Moderator: Paul M. Joyal, Managing Director, Public Safety and Homeland Security Practice, National Strategies, Inc.

A combined and coordinated cyber and military engagement between two sovereign countries is now a reality. The five day war between Russia and Georgia showed how non-governmental and criminal organizations were used to launch a coordinated attack in the months prior to and during the actual conflict.

This session will discuss the origins of the Russian Information Warfare doctrine as developed within the Russian General staff. It will compare and contrast the cyber attacks in Estonia to the sophistication and coordination of the attacks against the Georgian infrastructure as a prelude to war. Details on how the global use of private and criminal structures was used to avoid detection and as attempt to provide deniability to the Russian government’s military and intelligence community. The steps being taken to protect against future attacks will also be outlined.

Mr. Joyal, with over 10 years as a security advisor to Georgia and a Russian intelligence expert, will be joined by a representative of the Georgian government and an senior analyst of the cyber attacks conducted against Georgia.

Regional police departments, county sheriffsV departments, and state police totaling more than 240 agencies in Washington, Oregon, and Alaska all share information today through a law enforcement records management system. The FBI and Naval Criminal Investigative Service (NCIS) are also connected to that system, which is sharing information with the Department of Justice, law enforcement agencies, and the individual states' jail records management system. There is no easy way to track down potential terrorists. One department may hold a key piece of information that another agency needs to make a critical connection. Often, seemingly insignificant facts may combine to provide a clear implication. Identifying potential terrorists is a cross-jurisdictional effort. Combining information from multiple sources is the key. This session will discuss several case study examples of local, state, and federal projects underway designed to track down terrorists and better protect our national security.

What You Will Learn:

• About local, state, and federal information-sharing initiatives in place today, designed for counterterrorism
  
  
• The types of technologies used in these case study examples and how they help in counterterrorism efforts
  
  
• How the technology within these case study examples can be used within your agency
  
  

In the post 9-11 era, the United States has been actively training its first responder community in preparation for response to a possible terrorist attack on our soil. We have spent billions of dollars to train and equip our responders. But are they ready? Have they trained together, or are they unaware of the capabilities of their counterparts from different response disciplines? This course will present a case for cross-training our first responders to meet the many challenges of a terrorist attack. Most of the responder communities are well versed in their own field, but in a real world scenario they will be expected to cross traditional responder roles. These responders need the skill sets to recognize different attack scenarios and indicators and to possess a basic understanding of the equipment in use by other first responders. Cross-training can enhance the level of respect and confidence in those with whom we will be serving. Training across these traditional boundaries can serve to improve the safety of the responders as well as those they protect.

What You Will Learn:

• Benefits of your agency cross-training with other responder agencies
  
  
• Specific areas where cross-training will be most beneficial to your agency
  
  
• NIMS training compliance for your agency
  
  

The threat of terrorist action targeting U.S, water supplies is often overlooked for the more historically obvious threats of a chemical/biological air attack or a dirty bomb. Studies have shown that an attack on water is simple to orchestrate, inexpensive, and can result in mass casualties. The modes of potential attack via this route are not always obvious and are impossible to guard against using physical means alone. Systems have been developed to monitor water supplies that utilize event detection software coupled with common analytical techniques as an early warning system. A CRADA between Hach Homeland Security Technologies and the U.S. Army Corps of Engineers has allowed for the deployment of these systems at a number of sites throughout the U.S. and their incorporation into detection/response networks. This session will focus on the threat to water, description of event detection technology, results of the evaluation, and development of CONOPS.

What You Will Learn:

• About the natural and man-made threats posed to U.S. water supplies and the ease of attack
  
  
• How a disruption in water service could impact other critical, interdependent sectors in the community
  
  
• About the nationwide implementation of event-detection technology used by the U.S. Army Corps of Engineers
  

In the not-so-distant past the domain of critical infrastructure protection focused almost exclusively on the physical protection of critical assets. Those days are now gone, and almost everyone recognizes the need to consider cyber security a critical component to ensuring that a nation's or an organization's critical assets can remain productive. Unfortunately, while recognizing both as important, many organizations still manage cyber and physical security separately, leading to significant inefficiencies in the deployment of limited security resources. This session argues the need to consider physical and cyber security together as part of a unified security strategy for managing security risks to critical infrastructure. Featured will be a potential path for developing a unified security strategy to support the effective and efficient deployment of security resources.

