The Sandbox at The Viewing Point

RSA Conference 2016 offers “sandboxes” to learn how to encrypt mobile device emails, surf anonymously online, study the impact of Internet of Things (IoT) vulnerabilities, test network security at SANS NetWars, and experiment on what happens to healthcare, finance or energy sectors when our critical infrastructure (ICS) is tested. Check our agenda closer to Conference to see exact times for events in The Sandbox.

The Sandbox will be held in The Viewing Point located in the Gateway Ballroom in Moscone South.

Cryptoparties in The Sandbox

Industrial Control System Sandbox

Internet of Things Sandbox

SANS NetWars in The Sandbox

CryptoParties Sandbox

Security can be considered an individual or corporate endeavor.  Come learn more about the grassroots movement and learn how to surf anonymously or encrypt your devices.

tuTORial—Learn How to Use TOR to Be Anonymous Online - Runa Sandvik, Freedom of the Press Foundation

Wednesday, March 2, 2016 | 11:30 AM – 12:20 PM

Runa Sandvik

The avalanche of disclosures in recent years has made it clear that encryption is the way forward for those who wish to protect their data and their communications. This presentation will take a look at Tor and how the tool allows users to be anonymous online. This presentation will also discuss how you can build an enterprise onion site (like Facebook) and better support users of the Tor network. 



An Introduction to Secure, Usable Encryption Tools for All - Jessy Irwin, AgileBits

Thursday, March 3, 2016 | 11:30 AM – 12:20 PM

Jessy Irwin

Since 2013, technology companies across the world have moved to encrypt apps and services used daily by billions of people.  Now some of the biggest privacy and online security improvements through encryption are nearly invisible to users. In this introduction to secure, usable encryption tools, beginners and others will learn how to protect themselves, their data and their identities online.  




Industrial Control System (ICS) Sandbox - Tom VanNorman, Counter Hack, LLC

Tom VanNorman

The ICS Sandbox allows you to interact firsthand with commonly found hardware and software used in most industries.  Additionally, you will be able to hear leading experts discuss pressing issues in control systems




When Worlds Collide: IoT meets ICS - Larry Pesce, InGuardians

Wednesday, March 2, 2016 | 9:10 AM – 10:00 AM

Larry PesceThe Internet of Things (IoT) creates new risks even to Industrial Control Systems (ICS). Over time the two environments will only grow closer together. This session will examine security risks to ICS coming from IoT enabled devices across several environments such as Smart Energy, and oft forgotten ICS environments in Finance and Healthcare. We’ll offer practical advice on future risk reduction.



How Do I Get into ICS security? - Chris Sistrunk, Mandiant

Wednesday, March 2, 2016 | 11:30 AM – 12:20 PM

Chris Sistrunk

This talk is about how to get into ICS security, whether you’re a control system engineer or an IT security analyst. It will cover the basic paths you can take to get involved, including some helpful resources and standards to help get you started. The ICS Security industry needs more people to help protect Critical Infrastructure! 




Industrial Cyberthreats: The Kaspersky Lab View - Andrey Nikishin, Kaspersky Lab

Wednesday, March 2, 2016 | 2:10 PM – 3:00 PM

Andrey Nikishin

Since Stuxnet we have registered a growing number of cyber security incidents in the industrial environment. In the presentation we will share the data collected, analyze some examples of attacks on the industrial environment, provide some forecasts for the future development of industrial cyber threats and discuss possible solutions for mitigating the risk of cyber incidents.




Cyber-situational Awareness in ICS/SCADA Networks 
- Jon Lavender, Dragos Security

Wednesday, March 2, 2016 | 4:30 PM – 5:20 PM

Jon Lavender

Through cyber situational awareness, security personnel can monitor for misconfigured devices, network inefficiencies, and similar opportunities for cost savings that bring value to the security and reliability of operations. This talk will present these concepts and move to illustrate the value of cyber situational awareness, how it can be obtained, and the value security brings to operations technology and ICS networks.



ICS Sec for N00bz: an Intro to ICS Defence by Defending the Death Star - Kara Turner, iSIGHT Partners

Thursday, March 3, 2016 | 10:20 AM – 11:10 AM

Kara TurnerIn a humorous and nerdy take on ICS security, Kara Turner will share basic ways to defend the Galactic Empire from Rebel attacks on the Death Star. Learn best practices and policies to address these issues and more in a memorable way that easily translates to your own ICS environment. Rebel scum are attacking the Death Star through the ICS networks—the Empire needs you! 



Top 10 things to be fixed at ICS installations - Bryan Hatton, Idaho National Labs

Thursday, March 3, 2016 | 1:00 PM – 1:50 PM

Bryan HattonBy combining the incident response and the site assessment teams’ results from real world installations, a list of top recommendations is produced for owners of industrial control equipment to improve their security posture.  




Industrial Defence In-Depth - Andrey Nikishin, Kaspersky Lab

Thursday, March 3, 2016 | 3:20 PM – 4:10 PM

Andrey NikishinThis presentation will look at a specific example, the features of industrial customers, the difference between the Defence In-Depth concept for industrial objects, and what kind of cyber security products and services should be used, what organizational measures should be taken and, most importantly, how to find a balance between ensuring cyber security and technological process continuity.





