Almost every company is asking the question of survivability – how to balance business needs and growth, while meeting regulatory compliance and mitigating security risks? This question is facing organizations of all sizes, and for some the answer is changing the mission and scope of their IT security initiatives. In this session, Malcolm will discuss Intel’s approach to managing risk with its new “Protect to Enable” information security strategy.

Malcolm Harkins is vice president of the Information Technology Group and chief information security officer (CISO) and general manager of Information Risk and Security. The group is responsible for managing the risk, controls, privacy, security and other related compliance activities for all of Intel Corporation's information assets.

Before becoming Intel's first CISO, Harkins held roles in Finance, Procurement and Operations. He has managed efforts encompassing IT benchmarking and Sarbanes Oxley systems compliance. Joining Intel in 1992, Harkins previously held positions as the profit and loss manager for the Flash Products Group; general manager of Enterprise Capabilities, responsible for the delivery and support of Intel's finance and HR systems; and in an Intel business venture focusing on e-commerce hosting. Harkins previously taught at the CIO institute at the UCLA Anderson School of Business and was an adjunct faculty member at Susquehanna University in Pennsylvania. He received the 'Excellence in the Field of Security' award from the RSA conference as well as an Intel Achievement Award. Harkins received his bachelor's degree in economics from the University of California at Irvine and an MBA in finance and accounting from the University of California at Davis.

About the Topic: As fiscal year 2001 came to an end, the Hart-Rudman Commission and its recommendations for a post-Cold War national security structure were still on the agenda of Washington decision-makers. After the attacks of September 11, the comprehensive approach envisioned in Hart-Rudman was abandoned in favor of a piecemeal approach, resulting in such legislation as the Patriot Act, the Homeland Security Act, and the Intelligence Reform and Terrorism Prevention Act. As we enter what could be described as a "post-post-9/11 environment," it is worth asking whether the U.S. needs to consider a more comprehensive review, with Hart-Rudman as a starting point.

About the Speaker: William Nolte is research professor and director, Center for Intelligence Research and Education, at the School of Public Policy, University of Maryland.  He retired from federal service in 2006 as the chancellor of the National Intelligence University system within the Office of the Director of National Intelligence. A career National Security Agency officer, he served in a range of positions as senior intelligence authority, director of education and training, and chief of legislative affairs at NSA; as deputy national intelligence officer for the Near East and South Asia and later director of strategic planning at the National Intelligence Council; and as assistant deputy DCI for analysis. He holds a Ph.D. in history from the University of Maryland, and has taught at Georgetown and George Washington universities.

Sponsored by

The Preventive Defense Project and the

CISAC Science Seminar Series

Roughly 85% of the critical infrastructure systems in the United States is owned or operated by the private sector. Managers of these systems must keep everything running and try to ensure nothing bad happens, despite increasing system complexity and demand for continuing improvements in efficiency. This challenge naturally leads to the questions “which parts of an infrastructure are critical,” “how critical are they,” and “how should we invest limited budget to defend our infrastructure?”

We introduce two- and three-stage optimization models that represent the strategic, game-theoretic interactions between preparations to defend critical infrastructure, an “attacker” who observes these preparations before acting, and a “defender” who operates the surviving infrastructure as best as possible after an optimal attack. We identify worst-case disruptions in the operation of a system by solving a system interdiction problem. Then, given an available budget and list of possible defensive investments (e.g., hardening, redundancy, capacity expansion), we solve for a combination of investments that makes the system maximally resilient to worst-case disruption. We show some unexpected results that have proven insightful.

These models apply equally well to government, military, and commercial systems. Between our NPS student-officers and faculty, we have conducted over 150 case studies on systems ranging from electric power, to transportation, to supply chains, to the Internet.

About the speaker: David L. Alderson, Ph.D, joined the Naval Postgraduate School faculty in 2006 after working for three years as a postdoctoral scholar in the Division of Engineering and Applied Sciences at the California Institute of Technology (Caltech). He received a B.S.E. in Civil Engineering and Operations Research from Princeton University and the M.S. and Ph.D. degrees from the Department of Management Science and Engineering at Stanford University. His research focuses on the function and operation of critical infrastructures, with particular emphasis on how to invest limited resources to ensure efficient and resilient performance in the face of accidents, failures, natural disasters, or deliberate attacks. He currently serves as the Director of the NPS Center for Infrastructure Defense (CID). As part of a Multiple University Research Initiative (MURI) team studying "Next-Generation Network Science," he studies tradeoffs between efficiency, complexity, and fragility in a wide variety of public and private network-centric systems. He has extensive experience working on the Internet and other complex communication networks, having been a researcher at the Xerox Palo Alto Research Center (PARC), the Santa Fe Institute (SFI), and the Institute for Pure and Applied Mathematics (IPAM) at UCLA. He is a member of INFORMS and MORS.

About the Speaker: Eric Schwartz became Dean of the Hubert H. Humphrey School of Public Affairs at the University of Minnesota in October 2011, after a 25-year career in senior public service positions in government, at the United Nations and in the philanthropic and non-governmental communities. 

Prior to his arrival in Minnesota, he was U.S. Assistant Secretary of State for Population, Refugees, and Migration. Working with Secretary of State Hillary Clinton, he served as the Department of State’s principal humanitarian official, managing a $1.85 billion budget, as well as State Department policy and programs for U.S. refugee admissions and U.S. international assistance worldwide. 

From 2006 through 2009, Schwartz directed the Connect U.S. Fund, a multi-foundation – NGO collaborative seeking to promote responsible U.S. engagement overseas. From August 2005 through January 2007, he served as the UN Secretary-General Kofi Annan’s Deputy Special Envoy for Tsunami Recovery.  In that capacity, he worked with the Special Envoy, former President Clinton, to promote an effective recovery effort. Before that appointment, Schwartz was a lead expert for the congressionally mandated Mitchell-Gingrich Task Force on UN Reform. In 2003 and 2004, he served as the second-ranking official at the Office of the UN High Commissioner for Human Rights in Geneva.