The first day of the SARMA conference was absolutely mind blowing. The commute down from Olney to Arlington, however, was a challenge in itself. We woke up around 4:30 in the morning to beat the morning DC traffic and arrive at the conference in time for registration and breakfast. We actually ended up getting there a little early even after dealing with bad directions from a rouge Tom Tom GPS device.

As undergraduate students, it was an amazing opportunity to see the current problems and issues that the industry faces. The knowledgebase of the professionals that attended was rich from the years in their respected fields. The seven students representing Penn State’s SRA club were the only undergraduates at the conference. During the welcome speech, Edward J. Jopeck, SARMA’s president , recognized the the club for taking the initiative to attend the conference and formally introduce us to the SARMA members.

He briefly touched base on the importance of passing on the lessons learned and knowledgebase to future generations, so that new professionals would start where the more experienced security and risk professionals would stop. He essentially stressed the need for upcoming professionals to completely absorb the current knowledge of the industry before they enter the workforce. Hopefully this relationship between the SRA club and SARMA will continue to grow in the future years and also highlight the immense value of exchanging information between SRA students and their professional counterparts.

Regional Risk: A Coordinated Effort

Christopher Geldart, the Director of the Office of National Capital Region Coordination in FEMA, gave a plenary session shortly after the welcome speech about regional risk assessment, analysis, and mitigation in the national capital region (DC area). The office’s main focus is to promote the education of risk analysis to decision makers and also serve as a pilot program to eventually develop a regional risk analysis program that can be refined and altered to suit the individual needs of other regions in the US. The NCR worked in cooperation with strategic and regional leaders to determine their deepest concerns, and then use that information alongside with empirically based models, black boxes, analytical processes, historical data, and probabilities to create a scatter plot graph of likelihood (Y) versus consequences (X). Decision makers would then be able to use this graph to make informed decisions based on process’s mitigation options and recommendations. The Office of NCRC still has a lot of groundwork to cover in the successful development and implementation of this program.

Challenges for the Infrastructure Risk Analysis Community

The second plenary session was presented by Brandon Wales, Deputy Director of the Homeland Infrastructure Threat and Risk Analysis Center (HITRAC) from the DHS. He manages the day to day operations of a $150 million program to monitor and analyze the threats and risks posed to the Nation’s critical infrastructure and key resources by man-made and natural hazards. HITRAC has emerged as one of the leading providers of classified and unclassified, infrastructure-related threat and risk analysis to Federal, State and local authorities, and the private sector. Below is an overview map of the panel session.

Keynote Speaker

The Honorable Joel B Bagnal, the Deputy Assistant to the President for Homeland Security, gave a compelling overview of the Department of Homeland Security’s history since it stood up in 2002.

Cyber Warefare and Governments’ Awakening

Paul Kurtz, COO of Good Harbor, and recognized cyber security and homeland security expert, discussed the recent events in cyberspace that has led to an awakening in the government and gave way to a classified executive directive resulted in the creation to many programs to address the cyber security situation. This was my personal favorite technical session for the day. Paul Kurtz had a lot to say about the government’s plans on protecting the nation’s cyberspace, but he also kept the session informal enough to allow discussion between him and the attending SARMA members. One of the big debates in this session was the responsibility that the US government had to private industries when they had intelligence or information on a imminent or future cyber attack on company’s critical infrastructure asset that could result in the harm (physical or economic) to the company’ s customers. Paul cited the Pan Am Flight 103 incident in 1989. The US Government knew about the impending attacks, but chose to not disclosure the information so they would not undermine their sources or reveal their capabilities. Congress eventually enacted legislation to promote sharing relevant information about possible or ongoing attacks with private sector on an ad hoc basis. Below is an overview map of the panel session.

Risk Methods for Security and Intelligence Analysis

The speaker for the third and final technical session of the day never showed, so newly hired SRA Professor William McGill gave a back-up presentation on his Graduate dissertation entitled, “Risk Methods for Security and Intelligence Analysis.” Professor McGill developed an interface with sound mathematical underlying equations to make risk assessments that would easily be presentable to decision makers. I look forward to taking his SRA 311 class on risk management. He will actually be officially presenting a technical session on Thursday.

I apologize for not being able to live blog on the first day of this conference. It took a good portion of the morning to get internet access sorted out at George Mason University. Tomorrow I will be to post live updates throughout the day.

Also, you can find more information about the SARMA conference at Russ Beck’s blog and IST Building.

STAY TUNED FOR ONGOING COVERAGE OF THE SARMA CONFERENCE!

You can also follow my twitter account as well.