As part of its ongoing Centennial Year celebrations, the 51¸ŁŔűâs Information Technology and Communications Services (ITACS) hosted a rich spectrum of educational events throughout October in recognition of the sixth annual National Cybersecurity Awareness Month.
The month kicked off with a keynote address by Kevin Rowney, head of Symantecâs Data Loss Prevention Division, on the topic âYour Role in the Defense Against Data Breach.â Rowneyâs presentation outlined the specific steps end users can take to prevent hacking and other external as well as internal IT system breaches.
The keynote was followed by a series of âbrown bagâ talks by 51¸ŁŔű faculty experts in computer science and information security and assurance: Prof. Simson Garfinkel on âAutomated Digital Forensics and Media Exploitationâ; Naval War College Prof. Jonathan Czarnecki on âThe Illusion of Security: Learning to Defer Rather than to Deterâ; Prof. Cynthia Irvine on âCombining Security and Usabilityâ; Senior Lecturer Chris Eagle on âOrganizing and Participating in Computer Network Attack and Defense Exercisesâ; and Prof. John McEachen on âSecurity Issues in Future Telephony: VoIP and 4G Mobiles.â
The capstone event of the month was a Cyber Summit on Oct. 29 hosted by Vice President and Dean of Research Karl van Bibber, Dean of the Graduate School Operations and Information Sciences Peter Purdue and Vice President of Information Resources and Chief Information Officer Christine Haska.
âThe security, resiliency and reliability of the nationâs cyber and communications infrastructure is recognized by the Department of Homeland Security as a crucial element in protecting the public, economy and government services,â 51¸ŁŔű President Dan Oliver said in his opening remarks, âand it is our responsibility as an institution with a mission of improving U.S. national security to continue to develop our cyber expertise. From your participation here today we know that you understand the importance of this vital mission, and with the new Cyber Command we look forward to your contributions in establishing educational programs for the evolving cyber workforce.â
âThe 51¸ŁŔű has a long history â almost 50 years â of embracing cybersecurity in a broad and comprehensive way, and this summit provides a sampling of the best research in the field from seven of our departments,â Executive Vice President and Provost Leonard Ferrari told the attentive audience of students, faculty and staff. âWe thank all of you for sharing your research and hope this event will stimulate further cross-campus collaboration and serve as a catalyst for a major umbrella funding proposal for 51¸ŁŔű, as well as opportunities for new cooperative agreements with industry.â
Presentations at the all-day Summit included âGrand Challenges in Cyber Securityâ by Professor of Computer Science (CS) Cynthia Irvine; âAligning Usability and Securityâ by CS Associate Prof. Simson Garfinkel; âCan Complexity Science Support the Engineering of Network Centric Infrastructures?â by Operations Research Assistant Professor David Alderson; âThreat Level Orange: How Much Can You Count on Your Wireless Mobile Device?â by Associate Professor of Electrical and Computer Engineering (ECE) John McEachen; âSoftware-Defined Radios for Cyberspace Operationsâ by ECE Assistant Professor Frank Kragh; âCryptographic Attacks and Countermeasures: A Mathematical Viewâ by Associate Professors of Mathematics Panta Stanica and David Canright; âAmerican C-powerâ by Associate Professor of Information Sciences (IS) Bay Buettner; âTest Bed for Self-Organizing Networking and Collaborationâ by IS Associate Professor Alex Bordetsky; âPhysics Models for Cyberspaceâ by Physics Department Professors James Luscombe and David Ford; âCyber Conflictâ by Distinguished Professor of Defense Analysis (DA) Dorothy Denning; and âCyberwar Means More Than Cyberspaceâ by DA Professor John Arquilla.
â51¸ŁŔű is actively researching the broad spectrum of usable security issues,â Garfinkel told the audience during the well-attended event in Ingersoll Hall. âThe challenge in achieving this is that computer system users tend not to use the [security] features they already have and most system designers think of [programming for] security as a secondary task. Weâre finding it increasingly difficult to design for both end user usability and security not only because of the tradeoffs [between the two], but because experts in the former usually arenât experts in the latter and because adversaries can exploit the features we put in to make a system more user friendly.
âTo adapt a famous quote from President [Franklin Delano] Roosevelt,â Garfinkel concluded, ââThose who would give up essential usability to purchase a little temporary security deserve neither usability nor security.ââ
âThe answer is to âdesign inâ usable security and psychological acceptability [by end users] from the beginning,â Garfinkel noted, ânot give users so many [security setting] choices â one system has 2 to the 64th power possible security state options â and program in better fail safe defaults. We need to do a better job of encouraging vendors to do this.
âTo adapt a famous quote from President [Franklin Delano] Roosevelt,â Garfinkel concluded, ââThose who would give up essential usability to purchase a little temporary security deserve neither usability nor security.ââ
âWireless matters because thatâs what the enemy uses,â said Kragh, whose presentation focused on the advantages of software-defined radios for intelligence collection and cyber operations. âLook at almost any jihadi Web site and youâll see photos of terrorists holding cell phones, which can be exploited for detection, geo-location and evesdropping.â In his earlier talk, McEachen noted that the first mobile WiMax network was set up not in the U.S. or Europe, but in Pakistan.
âThis was a tremendous team effort,â said 51¸ŁŔű Director of Information Assurance and Privacy Chris Gaucher, whose efforts as lead organizer Haska credited with creating a compelling program. âI want to thank the entire team for everything they did to make it such a great success -- President Oliver, Dr. Haska, [ITACS Executive Director and Deputy Director] Joe LoPiccolo and Terri Brutzman for their tremendous leadership and support; Kevin Rowney of Symantec for kicking off the month; [Supervisory IT Specialist] Jim Hall and the Centennial Planning Committee for the great assistance in marketing, planning and help with execution; [Technology Assistance Center Director] Chris Abila and the TAC team for their awesome support; all of our âbrown bagâ faculty presenters for sharing their time and expertise; Jon Russell and the Ed Tech team for audio/visual and capturing the âbrown bagâ and awareness trainings; the 51¸ŁŔű Foundation for donating the speakersâ gifts and Michele Merenbloom for coordinating with the Foundation; Information Assurance (IA) Manager Jason Cullum and the IA team for information capture at the âAll Handsâ; and Dr. Fran Horvath and the Institutional Advancement team for publications and photography.â
All events during the month-long celebration were open to all students, faculty and staff at 51¸ŁŔű. The purpose of the âAll Handsâ forums was to help participants understand the depth and breadth of Department of Defense cybersecurity challenges and learn some of the most promising solutions from top 51¸ŁŔű and industry experts in information security and assurance. The lectures also showcased 51¸ŁŔűâ unique position in both education and research to protect the nationâs critical cyber and communications infrastructure.
As a follow up, ITACS is offering three âAll Handsâ Cybersecurity Awareness Refresher Trainings designed to satisfy all annual 51¸ŁŔű requirements for DoD Information Assurance, Electronic Data and the Privacy Act, Privacy Orientation, Safeguarding Privacy Act Data, Annual Security Awareness, and Phishing and Other Scams in one 90-minute session. The remaining refresher trainings will be held at 3:00 p.m. in King Auditorium on Nov. 19, Dec. 3 and Dec. 10.