> What kind of interactions to we wish this workshop to > provoke/evoke/inspire? We wish the participants to focus on the problems inherent in responding to large and complex computer network attacks, and to help frame a future that maximizes response to such attacks on networks supporting critical national infrastructure. These include, but are not limited to: . Meaningful communication between organizations' incident response teams that results in rapid and effective response . Differentials in incident response resources and skills, and their effect on the speed and effectiveness of incident response . Meaningful communication between federal law enforcement, military, and intelligence community agencies . The adequacy of state, federal, and international law enforcement to respond to all computer network attacks . The risks faced by victims of computer network attack when choosing to respond on their own, beyond their network borders . The risks faced by the nation as a result of failures to respond to a large and complex computer network attack (i.e., the kinds of problems pointed out by the 9/11 Commission.) > What conversations THAT MATTER will be unique to OUR workshop? [This section probably needs the most work. dittrich] We wish the dialog to involve pointing out the problems in the status quo related to today's attack scenarios, and to various proposals for improving the situation, but not simply to serve as "devils advocate" and throw up road blocks, rather to help find a way to move forward to a more trustworthy computer network defense landscape. We believe that the group we are assembling represents some of the best minds in their fields when it comes to critical electronic infrastructure protection, and the synergy across disciplines can help identify promising ways to move the nation forward in its computer network defense posture. These conversations should work towards consensus and concrete proposals that can be made to policy makers and decision makers within organizations to move us towards a more effective defensive posture. > You - in concert with a few other - simply need to put out three BIG > themes that will be the organizing principles for the facilitation & > the conversation & the interaction... Each of the discussion sections should focus in the presentation and discussion on the first two bullet items below. It should then move towards identifying the issues in the third bullet. At the end of the workshop, everyone together will try to bring closure to all of the earlier discussions and come up with an overall set of recommendations to answer the question of the third bullet, "How do we get there?" . The State of Defenses Today + Have we set up electronic Maginot lines on our networks? + How would the nation come out of a massive computer network attack if it happened today? + Where would the cyber-9/11 failures occur? + How quickly is the situation changing? . The Goals for Defenses of the Future + Can we learn from Col. John Boyd's "OODA Loop" concepts and fashion defenses that are more agile than attacks? + Coordination and transition between the private sector, government, law enforcement, the military, and intelligence community. + Clarification of roles and limitations, along with safeguards of privacy, intellectual property, and basic rights. . How do we get there? + What prevents establishing a multi-sector or multi-national Boyd style computer defense today? + Do we have the resources across all CI sectors to produce such a dynamic defense, and if not, what kind of public/private entity needs to be created to attain them? + Can such a system be attained if one entity asserts control, or must it naturally be a distributed? + What policy changes would move the situation forward? > This hard part of the problem is NOT how smart we are; it's how determined > we are to come and have the right kinds of arguments and disagreements about > what matters - as opposed to self-indulgent recitations of things we ALREADY > know and care about