoma Safety Management Council. For the past 5 years he has served on the Committee for the "Transportation of Hazardous Materials in the United States" under the direction of the Transportation Research Board appointed by the National Academies and have just been appointed to the HM-13 Project Panel on "Cargo Tank Rollover Factors, Prevention, and Mitigation", by the Transportation Research Board. Steve is also a member of American Transportation Research Institute (ATRI), Research Advisory Committee (RAC) and has served on the Industry Advisory Committee of the American Law Firms Association.
10:55-Noon - T.W. Shannon - Oklahoma State House of Representatives, 51st Legislature
Presentation:Oklahoma Transportation Update TW Shannon provided a transportation update that was Oklahoma centric, and addressed transportation funding, critical infrastructure updates, and recent funding increases to deal with the aging and failing roads and bridges. He reviewed the legislative budgeting process and the challenges associated with the Transportation Committee, which he chairs.
Bio: T.W. Shannon is a Business Consultant, a graduate of Cameron University, with a B.A. in Communications and has a Juris Doctorate from Oklahoma City University. He is a 6th generation Oklahoman and 3rd generation Lawtonian. T.W. is an enrolled member of the Chickasaw Nation. He is a former Congressional Staffer having worked for U.S. Representatives JC Watts and Tom Cole.
1:30-2:25 pm - Rod Fulenwider - Managing Director, Pinkerton Consulting and Investigation, Member of InfraGard, South Texas
Presentation: "2010 Transportation Security" Product/cargo theft, profile of perpetrators, and analysis of transportation best practices
Rod Fulenwider detailed out the current threat environment facing the trucking industry in general, including sabotage, insider threats, and load theft. He also addressed how to go about analyzing the transportation security vulnerabilities for our organizations.
Bio: Rod Fulenwider is the Managing Director for the South Central Region of Pinkerton Consulting and Investigations. Prior to Pinkerton he was the Sales Director for RCI Safe Solutions (specializing in creating custom Loss Prevention and Safety Awareness Programs). Rod has also served as Vice President of Operations for INEX Worldwide (Homeland Security Company) and as Division Security/Investigations Director for Loomis Fargo (cash handling, investigations, risk avoidance, claims management). Prior to Loomis Rod was the Corporate Director of Loss Prevention for Blockbuster Entertainment (responsible for internal investigations, LP for franchise stores, distribution/supply chain, RFID, EAS, CCTV, safety policies and security procedures for stores and distribution center, executive security, disaster recovery and workplace violence). Rod was a Regional Asset Protection Manager for Sears in Ohio, West Virginia and Michigan. Prior to his time with Sears Rod was also the first Corporate Security Manager for Exel Logistics focusing mostly on internal and external theft both domestically and abroad. His start within the Loss Prevention profession began as an Assistant LP Manager for Neiman Marcus Direct investigating internal theft, credit fraud, mail fraud, and supplier / vendor diversion as well as performing loss prevention functions for Neiman Marcus outlet stores. Prior to moving into the corporate world he worked as an Adult Probation Officer for the State of Texas and he also served seven years in the United States Navy. Rod has a BS in Criminal Science and a Masters in Professional Development. Rod has been involved with the International Cargo Security Council (served as the Retail Chair while at Blockbuster), National Retail Federation, National Safety Council, American Society of Safety Engineers and the American Society of Industrial Security. He also helped to co-found the Alliance Security Group (a group of dedicated loss prevention and law enforcement professionals in North Fort Worth. Rod has written and produced one book (A Manager's Guide to Workplace Violence Prevention) and several articles for professional periodicals. Rod is also a graduate and alumni of the FBI Citizens Academy. He has been married since 1984 and has two daughters. Rod has attended Oklahoma Baptist University, National University and Amberton University.
2:45-3:45 pm - Mike Ray - Regional Response System Coordinator, Oklahoma Office of Homeland Security
Presentation: Oklahoma Regional Response System
Michael Ray finished up the event, speaking on the subject of regional response units, including technical rescue, decontamination, foreign animal disease decontamination, and CBRNE (Chemical, Biological, Radiological, Nuclear, and Enhanced explosives threats).
Bio: Mike began his career in firefighting in Louisville, KY before joining the Tinker AFB Fire Department where he advance through the ranks, progressing from Firefighter, Driver, Captain then to upper management as Shift Commander and Chief of Training before retiring as Director of Special Operations. During his 25 year career at Tinker, he was a member of the AF Inspector General's office as an Evaluator and Coordinator for Disaster Training Exercises. Mike worked for Oklahoma State University Fire Service Training where he taught Hazardous Material Technician courses. Mike is a nationally registered EMT and EMS Instructor for Oklahoma State. Mike has a Bachelors degree in Human Resource Management from Southern Nazarene University. He did post-graduate work at Langston University. He has also completed numerous Fire Science-related courses from OSU. Mike currently works for the Oklahoma Office of Homeland Security Office at the Regional Response Coordinator. He is responsible for overseeing 107 Regional Response Units that range from different disciplines to include CBRNE, RESCUE, Decontamination, Bomb Squads, Emergency Medical and Agriculture Units.
