The Politics and Policy of Necessity: Mega-Hacks and the Future of US Cybersecurity -- June 9, 2021
The US Department of the Treasury, GEICO, Parler, Microsoft, Krogers, Experian, Colonial Pipeline, Facebook, Instagram, LinkedIn, Solar Winds and California’s Department of Motor Vehicles. Less than half-way through 2021, all (and many more) already have fallen victim to sophisticated cybersecurity attacks –– assaults that not only exposed millions of Americans’ personal data, but threaten critical national infrastructure and national security.
On May 12, President Biden issued a sweeping Executive Order that seeks to better address current cybersecurity vulnerabilities within the US Government and to strengthen its ability to assist private sector cyber-victims in the future. But the problems are technically complex, the “attack surface” enormous, and the solutions potentially at odds with privacy and perhaps even the Constitution.
So, what’s a techno-democracy in the crosshairs of criminal gangs and hostile governments to do? View the June 9, 2021 USTPC HotTopics webinar: "The Politics and Policy of Necessity: Mega-Hacks and the Future of US Cybersecurity." Registration was free.
Former USTPC Chair and renowned cybersecurity expert Gene Spafford will moderate a panel of cyber-stars who’ll break down just what the challenges we face are, how multiple arms of the government including Congress could respond, and why successfully detecting, defanging and managing the risks of cyber-threats will be as tough as they are critical to achieve.
Panelist Bios
Eugene H. Spafford (Moderator) is one of the most senior academics in the field of cybersecurity. During his 43 years in computing—including 34 years as a faculty member at Purdue University -- “Spaf” has worked on issues in privacy, public policy, law enforcement, software engineering, education, social networks, operating systems, and cyber security. He has been involved in the development of fundamental technologies in intrusion detection, incident response, firewalls, integrity management, and forensic investigation. His interests range over these and many other areas, and this has been one of the factors behind his leadership of CERIAS, the Center for Education and Research in Information Assurance and Security, where he is the Executive Director Emeritus. Dr. Spafford is a Fellow of the American Academy of Arts and Sciences (AAA&S), the Association for the Advancement of Science (AAAS), the ACM, the IEEE, and the (ISC)2; a Distinguished Fellow of the ISSA; and a member of the Cyber Security Hall of Fame -- the only person to ever hold all these distinctions. Among many other activities, he is chair of ACM Publications Ethics & Plagiarism Committee and is editor-in-chief of the journal Computers & Security. More details at http://spaf.cerias.purdue.edu/narrate.html
Steven M. Bellovin is the Percy K. and Vida L. W. Hudson Professor of Computer Science at Columbia University, member of the Cybersecurity and Privacy Center of the university's Data Science Institute, and an affiliate faculty member at Columbia Law School. Bellovin does research on security and privacy and on related public policy issues. He also is interested in the history of cryptography. Bellovin joined Columbia’s faculty in 2005 after many years at Bell Labs and AT&T Labs Research, where he was an AT&T Fellow. He received a BA degree from Columbia University, and an MS and PhD in Computer Science from the University of North Carolina at Chapel Hill. While a graduate student, he helped create Netnews, for which he and others were given the 1995 Usenix Lifetime Achievement Award (The Flame). He has also received the 2007 NIST/NSA National Computer Systems Security Award and has been elected to the Cybersecurity Hall of Fame. Bellovin has served as Chief Technologist of the Federal Trade Commission and as the Technology Scholar at the Privacy and Civil Liberties Oversight Board. He is a member of the National Academy of Engineering and has served on the Computer Science and Telecommunications Board of the National Academies of Sciences, Engineering, and Medicine. In the past, he has been a member of the Department of Homeland Security's Science and Technology Advisory Committee, and the Technical Guidelines Development Committee of the Election Assistance Commission. Bellovin is the author of Thinking Security and the co-author of Firewalls and Internet Security: Repelling the Wily Hacker, and holds a number of patents on cryptographic and network protocols. He has served on many National Research Council study committees and was a member of the information technology subcommittee of an NRC study group on science versus terrorism. He served on the Internet Architecture Board from 1996-2002 and was co-director of the Security Area of the IETF from 2002 through 2004. More details at http://www.cs.columbia.edu/~smb/informal-bio.html.