What You Will Learn:

• The connection between cyber and physical security
  
  
• An appreciation for security challenges to critical infrastructures
  
  
• A unified approach to managing physical and cyber security risks
  

Commonly accepted software security engineering principles that have been published and employed for approximately 30 years are not often seen in an important class of application software today. That class of software is commonly referred to as "control system software" or "supervisory control and data acquisition" (SCADA) software. This circumstance is driven by evolution and not intention. This session examines the topic of security in industrial control systems within the critical infrastructure, including the critical nature of such systems, published exploits, and points of vulnerability.

What You Will Learn:

• What industrial control systems are and what makes security for a control system different than for a traditional IT system
  
  
• Vulnerabilities and risk points for control systems
  

Securing critical infrastructure has become central to the overall risk management process for organizations as diverse as chemical plants to mass transit systems, seaports, financial service, and health care organizations. This panel looks at the requirements, key considerations, and best practices for ensuring a secure, safe, and reliable physical security information system for such organizations. Attendees will hear from industry experts as well as city planners on practical and real-life examples.

What You Will Learn:

• How to create a common operating picture across your critical infrastructure that allows for rapid situation awareness, management, and real-time resolution
  
  
• How to correlate data from multiple security devices and systems to automatically or manually resolve a situation
  
  
• About integrating multi-agency and multi-vendor video systems into one real-time view across a city
  

The National Emergency Communications Plan (NECP) is the nation's first strategic plan to improve emergency response communications. Developed by DHS in cooperation with over 150 public and private sector emergency communications officials, it’s designed to drive measurable and sustainable improvements over the next five years consistent with the: National Response Framework; National Incident Management System; National Preparedness Guidelines; and Target Capabilities List. NECP goals, along with these other department strategies, will improve nationwide response efforts and bolster situational awareness, information sharing, and command and control operations. Attendees will have the opportunity to learn about how the NECP impacts: Standards and Emerging Communication Technologies; System Life-cycle Planning; Coordinated Federal Activities; Emergency Responder Skills and Capabilities; and Disaster Communications Capabilities.

What You Will Learn:

• About DHS's nationwide vision for emergency communications interoperability in the next five years
  
  
• An update on progress made in NECP implementation at all levels of government and in the private sector
  
  
• Ways participants can contribute to NECP implementation, and how their partnerships with OEC will achieve the NECP’s vision
  

To respond to ever-increasing safety and security demands without a proportionate increase in resources, the Phoenix Police Department developed and expanded its expertise in evaluating, analyzing, and improving strategic and tactical capabilities and performance. Through effective process development techniques and enhanced interdivision and interagency relationships, PPD regularly determines and meets the needs of the community. The PPD identifies and aligns its objectives, evaluates performance against those objectives, eliminates activities that don’t add value, reallocates existing human and nonhuman resources, and creates the capability to add services without a corresponding increase in resources. This analysis and action, coupled with solid connectivity among process components, creates the foundation for continual improvement and performance excellence.

What You Will Learn:

• Insights on the value of process and system connectivity
  
  
• About business techniques to enhance interoperability and information management
  
  
• How to define, measure, analyze, and improve safety and security performance

E-discovery is here to stay, imposing additional complexities and costs on organizations struggling to comply, as well as real opportunities to those who take steps to anticipate and get ahead of e-discovery issues. This session provides a common-sense understanding of what e-discovery is and why it matters to your organization. It will then guide you through the steps you can and should take to anticipate how e-discovery demands will impact your organization, and the policies and procedures you should implement to ensure you’re best positioned to respond effectively. Finally, practical guidance on how your organization can secure substantial advantages – in both litigation and cost savings – from your efforts to understand and address e-discovery issues before they arise.

What You Will Learn:

• What "e-discovery" is and how organizations should approach e-discovery issues
  
  
• How recent changes to court rules have altered how e-discovery is conducted and ESI collected and exchanged in litigation
  
  
• How your organization can anticipate e-discovery issues to achieve maximum cost-effectiveness and efficiency
  
  
• How to avoid common pitfalls in e-discovery which can result in costly penalties and defeat in the courtroom
  
  
• How e-discovery and information privacy and security relate to and reinforce each other – and why getting this right is so critical