cybersecurity

At DC CyberTalks, cybersecurity leaders call for robust cyber workforce, enhanced collaboration, and secure critical infrastructure

The annual DC Cyberweek, presented by CyberScoop, brought together more than 10,000 attendees to over a hundred community events last week. As one of the main events of the week, CyberScoop hosted CyberTalks, a daylong TED Talk-style conference focusing on cybersecurity featuring a wide range of influential cyber leaders from both government and private sector. Throughout each of the thirteen talks and interviews, the speakers highlighted current issues, priorities, and advancements in cyber today.

Three themes emerged throughout the day: an urgent need for a greater cyber workforce, more efficient collaboration between agencies and the private sector, and the need to build in cybersecurity into critical infrastructure.

For many of the speakers, the most pressing threat to longterm cybersecurity was not a particular foreign adversary but rather the difficulty of staffing the gargantuan cyber workforce necessary to stay ahead of an ever-expanding ocean of threats. Representative Mike Rogers stressed the shortage of workers in the government, where he said there are currently over 3000 cyber jobs vacant. Rogers explained that in the context of the federal workforce, government salaries cannot currently compete with the salaries offered by tech companies. Also addressing the growing cyber job market, Matt Olsen, Chief Trust & Security Advisor for Uber, made a case for greater commitment to cybersecurity expertise, stating that there will be 3.1 million unfilled cyber jobs by 2021. Bill Rowan, VP of Federal Sales at VMware said, “Let’s build our [cyber] workforce, not just at the federal level, but also in industry, at a national level.” Meanwhile, over half the speakers addressed the urgent need for a larger and more expert cyber workforce, with an emphasis on the need to attract young people to the field.

Goldy Kamali, Founder & CEO of Scoop News Group, gives introductory remarks at DC CyberTalks2019.

Goldy Kamali, Founder & CEO of Scoop News Group, gives introductory remarks at DC CyberTalks2019.

In addition to a larger workforce, several speakers discussed ongoing and sustained tactics towards cybersecurity efforts, both from a large-scale perspective as well as from the role of the individual. Suzette Kent, the Federal CIO at the Office of Management and Budget, proposed a shift in the way we thing about cybersecurity, from discrete one-off attacks to a constantly shifting “digital battlefront,” in which skirmishes are fought on a daily basis. Kent claimed, “We will win on this digital battlefront. We’ve proven that we can win.” Matthew Dunlop, VP and CISO at Under Armour, and Toke Vandervoort, SVP Deputy General Counsel at Under Armour, talked about making users into better “cyber citizens.” They stated a need for more effective cybersecurity training programs because 99% of errors are user mistakes. When it comes to practical application of defense strategies against cyberattacks, such as a ransomware attack, Gary Brantley, the CIO of the city of Atlanta, emphasized the theme of “preparing for the inevitable.” That it is not a matter of if, but when, the next cyberattack will occur, making it important to train a “muscle memory for disaster.”

As one way to address the battle against cyberattacks, many speakers underscored the need for better and more efficient collaboration, both within the government—between agencies—and the need for both industry and government to work together. To this end, Chris Krebs, the Director at CISA, discussed the need to pull together broader threat feeds to provide real-time advice. “Context is king,” said Krebs, explaining that information sharing is much more than compromise; rather, information sharing in appropriate contexts can make all the difference when dealing with a cybersecurity threat. This sentiment was echoed by other speakers who called for better methods of information sharing and establishing structures that increase the speed and quality of information sharing. Anne Neuberger, Director of Cybersecurity at the NSA, reiterated that it is essential for information to be shared quickly and in an unclassified way, adding that it is critical to work with the private sector, as “we all have pieces of the puzzle.”

A main concern regarding cyberattacks is not just the speed of the threat, but also the scale. Tonya Ugoretz, Deputy Assistant Director for the Cyber Division at the FBI, showed how sometimes the scope of cyberattacks are hard to comprehend. Ugoretz shared some numbers to try to capture the scale of cybercrime: in terms of business email compromise—which is only one type of common cybercrime—all 50 states and 157 countries have been affected, totaling losses of more than $26 billion globally. Additionally, ransomware attacks to date have cost $7.3 million with attackers targeting hospitals, schools, and first responders—those who can least afford to be offline.

In discussing the role of critical infrastructure in cybersecurity, many speakers stressed the need to directly build in cybersecurity at the infrastructural level, rather than adding it on later as an afterthought. Chris Johnson, Google Cloud’s Global Compliance Product Lead, argued that we are at a pivotal moment, as many companies and organizations are in the process of moving infrastructure. He explained that to achieve better outcomes in cybersecurity, there is a need for better “buildings”—that is to say, cybersecurity needs to be “built in, not bolted on.” Speaking to the importance of data resiliency, Teresa Shea, VP of cyberwarfare and mission innovations at Raytheon, explained that “it’s all about the data,” estimating that by 2025, the collective sum of the world’s data will be 175 zettabytes.

