Pacific Northwest Chapter Status Report For 2012

ORGANIZATION
Our chapter has grown significantly since the 2011 Annual Report, with a majority of members having less than one year tenure. We have instituted regular face-to-face chapter dinner meetings to facilitate collaboration and on-boarding of new members. These will gradually increase in frequency (from every two months) to become a regularly scheduled monthly chapter meeting.
Members:
Chiraag Aval, M.S.
Chuck Costarella
David Dittrich - Transferred from Global Chapter.
Barbara Endicott-Popovsky, Ph.D.
Dennis Charles Grant - New Chapter Lead
Franklin Jackson - New member
Eliot Lim - New Member
Stuart Maclean - New Member
Ashish Malviya
Julia Narvaez
Raymond Pompon - New Member
Alex Railean - New Member
Lucas Reber
Michael Schweiger
Christian Seifert, Ph.D.
Mike Simon - New Member
Due to employment commitments, Julia Narvaez transferred the Chapter Lead role to D.C. Grant.

DEPLOYMENTS
- Two "HonEeeBoxes" received from David Watson at the 2012 Annual Honeynet Project Security Workshop.
- "Public Regional Information Security Event Management" system (PRISEM) designed to offer early warning on malicious activity. PRISEM uses customized security and information event management (SIEM) equipment housed in the University of Washington's Applied Physics Lab.

RESEARCH AND DEVELOPMENT
- Developed startup scripts for an hpfeeds client service on Ubuntu Linux and contributed it to the Honeynet mailing list.
- Master's thesis research on "Hardening Honeynets Against Honeypot Aware Botnet Attacks". To increase deception by allowing botnet attacks to pass unmodified out of the attacked node and propagate the attack to other nodes within the Honeynet, while containing traffic within a distributed Honeynet.
- SPEAR Cloud (Security, Policy, Education and Advanced Research Cloud) is expected to be deployed between now and January 2013. This will be a chapter resource after initial testing with UW affiliated members. This is being constructed using donated hardware and institutional support from collaboration between the UW Center for Information Assurance and Cybersecurity and UW Bothell Computing and Software Systems.
- Master's thesis research on "Cloud based Analysis". To improve malware analysis through use cloud technologies for increased performance, accuracy, scalability, and flexibility.
- New research collaboration with the Computing Research Association to study malware samples.
- UW Center for Information Assurance and Cybersecurity Named Research Partner Cloud Security Alliance (CSA).
With the recent and rapid growth of the PNW chapter, we anticipate a large growth in research and deployments during 2013 and 2014. When new virtual environments come online in 2013, we expect to deploy several of the excellent systems developed by other chapters.

