Washington, DC, June 16, 2009 –- The Center for Advanced Defense Studies Cyber Network Defense (CND) Program Lead, Mark Atallah, attended a roundtable discussion Tuesday hosted by US Strategic Command’s Global Innovation and Strategy Center. The discussion focused on international and domestic regulation, laws and public-private partnership issues related to cyber-defense. Professors from universities including Georgetown, George Washington, and the University of Nebraska-Omaha, as well as cyber-security experts, practicing cyber-law attorneys, and representatives from several defense technology firms and agencies participated in a lively debate.

The impossibility of impenetrable defenses against constantly mutating attacks and the vexing challenges of partnership between government and private business makes CADS’ proposal for a flexible response system operating according to our DDPPRR(Deter, Detect, Prevent, Protect, Remediate, Recover) paradigm vital to securing critical national infrastructure and private sector networks against the omnipresent threat of cyber attack or exploitation. The roundtable’s members agreed that CND requires the development of new models of cooperation and the adaptation of long-standing principles of security to a wholly new environment. Poor information sharing and the tangled web of overlapping jurisdictions and rules frustrated many of the participants, who expressed a desire for effectiveness over theoretical argument.

Washington, DC, June 15, 2009 -- The Center’s Executive Director, Lt.Col. (Ret.) David E.A. Johnson, participated in a conference on “Contemporary Piracy: Consequences and Cures” at the Johns Hopkins School of Advanced International Studies (SAIS) on Monday. The Conference gathered senior diplomats, shipping industry leaders, high-level government officials, security practitioners, and academic glitterati in an intimate setting under non-attribution rules.

Somali Piracy has an importance far beyond the sustainable cost to shipping and the news cycle impact of the hijackings. The exponential growth of attacks, transnational criminal network establishment, and the costly and relatively ineffective deployment of naval forces to counter them is a useful model for the types of challenges States are increasingly facing around the world. Frustrated by the discussion of legal contradictions and nation building, one industry participant commented, “ an elephant is a mosquito built by the government”.

Washington, DC, May 12, 2009 -- Tony Shaffer, Director of External Communications for the Center for Advanced Defense Studies (CADS), was invited to speak on Fox News about the recent transition of the top U.S. Commander post in Afghanistan from Gen. David McKiernan to Lt. Gen Stanley McChrystal. Shaffer, who worked directly with Gen. McChrystal in support of Joint Task Force 121 —a special ops unit— appeared two separate times on Tuesday, strongly praising the choice of McChrystal and describing him as flexible and pragmatic. “The press talks about [McChrystal] being adaptive, being able to adjust,” Shaffer said. “And I saw that firsthand…”

Though Shaffer described outgoing Commander Gen. McKiernan as an “outstanding General,” he articulated the Center’s viewpoint that McChrystal’s background makes him especially well-suited to lead a successful counterinsurgency in Afghanistan. "General McChrystal brings that precision and the understanding of all the facets of what needs to be controlled and influenced on the ground," Shaffer said. "He, I believe, will be successful in translating broad policy guidelines into achievable, measurable objectives regarding military activities -- which will result in, frankly, a regaining of lost ground in Afghanistan."

New York, NY, April 30, 2009 -- Lt. Col. (Ret.) David Johnson assumed the position of Executive Director of the Center for Advanced Defense Studies on Thursday at a full-day transition ceremony at New York’s Grand Central Station. The day began with a tour of the MTA security infrastructure and control room and ended with a cocktail hour at Cipriani Dolci—overlooking Grand Central— featuring Keynote Speaker Frank Gaffney, founder and president of the Center for Security Policy, a D.C. think-tank.

At the event, attended by friends of the Center, Col. Johnson articulated his vision for the center: ‘Our distinguished fellows, supported by dedicated teams of interns from an international partnership of eminent educational institutions, will continue to contribute to the study of diplomatic, informational, military, economic and political networks to enhance global security. While talking heads natter about Information Security, National Security and Critical Infrastructure Protection, and Economic Security and Development challenges, the Center has acted. As a think-and-do tank, the Center has found its niche in creating concrete solutions to the information challenges facing these domains.

San Francisco, CA, April 20, 2009 -- The Center for Advanced Defense Studies received recognition at the annual RSA conference —widely regarded as the world’s premier information security conference—for its research on XML Security Threats. In a session titled "XML Attacks and Prevention in a Web 2.0 World,” Peter Soderling, CEO and founder of Stratus Security Technologies, and Steve Orrin, Intel Director of Security Solutions, demonstrated examples of a new set of attack methods originally researched in association with the Center for Advanced Defense Studies.

Examples included the following:

• RSS attack: the attacker injects attack code into a site's RSS feed, which is delivered through the API to client machines requesting information from the site.
• Entity expansion attack: the attacker creates an XML request process that refers back to itself, creating an endless loop that causes the targeted server to stop responding to other requests.
• XPath injection: the attacker uses a language known as XPath to inject queries through an API in order to view other users' data (such as account numbers).