Similarly, Shea lamented the degree to which security struggles to keep pace with innovation, “We’re in a race to get our tech into place before the bad guys,” she explained, indicating that the ability to get the technology in place involves two key components: (1) taking tech into the backend process and (2) fixing current laws and policies, which have not kept pace with the telecommunications world. Here Shea emphasized the importance of “modernizing law and implementing it in dynamic ways.”

Overall, a key takeaway from CyberTalks was a call for greater collaboration between various government agencies as well as coordination with the private sector. Cybersecurity is an ongoing, daily issue and so there is a need for a larger, expert cyber workforce and an attention to engineering cybersecurity into critical infrastructure. As Grant Schneider, Federal CISO and Sr. Director for Cybersecurity Policy on the National Security Council, stated, when it comes to cybersecurity, “everyone has a role to play.”

Dr. Derrick Cogburn Presents on NetGov and Cybersecurity Research at HICSS Conference

AU Internet Governance Lab Faculty Director Dr. Derrick Cogburn presented “Analyzing Trends and Topics in Internet Governance and Cybersecurity Debates in Twelve Years of the Internet Governance Forum” at the 52nd Hawaii International Conference on System Sciences (HICSS) on Friday, January 11, 2019. Among multiple other roles and presentations at the conference, Dr. Cogburn co-led the Minitrack on Text Mining and Data Analytics.

Faculty Director Dr. Derrick Cogburn Participates in IGF 2018

Internet Governance Lab Faculty Director Dr. Derrick Cogburn, Professor at the AU School of International Service and Kogod School of Business, will participate in the 13th Annual Meeting of the Internet Governance Forum (#IGF2018) hosted by the Government of France at UNESCO headquarters in Paris from November 12-14, 2018. Dr. Cogburn will play a multifaceted role, including speaking at a Disco-tech event on disability and Internet accessibility; presenting at a DCAD workshop; and moderating a Giganet panel on Cybersecurity and Sovereignty.

Dr. Laura DeNardis Offers Keynote at The Hague Program for Cyber Norms' Inaugural Cyberspace Conference

Faculty Director Dr. Laura DeNardis, Professor at the AU School of Communication (SOC), will offer a keynote address at the inaugural conference “Novel Horizons: Responsible Behaviour in Cyberspace” hosted by The Hague Program for Cyber Norms at Leiden University in The Hague, Netherlands. She will be joined by Faculty Fellow Dr. Tim Maurer and Doctoral Researcher Erica Diya Basu at the conference taking place from November 5-7, 2018.

Applications Open for 2019 Cyber 9/12 Strategic Challenge

Applications are now being accepted through October 23, 2018 for the AU student teams that will compete in the 2019 Cyber 9/12 Strategic Challenge, which will be held in Washington, DC in March 2019. Established in 2013 in a partnership between The Atlantic Council and AU’s School of International Service, this event is the premier international affairs simulation in which students develop policy options in a dynamic international crisis scenario that has a strong cyber element. Faculty Fellow Dr. Eric Novotny leads the AU student teams.

NetGov Policy Research Impact Panel at #TPRC46

NetGov Lab faculty and doctoral students presented “Internet Governance Policy Research Impacts: Mapping, Methods and Messages” at the 46th Research Conference on Communications, Information, and Internet Policy (#TPRC46) hosted by American University's Washington College of Law (WCL) on September 22, 2018 from 2:00pm-3:30pm. Faculty Fellow Professor Fernando Laguarda serves as Chair of the TPRC Board. Under his leadership, #TPRC46 welcomed over 300 participants from across the country and around the world representing industry, academia, government, and civil society.

Dr. Laura DeNardis Speaks at Yale School of Management Corporate Governance Program

AU Internet Governance Lab Faculty Director Dr. Laura DeNardis presented on cybersecurity and corporate governance during her session “The Internet of Things: Cyber Flashpoints in the Information Age” to high-level Board of Director executives from Latin America at the Yale School of Management’s Corporate Governance Program on Thursday, September 13, 2018.

Lab Faculty Co-Teach "Cyber Flash Points" Seminar on Global Cyber Governance

Internet Governance Lab Director Dr. Laura DeNardis, AU School of Communication Professor, and Faculty Fellow Jennifer Daskal, Associate Professor of Law at AU Washington College of Law, are co-teaching the COMM-696/LAW-795CY weekly seminar "Cyber Flash Points" this semester, which examines the growing body of interdisciplinary literature and theory around global cyber governance. Each class opens with a 15-minute flash talk explaining how the technical architecture of the Internet works.

Faculty Fellow Dr. Nathalie Japkowicz Co-Edits IEEE Special Issue on Data Mining for Cybersecurity

The IEEE Special Issue on Data Mining for Cybersecurity (IEEE Intelligent Systems, Vol. 33, Issue No. 02, March/April 2018) co-edited by Internet Governance Lab Faculty Fellow Dr. Nathalie Japkowicz has now been published. Dr. Japkowicz, Professor in the Department of Computer Science at American University, co-edited the volume with Dr. Yuval Elovici, Professor in Software and Information Systems Engineering and Director of the Deutsche Telekom Laboratories at Ben-Gurion University in Israel.