Edward W. Felten is the Robert E. Kahn Professor of Computer Science and Public Affairs at Princeton University, and the founding Director of Princeton's Center for Information Technology Policy. He is a member of the United States Privacy and Civil Liberties Oversight Board. In 2015-2017 he served in the White House as Deputy U.S. Chief Technology Officer and, in 2011-12, as the first Chief Technologist at the U.S. Federal Trade Commission. His research interests include computer security and privacy, and technology law and policy. He has published more than 150 papers in the research literature, and three books. He is a member of the National Academy of Engineering and the American Academy of Arts and Sciences, and is a Fellow of the ACM. He also is a Past Chair of ACM’s U.S. Technology Policy Council (now USTPC). More details at: https://www.cs.princeton.edu/~felten/FeltenCV.pdf
Rebecca Herold is the founder and CEO of The Privacy Professor consultancy and CEO of Privacy & Security Brainiacs. She has over 25 years of systems engineering, information security, privacy & compliance experience. Rebecca has authored 20 books, and written dozens of book chapters and hundreds of articles. Earlier in her career, Rebecca designed and built Principal Financial Group’s first information security and privacy program, and the first documented anti-malware corporate program in 1992. She has received numerous awards, including being named: in two categories of Onalytica's 2021 Who’s Who in Risk Management, as a top 3 Cybersecurity & Privacy Woman Law Professional of 2020; and as a top female fighting cybercrime in 2019. Rebecca’s radio show/podcast, “Data Security and Privacy with the Privacy Professor,” airs on Voice of America. Rebecca also serves as an expert witness for diverse cases and is a subject matter expert (SME) on the NIST Cybersecurity for IoT Program team. Previously, she was an SME with the NIST Privacy Framework team and led the NIST Smart Grid privacy team for 8 years. Rebecca was Adjunct Professor for the Norwich University MSISA program for 9 years. She has earned 10 professional certifications (FIP, CDPSE, CISSP, CIPP/US, CIPT, CIPM, CISM, CISA, FLMI, Ponemon Institute Fellow). Rebecca holds Master’s and Bachelor’s degrees in Computer Science, Mathematics and Education. More details at: www.privacyguidance.com/documents/Rebecca_Herold_Long_Bio_March_2020.pdf
Mark Rasch has more than 30 years of experience in cybersecurity and data privacy, including within the US Department of Justice, where he created the DOJ Computer Crime Unit and Cyber-Forensics practice and prosecuted many early hacker cases. Currently of counsel to the law firm of Kohrman, Jackson, Krantz, Mark’s experience includes advising Fortune 100 companies on international cybersecurity and privacy compliance issues, data breach management, cloud security, The Internet of things (IoT) and AI and machine learning. Additionally, he is regularly called upon to help entities in the financial services, healthcare, entertainment, retail and manufacturing sectors. Mark has distinguished himself as a thought leader in the cybersecurity and data privacy space, having authored more than 1,200 articles and books on the topic. He is a frequent commentator in the media, providing insight on internet-related issues to outlets including CNN, NBC, BBC, Fox News, CBC, ABC, the Wall Street Journal, the New York Times and more. Mark has also developed and taught courses in law, cybersecurity, cyber-forensics, digital investigation, data compliance, incident response, privacy and media law at various academic institutions across the country, including Harvard Law School, George Washington University law school and school of engineering, University of Maryland, Massachusetts Institute of Technology, American University law school and school of public policy, Georgetown University, James Madison University, Stanford University and George Mason University. More details at: https://kjk.com/professionals/mark-rasch/
Background
The Cybersecurity 202: The meat industry is the latest to be thrown into chaos by ransomware (Washington Post, June 2, 2021)
The SolarWinds hackers aren’t back—they never went away (Ars Technica, May 28, 2021)
Microsoft says group behind SolarWinds hack now targeting government agencies, NGOs (Reuters, May 28, 2021)
Hackers Kept Busy During Covid Stealing 774 Million Records in Major Breaches (Bloomberg, May 18, 2021)
OPINION: Pipeline attack was a warning: Stop cyber threats, or suffer a disaster (The Hill, May 18, 2021)
Colonial hack: How did cyber-attackers shut off pipeline? (BBC, 10 May 2021)
National Institute of Standards and Technology -- Cybersecurity