3:45-4:00pm Closing Comments and Adjournment
On June 2nd, our meeting was held in OKC at the Symposium Conference Room of the Presbyterian Health Foundation (PHF) Conference Center; and was broadcast via video conference to our Satellite Organizations at OSU Tulsa and to our newest Satellite at Western Oklahoma State College in Altus. The presentation addressed "Commercial Facilities Protection Efforts", which is 1 of the 18 Critical Infrastructure and Key Resource (CI/KR) sectors established by the U.S. Department of Homeland Security (DHS).
Ken Ontko opened the Meeting and introduced the speaker
Our speaker was Mr. Glenn Moore, who is the United States Department of Homeland Security's (DHS) Protective Security Advisor for the Oklahoma district and has been serving in this role since 2005. Glenn represents US DHS in Oklahoma, serving as a liaison and fostering cooperation between DHS, the private sector and federal, state, local and tribal entities in coordinating the efforts to reduce the risk to our critical infrastructures and key resources posed by acts of terrorism, as well as enable national preparedness, timely response and rapid recovery in the event of an attack, natural disaster or other emergency.
Our May 19th meeting was held at the Skirvin before the kick-off of FishNet Security's Oklahoma City Enterprise Security Solutions Summit. There was a brief and informal membership meeting, together with the Information Systems Security Association (ISSA) OKC chapter.
The ES3 agenda is shown below:
9:30 - 10:00 AM: Breakout Session 1
Compliance Track: Data Attack Anatomy - Stopping Bad Guys / Satisfying Auditors with Pragmatic Database Security
Efficiency Track: Network Operating Systems & Central Management
Risk Track: Security in a Virtualized World
10:15 - 10:45 AM: Breakout Session 2
Compliance Track: Staying the Course in a Sea of Change
Efficiency Track: Anytime, Anywhere, Consistency, Efficiency, Accuracy - A Moving Target
Risk Track: Anatomy of a Breach: Hydraq Highlights)
11:00 - 11:30 AM: Breakout Session 3
Compliance Track: The New Thinking on Security and Compliance
Efficiency Track: Riverbed WAN Optimization Solutions
Risk Track: Increasing Operational Efficiency While Reducing IT Costs
1:00 - 1:30 PM: Breakout Session 4
Compliance Track: Shared Administrative and Embedded Application Passwords - How to Secure, Effectively Manage, and Meet Compliance Requirements
Efficiency Track: Palo Alto Enterprise 2.0 & Network Security - Regain Control of your Network & Safely Enable E2.0 Applications
Risk Track: CheckPoint;
1:45 - 2:15 PM: Breakout Session 5
Compliance Track: FishNet Security
Efficiency Track: FishNet Security
Risk Track: FishNet Security / Emerging Threats
2:15 - 2:45 PM: Sponsor Exhibits Open
2:45 - 4:00 PM: C-Level Industry Panel (Keynote)
Our April 27th meeting was a joint meeting with the Industrial Security Awareness Council (ISAC) of Oklahoma and was co-sponsored by Rose State College, the Oklahoma Small Business Development Center and by Hobby Lobby.
This was a Security Awareness Conference focusing on the Defense Industrial Base. The presentations included:
Too bad, if you missed this one, because every speaker was outstanding and kept us on the edge of our seats throughout the day. Below are some candid photos from each presentation.
Kevin ailes on Intellectual Property Protection…
Brett Kingstone on Economic Espionage…
Ken Ontko introducing Rick Dakin from Coalfire Systems and Rick delivers on Regulatory Compliance updates…
Reza Safa covered the spectrum of differences between Muslim and Christian beliefs…
Dan McWhorter covered the "ins and outs" of Cyber Threats and Attacks with examples of each…
April 7th was our Annual meeting, during which we held nominations for and election of InfraGard Officers and Board members. Nominations Committee Chair, Joe Calvery, explained the nominations and voting processes. Having received no new nominations for Officers or Board members prior to the meeting, we asked for nominations from the floor. There being none, it was moved and seconded that we elect all candidates by acclamation. This motion carried and we now have a renewed slate of Officers and Board members for the 2010-2011 year.
|President Elect||George Lewellyn|
|Vice President||Marian Millican|
|IOMA FBI Coordinators|
|Special Agent Martha Justice|
|Special Agent Jimmy Looney (Tulsa)|
|IOMA Sector Chiefs and Deputies|
|Agriculture and Food||Dr. Leslie Cole, DVM|
|Banking and Finance||Elaine Dodd|
|Defense Industrial Base||Britt Morrison|
|Emergency Services||Dan Biby|
|Health Care and Public Health||Ed Kostiuk|
Following the elections, Lacey Callahan, Assistant Public Affairs Coordinator for the Oklahoma Office of Homeland Security, provided an overview of their "Red Dirt Ready" initiative, which is designed to help Oklahomans get prepared for any emergency.