PAPERS, PRESENTATIONS AND COMMUNITY ENGAGEMENTS
- Chuck Costarella and Michael Schweiger presented at 2012 Annual Honeynet Project Security Workshop regarding PNW Chapter progress.
- David Dittrich blogged on the topic, "Thoughts on the Microsoft's 'Operation b71' (Zeus botnet civil legal action)" http://www.honeynet.org/node/830
- David Dittrich blogged on the topic, "FAQ on Kelihos.B/Hlux.B sinkholing" http://www.honeynet.org/node/836
- David Dittrich attended Annual meeting in the Bay Area and presented a brief talk on proposed elements of a "Code of Conduct" drafted with others interested in the topic.
- David Dittrich finalized a draft "Code of Conduct" with the Legal and Ethics Committee and Honeynet Project members' input from the Annual meeting. https://honeynet.org/codeofconduct
- David Dittrich presented a paper at LEET related to botnet takedown operations, entitled "So you want to take over a botnet..." https://www.usenix.org/conference/leet12/so-you-want-take-over-botnet
- David Dittrich began drafting a possible KYE paper on the subject of data sharing agreements, tentatively titled, "Know Your Enemy: Know Your Friends (... and how you share data with them)."
- Endicott-Popovsky, B and Horowitz, D. Unintended consequences: Digital evidence in our legal system. Reprinted with permission of IEEE Security and Privacy in The Washington State Bar News: The official publication of the Washington State Bar Association. Vol. 66, No.8. pp. 11-15, August 2012. (Cover story)
- Alva, A. and Endicott-Popovsky, B. (2012) Digital Evidence Education in Schools of Law. Journal on Digital Forensics, Security and Law. St. Paul, MN, 7(2).
- Endicott-Popovsky, B and Horowitz, D. Unintended consequences: Digital evidence in our legal system. IEEE Security and Privacy. March 2012.
- Padith, A. and Endicott-Popovsky, B. Fuzzy clustering-based anomaly detection for updating intrusion detection signature files. Journal of Information Assurance and Security, ISSN 1554-1010, Volume 6, pp. 462–468, 2011.
- Dupuis, M., Endicott-Popovsky, B., Wang, H., Subramaniam, I., Du, Y. Top-down mandates and the need for organizational governance, risk management, and compliance in China: A discussion. China-USA Business Review, 10(5), May, 2011, pp.319-335.
- Rudolph, C., Großkopf, L., Endicott-Popovsky, B., Kemmerich, T., Kuntze, N., Alva, A., Christiansen, J. (2012). "Sicherheit von Messgeräten und der Beweiswert digitaler Daten [Safety of measuring instruments and the probative value of digital data]." D-A-C-H Security 2012. Konstanz, Germany.
- Lysenko, V., Endicott-Popovsky, B. (2012). Hackers at the state service: Cyberwars against Estonia and Georgia. (2012) Proceedings of the 7th International Conference on Information Warfare and Security ICIW. Seattle, Washington. To appear.
- Malviya, A., Fink, G., Sego, L. and Endicott-Popovsky, B. (2011). Situational awareness as a measure of performance in cyber security collaborative work. Proceedings from the IEEE 8th International Conference on Information Technology: New Generation (ITNG). (pp. 937-942). Las Vegas, Nevada.
- Kuntze, N., Rudolph, C., Alva, A., Endicott-Popovsky, B., Christiansen, J., Kemmerich, T. (2012). On the creation of reliable digital evidence. In S. Shenoi. IFIP WG 11.09 (Eds.), Advances in Digital Evidence VIII, Heidelberg, Germany: Springer.
- Lysenko, V., Endicott-Popovsky, B., and Garrido M. (2012). Disruptive political use of ICTs in contentious politics: the between-cases analysis. In Solo, A. (ed.) Politics in the Information Age. Springer.
- Chung, S., Crompton, C., Endicott-Popovsky, B., Bai, Y. (2012). Analyses of the effects of new technology and security requirements on service-oriented software reengineering. In Wan, X. (ed.) IGI Global. Agile and Lean Service-Oriented Development: Foundations, Theory and Practice.
- Grant, D.C., Ritchie, C., and Chung, S.,(2012). A Modular Web Application for Virtual Machine Management. University of Washington Undergraduate Research Symposium.
- Curtsinger, C., Livshits, B., Zorn, B. and Seifert, C., Zozzle: Low-overhead Mostly Static JavaScript Malware Detection., USENIX Security Symposium, August 2011; 2011
- Kaplan, S., Livshits, B., Zorn, B., Seifert, C., and Curtsinger, C., "NOFUS: Automatically Detecting" String.fromCharCode(32) "ObFuSCateD ".toLowerCase() "JavaScript Code"., Microsoft Research Technical Report MSR-TR-2011-57, http://research.microsoft.com/en-us/um/people/livshits/papers/tr/nofus_tr.pdf; 2011
- Zhang, J., Stokes, J.W., Seifert, C., and Lee, W., ARROW: GenerAting SignatuRes to Detect DRive-By-DOWnloads. World Wide Web, Hyderabad, India; 2011
Panel Participation
- Endicott-Popovsy, B. (moderator), Jansen, A., Rogers, C., and Duranti, L. Digital Records Forensics—From Law Enforcement to RIM (2012). ARMA Canada Conference. Nanaimo, B.C.
- Endicott-Popovsy, B. (moderator), Blascovich, J., David, S., and Sabett, R. Security in Virtual Worlds: Can I trust your avatar? (2012). 5th Annual Federal Consortium on Virtual Worlds. National Defense University, Washington, D.C.
- Endicott-Popovsky, B. (moderator), Adler, J., Chase, M., Christiansen, J., Ferguson-Boucher, K., Frincke, D., Lazowska, E. Privacy in the cloud. (2011). iConference. Seattle, WA.
- Duranti, L., Jansen, A., Endicott-Popovsky, and Cohen, F. (2011). Methods to ensure authentic preservation of digital evidence, 9th Annual IFIP WG 11.9 Digital Forensics Conference. Orlando, Florida.
- D.C. Grant, (2012). Panel discussion on networking and organizational opportunities in technology. South Sound Technology Conference, Tacoma, WA.
Keynote addresses
- May 20, 2011 Challenges securing the smart grid: Lessons learned from cybersecurity. 6th International Symposium on Embedded Technology, Institute of Embedded Engineering of Korea, Jeju, Korea.
- February 15, 2011 Forensic readiness and the challenges of the cloud (w/ Kirsten Ferguson-Boucher). Association of Canadian Archivists@UBC 2011 International Symposium: The Law of Unintended Consequences, Vancouver, BC.
- February 15, 2011 Privacy in the Cloud: The unintended consequences. Intelligence Community Colloquium: Social Media: Emerging Issues of Open Information and National Security.
- February 11, 2011 Forensic readiness and the challenges of the cloud (w/ Kirsten Ferguson-Boucher).Association of Canadian Archivists@UBC 2011 International Symposium: The Law of Unintended Consequences, Vancouver, BC.
- June 3, 2011 Risk Assessment and Cloud Strategy Development (w/ Kirsten Ferguson-Boucher). Cloud Futures 2011: Advancing Research and Education with Cloud Computing, Microsoft, Redmond, WA.

MISC ACTIVITIES
- Chapter members are directly involved with the Collegiate Cyber Defense Competition and the United States Cyber Challenge.
- Several of chapter members are faculty, staff, students and/or guest lecturers at the University of Washington.
- D.C. Grant currently holds the office of Vice President in the Mt Rainier ISSA Chapter, and in the Mt Rainier ISACA Chapter.
- Dr. Endicott-Popovsky hosted the ICIW: 7th International Conference on Information Warfare and Security, Seattle March 2012.
- Dr. Endicott-Popovsky was named Full Member American Academy of Forensic Scientists: Digital & Multimedia Sciences Section.
- Dr. Endicott-Popovsky was selected for National Board of Information Security Examiners (NBISE) Smart Grid Cybersecurity Committee.
- David Dittrich formed a Honeynet Legal and Ethics Committee and started debating a "Code of Conduct."
- David Dittrich formed a writing group for a KYE on data sharing. An email list was set up on the internal server to facilitate co-writing.

GOALS
Our chapter's main goal for 2012 will be to integrate the new membership to become a more productive and efficient team. We are blessed to have a couple of very experienced original Honeynet members to help mentor to and guide the larger group: founding member and Chief Legal and Ethics Officer David Dittrich and founding member and Chief Executive Christian Seifert.

The SPEAR Cloud (Security, Policy, Education and Advanced Research Cloud) discussed briefly above will be also a major focus. This endeavor could potentially develop into a resource for many diverse Honeynet research projects in the long-term future.