Experts from industry, government, and academia recently gathered at NYIT’s annual cybersecurity conference sounded an alarm. “Think like your adversaries,” warned Gregory Conti, Ph.D., director, Army Cyber Institute, U.S. Military Academy. Salvatore Stolfo, Ph.D., professor of Computer Sciences at Columbia, escalated that by urging attendees, “Be the adversary!”
“Protect what is most important to your organization; that’s what is most valuable to your adversaries,” said Allison Wikoff, intelligence analyst for Dell SecureWorks, who also noted that BYOD now stands for Bring Your Own Disaster.
Angelos Keromytis, Ph.D., program manager, Information Innovation Office, Defense Advanced Research Projects Agency (DARPA), U.S. Department of Defense, urged enterprises to be prepared to restrict adversaries’ freedom of action within any compromised network. Eric Goldstein, of the Department of Homeland Security’s (DHS) Office of Cybersecurity and Communications, called for information sharing between government and the private sector, and acknowledged that the number of cyber alerts issued per month, averaging 1,000, is possibly causing cyber fatigue.
Yet, “the problem is bigger than we know. How do we get ahead of the curve; how do we defy the bad guys?” asked Sabine Schilg, vice president in IBM’s Security Division.
Panelists also addressed the paradigm shift in cyber intrusions and the challenges of securing large systems and infrastructures. They debated how to secure the U.S. electric grid, power plants, networks, and even microchips in the supply chain, in a continually evolving “threatscape” that includes billions of objects overlaid with artificial intelligence, and which lacks the protocols and protections that more mature industries have in place.
“The unrelenting velocity of information requires fast decisions; speed is key, as is resiliency,” said Rob Evans, director of business development, Air Command and Control Solutions at Northrop Grumman. As such, he noted, we are “seeing a shift from cyber security to cyber resiliency, and the need to predict and prepare for vulnerabilities.”
Speakers repeatedly highlighted the demand for cybersecurity training and expertise at all levels, noted Nada Marie Anid, Ph.D., dean of NYIT’s School of Engineering and Computing Sciences, which convenes the conference. She said, “This is an exciting time with exciting opportunities for our students both in government and the private sector.” ‘You will never get bored,’ students were told during the student career information session, which included presentations from West Point and DHS.
“We need the Internet of tomorrow to be more secure than today. We need research and women cybersecurity experts,” noted Monique Morrow, Cisco’s chief technology officer. Earlier in the conference, Anid stated, “We’re securing the Internet of Things and creating the Internet of Women.”
NYIT faculty, in reiterating the need for strong authentication on mobile devices, presented research on their Hand Movement Orientation and Grasp (H-MOG) software. “Data loss from mobile devices is the largest threat to mobile computing,” commented Jonathan Voris, Ph.D., who presented with colleagues Kiran Balagani, Ph.D., and Paolo Gasti Ph.D. All three are assistant professors of Computer Science at NYIT.
Since NYIT held its first conference in 2010, it has introduced and increased its cybersecurity course offerings for undergraduate and graduate students.
In July, the Nassau County (NY) Industrial Development Agency authorized NYIT to open an Information Assurance/Cyber Defense Research Facility to serve the nation’s need for cybersecurity.