Lacey Callahan presenting "Red Dirt Ready" campaign details to the OKC and Tulsa members and guests.
Following Ms. Callahan's presentation, Special Agent in Charge (SAC) of the Oklahoma FBI office, James Finch, made an impromptu presentation and awarded "certificates of appreciation" to the outgoing (and in this case returning) IOMA Officers.
Ken Ontko thanking Lacey for her presentation (left). SAC James Finch expressing his appreciation to the group (right).
SAC James Finch thanking Treasurer, John Schlichting (left) and Secretary, Delpha Goodman (right).
SAC James Finch thanking Vice President, George Lewellyn (left) and President, Ken Ontko (right).
We started the meeting with brief introductions of Officers and Board members present, followed by introductions of the members and guests present in OKC and Tulsa.
Our speaker was Mr. Mike Bower, Director of Emergency Management for Midwest City. Mr. Bower's presentation focused on the Emergency Response Guide and related activities. Mike has been Involved In Emergency Services for 37 years. He spent 31 Years as a firefighter serving as Midwest City Fire Chief for 16 years, before retiring in 2004. Since retirement, he has served as Director of Emergency Management for Midwest City and serves on several emergency management and homeland security committees. He is the past chairman of the Central Oklahoma UASI (Urban Area Security Initiative), Region 8 Homeland Security Council, Governors Committee on Interoperability, Vice Chair of Oklahoma County LEPC (Local Emergency Planning Committee), Vice Chair of Council on Fire Training, and Chairman of Oklahoma Emergency Management Training Committee.
Speaker, Mike Bower, presenting to OKC and Tulsa members and guests. Ken Ontko expressing IOMA's appreciation for Mike's presentation and for the Emergency Response Guides he provided to the group.
The meeting started with a brief introduction of Officers and Board members present, which was followed by introductions of the members present in OKC and Tulsa.
Following the introductions, a short summary of the IOMA Board Annual Planning meeting was discussed, including a review of the meeting schedule planned for the next 15 months.
|Wednesday, March 03, 2010||Chemical/Emergency Services|
|Wednesday, April 07, 2010||April General Membership Meeting and Election of Officers and Board Members|
|Tuesday, April 27, 2010||Defense Industrial Base Sector|
|Wednesday, May 19, 2010||Joint Meeting with ISSA -- HD Moore scheduled to present, among others|
|Wednesday, June 02, 2010||Commercial Facilities|
|Wednesday, July 14, 2010||Transportation & Chemical Sector|
|Wednesday, August 04, 2010||Health Care & Privacy|
|Wednesday, September 01, 2010||National Monuments & Icons|
|Wednesday, October 06, 2010||Cybersecurity Month|
|Wednesday, November 03, 2010||Nuclear Facility|
|Wednesday, December 01, 2010||Banking & Finance|
|Wednesday, January 05, 2011||Year in Review|
|Wednesday, February 02, 2011||Education|
|Wednesday, March 02, 2011||Agriculture & Food|
|Wednesday, April 06, 2011||Annual Membership Meeting|
The topic for our February monthly meeting was the "Critical Manufacturing" sector, one of the 18 Critical Infrastructure and Key Resource (CI/KR) sectors established by the U.S. Department of Homeland Security (DHS).
Our speaker was Josha D. Jordan, from the U.S. Department of Homeland Security (DHS) Office of Infrastructure Protection (IP) at DHS Headquarters in Washington, DC. Josha is in the newly formed Critical Manufacturing Sector-Specific Agency, where he serves as the main contact for intergovernmental programs within the sector.
He is responsible for coordinating sector site visits to Manufacturing partners, identifying information and assets within the sector for the DHS Critical Foreign Dependencies Initiative, Tiering of Level 1 and 2 Critical Manufacturing Sector facilities, and infrastructure information as it relates to sector taxonomy. Mr. Jordan also serves as the sector Protective Security Advisor liaison for vulnerability and risk assessments throughout the country.
Josha provided an introduction to the Critical Infrastructure/Key Resource (CI/KR) sectors, which was followed by a Critical Manufacturing sector specific presentation.
Josha Jordan presenting overview of the 18 Critical Infrastructure and Key Resource (CI/KR) sectors.
OKC InfraGard members during the February monthly meeting.
Josha Jordan taking questions after his presentation.
The topics for our January monthly meeting included a FBI Counterintelligence Presentation and a Review of Our 2009 Activities -- followed by a Discussion of Planned activities for 2010.
Our speaker was Supervisory Special Agent, Trey Resolute, the new supervisor of the Oklahoma City FBI Field Intelligence Group, Trey reviewed a series counterintelligence activities and several case histories.
Afterwards, Special Agent Martha Justice (our FBI InfraGard Coordinator) and Ken Ontko, IOMA Chapter President, provided an overview 2009 InfraGard activities and lead a discussion of future considerations for 2010.
This was followed by a request for comments and suggestions from the members present for ideas about future meetings, in preparation for our annual InfraGard Board planning session on scheduled for January 27th.
