Cyber Brain Trust Looks to Safeguard Smart Tech

The next big advances in tech, from the Internet of Things (IoT) to speedy 5G networks and complex machine learning also present the future of cybersecurity threats, Rick Ledgett, former deputy director of the National Security Agency (NSA), said at the first annual University of Maryland Executive Cybersecurity Summit.

Ledgett, who worked for the NSA for over 25 years and now runs a computer science consultancy, was one of 25 high-level cyber experts in government, the private sector and academia addressing the broad challenges of cybersecurity at the event, which continues through today at the Hotel at the University of Maryland.

Ledgett said that the number of IoT devices, running the gamut of internet-connected household appliances to medical and manufacturing devices, is predicted to run as high as 50 billion devices by 2020. “What that means from a cybersecurity perspective is complexity. And complexity means bad things. Every time you hook up two devices, or a device to a network, that’s two ways for things to go badly.”

How that cascades to emerging technologies, like autonomous vehicles, which require highly reliable, low-latency communications, hasn’t been adequately studied, he said. He also noted a need for further research in the area of machine learning, which is advancing “faster than people can comprehend,” with mechanisms for success that aren’t clearly validated and or well-tested in today’s threat environment. Facial recognition, which is poised to change everything from online buying to getting on a plane, is particularly vulnerable.

A company or government agency that is hacked must contend with not just the technical aspects of the breech, but the socioeconomic fallout. Daniel Ennis, executive director of the University of Maryland’s Maryland Global Initiative in Cybersecurity, said cyber threats require a holistic response, with voices from the private sector, academia and government at the table for collaborative problem-solving.

“The government is not going to be final solution,” said Ennis.

Keith Marzullo, dean of UMD’s College of Information Studies, agreed that academia can play a unique role. “I think that the pressures and things on the ground are so demanding, that the public and private sectors have a tendency to move too fast to solve the immediate problem, when actually the problem is much deeper and more involved,” he said. “That need to move quickly limits their ability to think more deeply. And that’s where we can come in.”

Experts also pointed to the urgency for building the professional workforce on all sides of the cyber issue, from the technical to communications and enterprise. Federal Chief Information Security Officer and Senior Director of Cybersecurity Policy Grant Schneider of the National Security Council points to the engagement with experts in fields beyond computing, as well as with business executives, as critical to risk management. “We need more cybersecurity professionals, we need more STEM people who can hopefully solve all of these cybersecurity challenges for us,” he said. “We also need more lawyers and people who can translate what the technicians are talking about, and those who understand the business mission and the business values. We need a far more nuanced conversation between CEOs and CISOs.”  

The summit today will drill down into some of the more complex and residual aspects of the technical side, with panel discussions surrounding hacktivists and spycraft, emerging vulnerabilities to “smart cities” and the chain failure of interconnected systems, such as the massive outage that affected three airlines on Monday. Faculty interested in attending one of the sessions can receive complimentary registration at the summit throughout the day.

“I’ve had colleagues tell me that it will take a cybersecurity breach equivalent to Pearl Harbor to change the game,” said Ledgett. “I think that the work that institutions like the University of Maryland and folks in the private sector can do is essential to making that not be the case.”