Sep 15 2011
Good morning. It’s a pleasure to welcome you to NYIT and to this year’s cyber security conference. In the next few hours, I trust you will be frightened – and enlightened – on a topic that has become top-of-the-mind for many people…those paying bills online at 2 a.m.…our national security forces and leaders, and even university presidents, especially at a global university such as this one that runs 24/7, has students from 44 states and 109 countries enrolled, and boasts education sites, faculty, staff, students, and campuses abroad.
Breaches at U.S. institutions of higher education over last six years, released—according to one report—8.5 million records into public cyberspace. I confess some years ago a microscopic percentage of those records came from NYIT. Got my attention.
At NYIT our systems are constantly attacked. During a typical ten-day period at the end of this summer, our computer system recorded 15 million distinct log entries in our firewall. Yes, fifteen million attempts to breach our security, in ten days.
They apparently came from all over the world. Most were automated—what we call “Zombie nets”—networks of virus-infected computers owned by unsuspecting people. Under the control of gangs of hackers, those computers were trying to pry into our network. NYIT has a great reputation in the real world, and in the cyber world, so anyone sending out thousands of spam messages or selling products would delight in doing it by pirating our well-regarded domain name or IP address. Our IT people like to say that an email coming from NYIT is a lot less suspect than one coming from an Internet café on a dusty road somewhere.
Just a few years ago, we were more concerned with an individual sitting around trying to hack into our system, and looking for some particular information. Today that seems so quaint, almost charmingly old-fashioned. Now we need to talk about bot detection, virtualization, and layered approaches that defend systems, manage data, and educate users.
I, along with my counterparts across the country, know that our institutions have a vast, valuable collection of information that hackers covet. We have thousands of new users in our network each year, and we’re working hard to make much of our infrastructure accessible online. We have student files and human resources records and other bits of information from alumni, parents, and employees. Until recently, we kept credit card information online, but we wisely stopped that.
And don’t forget intellectual property. We all develop intellectual property at NYIT, and we teach our students to create it. We take pride in that creation and ownership, and yet we’re constantly balancing that with the desire to collaborate and the need to safeguard valuable work.
When Google, Intel, Sony, The Wall Street Journal, the CIA, the Pentagon get hacked we read about it on the front pages of our Internet-connected devises and later in headlines in hard print in what were once known as newspapers. In part that’s because it is news: Cyber criminals and hackers have the capacity to wreak social, political, security, and economic disaster. Cyber attacks and data breaches in the first six months of this year cost U.S. companies approximately $96 billion, according to the Ponemon Institute.
It seems like every day we hear about another threat, another breach, another “anonymous,” “dark tangent,” or “cy-fi” hacking into government, banking, media, and business networks.
One of those hackers was 10 years old.
The field of cyber security was barely in existence when that child was born. Yet we know information technology and network security is now one of the most important areas in almost any business. Certainly, our national security officials are focused on it.
Our nation’s new security strategy uses network-disrupting tactics to deter terrorists. We have a cadre of specialists who find and stop these virtual criminal networks and out-think terrorists. Meanwhile, President Obama has identified cyber security as one of America’s most serious economic and national security challenges, and one that we as a government or as a country are not fully prepared to counter.
We are making strides, though. Just a few weeks ago, the administration created a roadmap for cyber defense through the National Initiative for Cyber Security Education, known as NICE. And, in fact, right here in the NYIT Auditorium on Broadway, we are fulfilling its first goal—to raise awareness about the risks of online activities. Not only are we bringing experts together to identify issues, find solutions, and offer insights on policy, but we are also informing others through reports online and in the media as well as through videos we will post on the web. And no doubt some of you in the audience are blogging as I speak.
Recall the scene at one of the largest conferences for hackers. Just last month, thousands of cyberpunks gathered in Las Vegas at the convention known as DefCon. Teams hunched over laptops to steal files from each other in a game called “Capture the Flag.” Each time a weak spot was attacked, a team gained a flag. In another room, groups played “Crack Me if You Can,” competing to crack as many passwords as possible in 48 hours.
For years, government agents circled around DefCon to spot upcoming threats. But this year, tables and brochures were rolled out for job recruitment. What a world. According to some, the future of cyber security looks mohawked and tattooed, and so we weren’t surprised at our conference last year to hear a couple of references to Lisbeth Salander in The Girl with the Dragon Tattoo.
With the rise of threats come enormous opportunities. Importantly, another NICE goal is to broaden the pool of skilled workers capable of supporting a cyber-secure nation. White House Defense Department officials say they are seeking more than $3.2 billion in cyber security funding in 2012. Wait till the check clears. Other industries especially in need of workers are financial institutions, utilities, and the energy sector. They need experts to diagnose and treat the problems—working with anti-virus, mobile code analysis, and reverse engineering. They’re also needed for preventive research such as investigating vulnerabilities and finding security holes.
Since NYIT is not running an underground hacker community, this fall we’ve introduced a program in network security for our computer science majors. They will graduate with a specialty in this field and a knack for identifying and preparing for risks. That’s in addition to our unique master’s degree in Internet Security.
As you will see today, we also continue to attract faculty with expertise in malicious attacks, biometrics, keyboard typing patterns, and in intrusion detection, mobile ad-hoc networks, swarm intelligence, and cryptography. There’s a reason the “T” in our last name is technology. With our faculty and students prepared, we are working to improve everyone’s immunity in cyberspace. That includes NYIT’s own.
Today, our experts will address cyber security from many angles—cloud computing, social networks, and mobile security, as well as emerging technologies and R&D initiatives.
Cyber security is a challenge to all of us, and so I leave you with a challenge: David Ignatius, a Washington Post columnist (who writes thrillers on the side), recently wrote that cyber security launches thousands of seminars and strategy papers without a lot of results. Let’s see what progress we can make here today as we start by informing the public, teaching our students about this growing threat to our individual and national security, and coming up with solutions that keep ahead of the encroaching dark tangents.