Special Agent Martha Justice, IOMA FBI Coordinator and Ken Ontko, Chapter President, reviewing 2009 events and activities.
Special Agent Trey Resolute, FBI Supervisor, Field Intelligence Group, reviewing counterintelligence activities -- our Tulsa Satellite organization connected via OneNet's video conferencing facilities can be seen in the screen on the left.
IOMA members listening during the review of 2009 chapter activities, from the Symposium Room of the Presbyterian Health Foundation Conference Center.
Our December meeting was held at the new Presbyterian Health Foundation (PHF) location, at 655 Research Parkway, Oklahoma City, OK 73104, which is on Lincoln Boulevard between 10th and 8th Street. The PHF Conference Center is located on the first floor of the 655 Research Parkway facility (shown below with a redX). Short-term parking (less than 2 hours) is available in various locations around the Research Park area and longer-term parking is available on the upper level(s) of the parking garage.
The meeting began by recognizing our newest sponsors who are enabling us to implement and enjoy our new meeting format and venues. We can now reach more members statewide during our regular monthly meetings.
We broadcast the meeting from the PHF Conference Center to our first Satellite Organization at OSU Tulsa, 700 N. Greenwood Ave., Tulsa, OK 74108. The OKC and Tulsa locations were linked courtesy of the Oklahoma State Regents for Higher Education through the use of OneNet's video conferencing system. This will be our venue for the next four months and we have at least two and possibly three more Satellite locations that have expressed an interest in participating so far.
These meeting venues and the ability to reach out to other locations in Oklahoma during our monthly meetings have been made possible by the following new Sponsors:
|Oklahoma State Regents for Higher Education and OneNet:||Platinum|
|Presbyterian Health Foundation:||Platinum|
|Oklahoma State University Tulsa:||Gold|
|Francis Tuttle Technology Center - Bruce Gray Center:||Gold|
Following a round of brief introductions of our members present in OKC and Tulsa, we proceeded to introduce our speaker and turned the meeting over to him to tell us all about flood controls in Oklahoma.
The Critical Infrastructure theme for December was "Dams" and this month's presentation focused on Oklahoma's Small Watershed Flood Control Program.
Our speaker was Mr. Robert W. Toole, CPESC, CAE, Conservation Programs Division Director, Oklahoma Conservation Commission. Mr. Toole has 10 years of experience with the Oklahoma Conservation Commission, during which he served six years as the Assistant Director of the Oklahoma Conservation Commission. Prior to returning to the Oklahoma Conservation Commission, Mr. Toole worked 14 years for the National Association of Conservation Districts as a Regional Representative for Member Services and then as a Director of Leadership Services. Mr. Toole is a native Oklahoman, born and raised in Mangum, in southwest Oklahoma; and he graduated from Oklahoma State University with a Bachelor of Science degree in Zoology.
Mr. Toole provided a thorough and educational view of the Small watershed Flood Control Program throughout Oklahoma and he fielded several questions from the audience.
Following his presentation, Mr. Toole was awarded with a letter of appreciation from the FBI and InfraGard signed by James Finch, Special Agent in Charge of the Oklahoma City FBI regional office.
There were a few general topics discussed related to planning for future meetings, including the topic for January 6, 2010, which will be the year in review (2009) and planning for meetings and conferences in 2010.
Below are a few photos taken by Dan Biby, past InfraGard President and current Sector Chief for the Emergency Services sector.
InfraGard chapter President Ken Ontko introducing guest speaker, Mr. Robert Toole, Conservation Programs Division Director, Oklahoma Conservation Commission.
Photo of PowerPoint slide on projection screen during presentation.
Photo of OKC venue during lunch.
Photo of the OSU Tulsa venue on the video conference screen during lunch.
Photo of award to guest speaker Mr. Robert Toole in appreciation for his presentation.
The Critical Infrastructure theme for November was "Water Resources"; and our guest speaker was Ms. Monty Elder from the Department of Environmental Quality.
Presentation Synopsis: 3.5 million people are served by public water supply systems in Oklahoma. Providing water, which supports the health of citizens and enables communities to provide fire protection, are critical functions of water treatment plants. Ms. Elder discussed the requirements for physical security at water treatment plants, along with the methods and processes for treatment of water, prior to delivery as a barrier to dispersal of agents.
Bio: Ms. Elder worked in the field of chemical safety, preparedness, planning and response for over 18 years. She is currently the Chair of the Oklahoma Hazardous Materials Emergency Response Commission, coordinating the efforts of state agencies, industry and first responders to plan for response to chemical incidents in Oklahoma. She directs the emergency planning, training and exercising for all 77 Local Emergency Planning Committees in Oklahoma. Ms. Elder is also the emergency response coordinator for the Oklahoma Department of Environmental Quality. In that position, she directs the Department's response to chemical accidents which impact public health and the environment. Her experience includes development of training materials for first responders, review of site security at chemical facilities, management of toxic chemical information, development of policy for remediation of chemical spills and preparation of county chemical hazard analysis. Ms. Elder also has wide experience with public outreach and risk communication involving hazardous chemicals. She served from 2003 through 2006 as the DEQ media spokesperson. Ms. Elder kept Oklahoma citizens informed about the impacts of hazardous chemicals in the community. She developed the risk communication strategy for the Department. During her service to DEQ, she has facilitated hundreds of public meetings covering a broad range of controversial issues surrounding hazardous chemicals including Superfund site clean-ups and chemical facility permitting. She has authored several professional articles on the process of public involvement and risk communication.