Internet of Things Sandbox

Organized by Jesus Molina, and Ted Harrington, one of the organizers of the landmark hacking event IoT Village, this exhibit highlights issues through demonstrations of vulnerable connected devices and provoking talks by thought leaders who will dissect real-world use cases, analyze the impact on both the consumer and business environments, and articulate groundbreaking research.

Intro to Car Hacking - Charlie Miller, Uber & Chris Valasek, Uber

Wednesday, March 2, 2016 | 10:20 AM – 11:10 AM

Chris Valasek and Charlie MillerThis session will discuss automotive security highlighted by the vulnerability and exploit of the 2014 Jeep Chrysler. Presenters will outline weaknesses in current designs as well as why these are inherent in current vehicles, and will finish by discussing improvements to existing systems.



When Good Devices Go Bad: Live Hacking in the IoT Sandbox - Balint Seeber, Bastille, Joe Gordon, Pinterest, Jesus Molina, Jesus Molina Consulting 

Wednesday, March 2, 2016 | 1:00 PM – 1:50 PM

Good Devices speakers
Stories of vulnerabilities in the IoT appear almost daily: kettles and coffees machines leak Wi-Fi passwords, alarm systems can be circumvented, and toys can spy on you. But how are these attacks executed? How are they impacting your daily life? Join us for a fun session in the IoT Sandbox where we explore vulnerabilities discovered in many innocent devices, and demonstrate real attacks on them. 


Hacking IoT: Why Security in IoT is Failing (and how to fix it!) - Ted Harrington, Independent Security Evaluators (ISE)

Wednesday, March 2, 2016 | 3:20 PM – 4:10 PM

Ted HarringtonUtilizing case study analysis of attack anatomies, this session will explore the fundamental security shortcomings that plague the IoT industry and articulate how to resolve those problems. Data and outcomes from both IoT Village in particular as well as the broader research community are analyzed in order to present actionable guidance. 


FCC’s Cybersecurity Risk Reduction Initiatives and Activities - Admiral (Ret) David Simpson, FCC

Thursday, March 3, 2016 | 9:10 AM – 10:00 AM

David SimpsonThe consumer benefits of the IoT are anticipated to be exceedingly large. However, IoT will also greatly expand the cyber attack surface for consumer appliances. This session will discuss the FCC’s cybersecurity risk reduction initiatives to combat cyber threats to the communications critical infrastructure that is the foundation for the IoT. 


Tactical Survival Tips Building and Leveraging IoT Technologies - Brian Witten

Thursday, March 3, 2016 | 11:30 AM – 12:20 PM

Brian WittenIn 16 months, cars were “hacked, tracked and stolen,” MRI and X-Ray machines infected, power grids crashed, and a steel mill blast furnace damaged, all via security mistakes building and leveraging IoT gear. This session offers advice on using IoT gear as safely as possible in these “buyer beware” years, and a framework to build security into IoT products that should be secure “by design.” 



Barbie vs. the ATM Lock: Which is the high security IoT device? - Marcus Richerson, Somerset Recon 

Thursday, March 3, 2016 | 2:10 PM – 3:00 PM

Marcus RichersonIoT devices are everywhere, but it’s not obvious which ones are secure. This session will review a deep analysis of two devices: a connected Barbie doll and a high-security safe lock. Which one is really secure? The results provide lessons on future secure device design and best practices that should be followed.



When Good Devices Go Bad: Live Hacking in the IoT Sandbox - Balint Seeber (Bastille) & Joe Gordon (Pinterest) 

Thursday, March 3, 2016 | 4:30 PM – 5:20 PM

Stories of vulnerabilities in the IoT appear almost daily: kettles and coffees machines leak Wi-Fi passwords, alarm systems can be circumvented, and toys can spy on you. But how are these attacks executed? How are they impacting your daily life? Join us for a fun session in the IoT Sandbox where we explore vulnerabilities discovered in many innocent devices, and demonstrate real attacks on them.


SANS NetWars Sandbox - Ed Skoudis, Counter Hack Challenges

Wednesday, March 2, 2016 | 9:10 AM – 12:20 PM  
Thursday, March 3, 2016 | 9:10 AM – 12:20 PM 

Ed Skoudis

SANS NetWars is a suite of engaging and fun hands-on, interactive learning scenarios that enable information security professionals to develop and master the real-world, in-depth skills they need to excel in their field. In SANS award-winning courses, attendees consistently rate our hands-on exercises as the most valuable part of the course. NetWars has really raised the ante, as participants learn in a cyber-range while working through various challenge levels, all hands-on, with a focus on mastering the skills information security professionals can use in their jobs every day. 

Interested in playing SANS NetWars? Click “Add to Schedule” when planning out your agenda and we will send you a reminder of where and when it’s happening.



This document was retrieved from on Mon, 17 Jun 2019 06:45:08 -0400.