October is National Cyber Security Awareness Month
Brian Tillett Enterprise Security Strategy View 2010+: An overview of the Internet Security Threat Report and Symantec's Global Footprint to develop an Information Centric and Risk Based Security Strategy. Focus will be on where the worst case security threats exist and how to filter down to the right tools to address those areas.
Mr. Tillett, Symantec National Security Strategist, joined Symantec in early 2008 as a Public Sector Security SE Specialist. Prior to Symantec, he was the Federal Systems Engineer for Vericept Corporatio; becoming well versed in the Data Loss Prevention product space. He spent 5 years with SecureLogix Corporation, as a Systems Engineer and Federal Technical Director for their suite of voice security products. Brian's career began in the USAF, including assignment to the AF Pentagon Communications Agency, working for HQ USAF, Joint Chiefs of Staff, Ballistic Missile Defense Organization, and Office of Secretary of Defense; and continues to maintain a DoD Top Secret Clearance.
Kevin Turner -- Security in a Virtualized World:
Virtualization is taking the computer industry by storm (again). What is it and what can it do for you? If it was so great, why did it go out of style the first time? What can it do TO you and your environment? Learn the truths about virtualization, the virtual layer, and what it takes to secure your virtual environment.
Mr. Tuner is the Information Technology Manager for American Bank Systems, Inc., with primary duties related to managing the technology infrastructure. He has been an infrastructure technology architect for the last six years, with fifteen years of industry experience. His education background includes more than a dozen IT related certifications from Microsoft, Cisco, (ISC)2, ISACA, EC-Council, and CompTIA. He is a member of the Information Systems Audit and Control Association, a board member of InfraGard Oklahoma Members Alliance, and President of the OKC chapter of the Information Systems Security Association.
Tim Elrod -- Fuzzing FTW: In today's world security researchers use many tools to discover security vulnerabilities—everything from static analysis of disassembled code to Arbitrary Use cases that look for logic flaws. One of the more popular ways to find security vulnerabilities is by the use of a fuzzer. In this talk we will discuss what a fuzzer is and more importantly what a fuzzer is not. How to employee fuzzers to find security vulnerabilities and what advances have been made in fuzzer technology.
Tim "ri0t" Elrod, Founder, Ri0tnet Security; Mr. Elrod has been an Information security professional for over 7 years but his passion for information security began when he first attached a 300 baud modem to a Commodore 64 and began this wild ride. He is the founder of Ri0tnet Security an independent research company that focuses on vulnerability discovery, penetration testing, and reverse engineering. He is also a member of the Bastard Labs Vulnerability Research Team as well as the OKC2600 and a regular speaker at the DC405. He has found and exploited vulnerabilities in most major network operating systems including AIX, HPUX, Tru64, Linux, and Microsoft Windows as well as many enterprise software packages. Mr. Elrod is an open source advocate and a contributor to the Open Source Vulnerability Database and the Metasploit Exploitation Framework as well as many other open source projects. He was co creator of the DISE port scanner, as well as many other open source hacking tools.
Sean Satterlee -- WIFI Insecurities: "Open WiFi? Don't be THAT stupid. The dangers of using open WiFi and threat mitigation in the event you can't avoid it."
Sean (0hm) Satterlee, DC405, okc2600, Vegas 2.0… Mr. Satterlee is an Open Source Vulnerability Database (OSVDB) contributor, Founding Member of the developer group DC405 focusing on creating software and web applications, Producer of Security Binge, Organizer for EFF Summit @ DEFCON, Panelist/Instructor for ISSA-OKC, and Information Security Professional in the OKC area.
Jayson E. Street -- Stratagems of Social Engineering: Practicing the Art of Deception
Mr. Street has created and conducted security awareness training for a major Internet bank and has created security policies and procedures currently used by several companies. He has also created and taught a three day training course on Intrusion Detection Systems for an undisclosed government agency in Washington D.C. He has consulted with the FBI on attempted network breaches which resulted in the capture and successful prosecution of the criminals involved. In 2007 he consulted with the Secret Service on the WI-FI security posture at the White House. He has also spoken at several colleges and organizations on a variety of Information Security subjects. He has been interviewed by Forbes and Scientific American regarding research on the issue of cyber-warfare as it relates to China and their preparedness for an online war. He was an expert witness in two cases involving the RIAA, the declaration was on Slashdot and other websites. Mr. Street is on the SANS GIAC Advisory Board; a current member on the board of directors for the Oklahoma "InfraGard"; a member of the "OSVDB"; an officer for the Oklahoma City ISSA; a longtime member of the "SNOsoft" research team. He has not only adapted to new and emerging technology, but has learned quickly to integrate security technologies into an existing infrastructure.
Nathan Keltner -- Review of a Data Breach: The Heartland Payment Systems Breach 10 Months Later:
What we now know, and what we can learn to ensure security of high priority targets. In this presentation, we will walk through the history of the breach, the arrests, the anatomy of the hack, and the defenses we should all have in place.
Mr. Keltner has more than five years of experience conducting vulnerability assessments, penetration tests, Web application assessments, IT audits, PCI readiness and remediation assessments, and exploit development on the Windows platform. Leading engagements for Grant Thornton out of the Tulsa, OK office, his primary responsibilities relate to understanding risks associated with external and internal attackers. He is familiar with various offensive and defensive strategies related to network security, and frequently speaks on such topics to local and international organizations.
Rick Dakin -- Coalfire Systems, Inc.:
A Review of the Common Compliance Strategies Related to Emerging Data Privacy Laws in the Critical Infrastructure Sectors As President and Senior Security Strategist, Dakin provides strategic management IT security program guidance for Coalfire and its clients. As Coalfire's Senior Security Strategist, he is actively involved in helping clients develop balanced approaches for effective IT governance and regulatory compliance programs. Mr. Dakin's experience results from more than 25 years in senior management with leading IT firms.
Mr. Dakin combines an in-depth knowledge of IT controls with a comprehensive understanding of organizational needs and the rapidly emerging legislation affecting information technology. He is recognized nationally as a leader in IT risk management and information security solutions for regulated market sectors. He presents regularly to regional and national audiences on IT security solutions meeting privacy and confidentiality requirements for legislation covering financial services, healthcare, government and public corporations. Mr. Dakin currently serves as President of the FBI's InfraGard program, Denver chapter, and he is a member of a committee hosted by the U.S. Secret Service and organized by the Joint Council on Information Age Crime. He is a graduate of the U.S. Military Academy at West Point, and he received an M.B.A from the University of Oklahoma.
Our Critical Infrastructure theme for September was the Postal and Shipping sector. our guest speakers for September were Mr. Paul Boyd and Mr. Charlie Thigpen, both of whom are Postal Inspectors. They represented the Postal and Shipping Critical Infrastructure sector, as they discussed topics related to mail fraud, business capabilities, white powder mailings and other important issues related to this sector. This was an excellent opportunity to hear first hand about what happens behind the scenes within the Postal Service.
Focus: Defense Industrial Base Sector
The meeting opened with some announcements and discussions.
Tom Boyd is the Northrop Grumman Site Security Lead at Tinker Air Force Base (TAFB) in Oklahoma. Tom has a 23 year career in DoD Security; including priority resources protection, as well as physical, personnel, information, industrial, computer and special programs security disciplines.
Tinker AFB: Mission Overview Briefing (Unclassified).
Tinker AFB facilitates the defensive posture of the United States as the largest intermediate jet maintenance facility in the world and as host to the Oklahoma City Air Logistics Center (OC-ALC); the largest of three in use by the USAF today. Over 28 thousand active, retired, and civil service employees support the heavy maintenance functions of the B-1, B-52, KC-135, KC-10, E-3, and E-6 aircraft in a facility comprising 5020 acres, 732 buildings, and 15.5 million square feet of indoor and ramp space. This environment leverages shared location and defense missions to maximize resources and minimize costs while supporting the operational missions of the USAF, USN, and several DoD agencies. Further, Tinker AFB supports over 40 thousand retirees who rely upon its base services; including medical, commissary, and recreation.
Tinker AFB incorporates the missions and responsibilities of several organizations.
Question: What is the likelihood of Tinker AFB closure?
Answer: There were five Air Logistics Centers; there are now three. Tinker AFB has acquired additional workloads and missions from other installations that have been closed or realigned from previous BRAC initiatives, bolstering its contributions to national defense.
Question: Who are eligible recipients for DRMS (Defense Reutilization and Marketing Service)?
Answer: DoD Service components, Federal, State and local Govt., Non profits and individuals at public auction.
Question: What role does Northrop Grumman play at Tinker AFB?
Answer: Northrop Grumman provides software development, software maintenance, hardware sustainment and Performance Based Logistics support for the B-2A Spirit, Stealth Bomber.
The meeting closed with a discussion of IOMA Sector Chiefs.
Our July quarterly conference on Physical Security was very successful, even though we were competing with the July 4th Holiday and other local events. Congratulations to our conference planning team for a job well done; and to our two speakers for delivering exceptional presentations. Following opening comments by George Lewellyn, IOMA Vice President, Glenn Moore, Protective Security Advisor for the Oklahoma District, U.S. Department of Homeland Security, presented information about a DHS tool designed to help critical infrastructure owners to manage their risk. We then proceeded with the primary programs.
Presentation #1: New Mexico Tech's "Prevention and Response to Suicide Bombing Incidents" (PRSBI)
A Homeland Security sanctioned course presented by John Clark of New Mexico Tech. This 4 hour course is CLEET accredited and provided participants with 4 hours CLEET credit. It addressed both the prevention of and response to suicide bombers; involving 9 steps from intelligence up to and including deadly force.
It was a powerful and direct presentation with serious instruction to deal with the "Not If, but When" of how to protect our school children and the public. There was a short pre-test and post-test administered to assess disseminated knowledge. This presentation was a FOUO(For Official Use Only) with no media or taping without New Mexico Tech and FBI permission. A book was provided as part of the instruction. The New Mexico Tech Web site provides additional information at http://www.emrtc.nmt.edu/training/prsbi.php
Presentation #2: "Courthouse Security"
This Homeland Security course was presented by Gary Berryhill of the U.S. Marshals Service. The 4 hour course was open only to InfraGard members, Law Enforcement and qualified First Responders as a CLEET accredited sanctioned event. Gary addressed physical courthouse security with respect to handling different incident scenarios; appropriately adapted for this event to include all law enforcement and to address the nation's critical infrastructures.
John has an Associate Degree in Police Science, Bachelor's in Criminal Justice, and is working on a Master's in Emergency Management. He was with Oklahoma City for 30 years. Culminating 27 years as an Oklahoma City Police officer, John retired a Lieutenant working out of the Chief's office as the Emergency Planner where he was the primary trainer and facilitator of the OCPD Emergency Response Team (ERT). Shortly thereafter, he accepted the Director of Emergency Management for Oklahoma City role where his duties included WMD coordinator and counterterrorism officer.
John has served as an adjunct instructor at LSU, University of Arkansas, OSU, and New Mexico Tech. He graduated from the FBI National Academy (161st session). John is now a Lead Instructor at New Mexico Tech and currently teaches two Homeland Security courses; one of which is the Prevention and Response to Suicide Bombing Incidents. John is married and has 5 children and his eleventh grandchild is due in September.
Gary is a Senior Inspector with the United States Marshals Service, Western District of Oklahoma, and serves as the district's Judicial Security Inspector. In that role, he is responsible for the security and protection of the federal judiciary, while on and off the bench. He oversees all off-site protection details for the judiciary and coordinates physical and electronic security measures at the federal courthouses in Oklahoma City and Lawton. Gary is often called upon to conduct residential security surveys for the district judiciary, as well as other federal, state, and local government buildings. In 2005, he was asked to assess the security measures of the Oklahoma State Capitol Building.
Inspector Berryhill has served as the supervisor of the United States Marshals' General Operations Section, which is responsible for courtroom security, prisoner housing and movement in the Oklahoma City Federal Courthouse, as well as all prisoner movement involving the Western District of Oklahoma. A native of Duncan, Oklahoma, Mr. Berryhill served with the Duncan Police Department for 8 years, both as an officer and investigator. He joined the United States Marshals Service in 1990 and holds a Criminal Justice Degree from Cameron University.
Focus: Emergency Services Sector
Following opening remarks and a round of short introductions from those present at the start of the meeting, there were a few comments and brief discussions with members. We then began the program, which followed a Panel Discussion and Question and Answer format.
Dan Biby (IOMA Emergency Services Sector Chief) President, Biby Associates
Mark Gower (IOMA Board) CISO, Oklahoma Department of Human Services
Kevin Turner (IOMA Board) IT Manager, American Bank Systems
Ken Ontko (IOMA President) ISO, Oklahoma Office of State Finance
Moderator: SA Martha Justice, FBI
Keeping Your Business in Business: How to Apply Best Practices for Business Sustainability
Businesses must deal with many challenges in order to remain viable in the current economic, social and physical climate. Furthermore, the dynamics of this environment require one to work diligently and continuously to understand and mitigate risk. Whether the threat is a tornado, power outage or a perpetrated act, organizations must stand ready with well-defined and rehearsed plans to protect their mission critical resources.
A primary goal of the Emergency Services Sector (ESS) is to facilitate the linking of first-responder disciplines; including emergency management, emergency medical services, fire, hazardous material, law enforcement, bomb squads, tactical operations/special weapons assault teams, and search and rescue. The ESS seeks to support the first-responder community by serving as a platform for information sharing and interdisciplinary cooperation as they work to protect the lives, safety and security of Oklahomans and the nation with trained and tested personnel, plans, redundant systems, agreements and pacts.
Businesses, especially those serving as critical infrastructure owners, also play an integral role in protecting the lives, safety and security of Oklahomans and the nation. It is therefore equally important for them to have trained and tested personnel, plans, redundant systems, agreements and pacts supporting a Business Continuity Program.
Historically, business continuity programs were preceded by disaster recovery and business continuity plans. The term disaster recovery plan is now considered archaic in that it implies a focus on response and recovery mechanisms. On the other hand, a business continuity plan consists of documents and protocols that emphasize not only event recovery but preparedness and mitigation as well. The idea of a business continuity program builds upon both constructs as it represents an enterprise-wide, long-term program designed to sustain an organization by protecting its mission-critical resources; including people, information, systems and processes.
A business continuity program must deal with physical, technological, personnel and procedural concerns. Its plans should be reviewed and rehearsed regularly to maintain efficacy and currency. In this way the program can be adapted to address risks brought about by changes in the economic, social and physical environment. For example, a weakened economy may contribute to failures of key business partners, Internet connectivity may increase the risk of cyber espionage, or a new highway bridge may be located adjacent to a critical infrastructure.
The methodology of business continuity programs includes training, recovery and mitigation. Training involves walking personnel through defined response protocols, such as employee evacuation drills and IT viral infection drills. Drills serve to reinforce important concepts and processes. For example, it is imperative for staff to know the designated congregation areas and proper methods for checking in so as to avoid unnecessary rescue operations in the event of an evacuation.
Recovery involves response mechanisms designed to curtail the "hemorrhaging"; getting the people, systems and processes back online as soon as possible. The mechanisms may include the use of redundant systems and sites as well as joint support agreements with other organizations that guarantee the resources necessary for a successful recovery.
Mitigation endeavors to eliminate or reduce the propensity for an event to occur in the first place. To be successful, one must take into account and prioritize geographic and industry considerations. This will involve a Risk Assessment to identify the threats to and vulnerabilities of the organization. It will also include a Business Impact Analysis to determine both the impact and probability of various threats upon the operations of the business. This information may be based upon interviews and statistical analysis. In Oklahoma, organizations must consider the potential physical, financial and psychological impact of tornados, virulent diseases, shooters and cyber events upon their business and employees.
Question: What is the difference between a cold, warm and hot site?
Answer: A cold site is a backup processing facility that provides a basic operational environment, such as power and utilities, but lacks the systems and networks necessary for processing. A warm site is a backup processing facility that provides a basic operational environment along with limited systems and networking in standby. A hot site is a backup processing facility designed to provide a fully operational environment similar to the normal operating environment within a few hours.
Question: How can one prevent staff from experiencing "Chicken Little Fatigue?"
Answer: Chicken Little Fatigue refers to the loss of focus resulting from overexposure to an issue or concern. This may cause people to respond inappropriately or be distracted by inconsequential information. One may circumvent this process by monitoring the "grapevine" for rumors and filtering inaccurate information. One may also launch a communication and education initiative that cites factual information from credible sources and gives employees the tools to access such sources. For example, questions about the 2009 A-H1N1 "swine flu" influenza virus could be directed to the Health Department Web site.
Question: Is there a Business Continuity Program solution that is cheap, fast and good?
Answer: One can have any two of these characteristics but must necessarily sacrifice the third. In other words, if a solution is cheap and fast, it will not be good. If the solution is cheap and good, it will not be fast. If it is fast and good, it will not be cheap. Unfortunately there are no silver bullets; no one vendor. Although business continuity and disaster recovery software may be useful, one must understand that many are primarily inventory keepers with rudimentary risk measurement tools, forms, templates and spreadsheets. Remember the adage, "Garbage In, Garbage Out." One must commit the time and resources to do it well.
A Business Continuity Program is a process, a living document that must be reviewed and updated regularly to reflect and incorporate changes in the business environment. A plan on paper is worthless on its own. It must be backed by a Business Impact Analysis and appropriate testing. This requires a clear understanding of critical business functions and processes, information technology processes, human capital, and one's business partners. For example, a supplier or vendor's weakness represents risk to an organization.
One must also consider intellectual capital. Technology and plans are important but one must have people with the necessary knowledge and skills. Identify backups for critical functions, recognize and resolve deficiencies introduced by exiting and retiring employees, and ensure the safety of all staff. Provide educational and safety materials. Identify education resources and organizations such as the FEMA Citizens Corps; a volunteer organization with emergency response training. Establish and rehearse appropriate event response procedures that create a safer working environment, such as shutting off the power and gas in the event of an evacuation or tornado. Provide personal preparedness kits and safety centers appropriate for a particular environment, such as eye wash centers in chemical usage areas.
Avoid treating a Business Continuity Program as an Information Technology disaster recovery project. Do not assign it to competing functions such as Information Technology and Security. The business leaders must own, be committed to, and fund the process. The focus should be on operational issues with the understanding that this is what will keep their numbers up.
Establish service level agreement (SLA) goals, tied to money, that cover different levels of recovery. Use sales and marketing techniques to communicate needs to management. Justify recommendations with numbers; how much liability, profit loss and risk is the business willing to accept? For example, one may support the purchase of a generator in terms of maintaining the ability to operate in the event of a power outage. A business may also identify employees who have resources which may be useful in an event response scenario, such as four wheel drive and recreational vehicles. Compensation may be given in exchange for volunteering such resources in the event of an emergency.
Finally, a business continuity program is worthless if its plans and procedures can not be accessed. Avoid situations that could deny access to plans, such as a power outage that takes down the business continuity server. Maintain a secure method of distributing such plans to individuals with a need to know.