Updates - From the Office of the NYIT President
Sep 15 2010
Welcoming Remarks, NYIT Cyber Security Conference

Good morning. It's a pleasure to welcome you to NYIT. As you know, this is an important, maybe too exciting time in cyber security. I'm glad you are joining us.

Perhaps some of your ideas that will emerge today will help us defend New York Institute of Technology's servers from cyber-attack. Penetrating Microsoft's firewalls may be an Olympian event, but to a clever NYIT undergraduate or graduate student, our databases are a worthy target, student disciplinary policy or not. And I confess we have succumbed to a couple of attacks. After all, the NYPD tells us that a majority of crimes are committed by residents to residents in their own neighborhood.  And let me tell you, it is not the highlight of a university's president's semester to get a call that classified materials from the university are all over the Internet.  Been there, done that.

Ah, the Internet, the communications tool that now affects almost every aspect of our lives -- from entertainment to banking, health, education, and everything in between. Of course, it has brought us e-mail, Google, YouTube, Facebook, Skype, and Twitter -- little wonders that have altered our daily routines. And the Internet is also the world's marketplace. It handles $10 trillion in financial deals every year. Add Wi-Fi technology, and voilà, an Internet being accessed by smaller and smaller mobile, handheld devices as the global control system for many nations. America's electrical grid depends on it, for instance.

You don't even have to hack into computers today to steal ideas, information, or intellectual property. Thanks to Wi-Fi and the Internet, someone may be blogging right now in the back of this auditorium sharing some unkind remarks at my expense instantaneously with the world, or later your defense ideas so the offense can anticipate your game plan.

The Internet nourishes our economy like the bloodstream does our bodies. And like the blood stream, it brings in invaders, viruses that can alter coding and issue false commands. We humans have an immune system to stamp them out -- and the Internet needs robust one, too. The need grows keener every day. The computer security industry earns $80 billion every year, yet we are getting less and less secure. It's obviously not your fault. The criminals have gotten better organized.

So much of this new battleground is just counterintuitive. Today the good guys are Black Hats -- capital letters -- and the struggles take place microscopically, electronically. Invaders seem to wear invisibility cloaks. And the intruders, the logic bombs and botnets, are hard to find and root out. Some may be etched into the chips themselves. In other words, I can't know everything that's in my computer -- or this university's. George Orwell was wrong. Big Brother isn't watching us. But some guys in the back of the room or in the backwaters of some country around the world might be.

And then there is the vanishing-footprints problem. When the Japanese disabled the Pacific Fleet at Pearl Harbor, America knew who had done it. But if they had disabled it electronically, most likely not. The denial-of-service attack on the nation of Georgia, for instance, allegedly was Russian, but it came from a computer in Brooklyn. So the trail goes cold.

In fact, cyber crime makes the term "stealth bomber" seem obsolete. The plane is a big chunk of metal and it takes time to travel. And it can crash. Cyber weapons are unseen and move at light speed -- and can make me crash. Stealth bombers are machines. The real stealth bombers today are ghosts in the machine.

We've moved beyond the realm that the public easily understands -- and into one that at times no one understands. To use a recent lesson about the economy, we've gone from Adam Smith's tiny village to the Wall Street of derivatives, where cause-and-effect gets tricky and comprehension itself becomes a challenge. That's a danger in itself.

Or to put it another way:
How many cyber terrorists does it take to change a light bulb?
Answer: We don't know, and that's part of the problem.

One thing we do here at NYIT is develop intellectual property. We do it ourselves and we teach our students to do it. I stress that the P in IP is not an ornament. IP only has value as property. So we need to keep invisible hands from grabbing it. Obviously, if I can easily steal your hard-won R&D, you may close your R&D department. Why bother? You spend all that time and effort, I sit back and relax, perhaps travel, play some online games, and we both get the reward.

This issue affects nations as well. For example, the U.S. is no doubt innovative and inventive. It's led the world in IP for a long time. It's spent billions developing intellectual property as one of America's biggest competitive assets.  But cyber theft could vaporize that edge. It could deliver the national IP almost for free to any country that might have advantages like inexpensive labor that America does not. Who knows in what criminal hands the specs to the new F-35 fighter jet now reside.

Forgive me for saying what many in this room know all too well and think about better than me.  But look at it this way, it's job security for everyone here.

Of course, we all also face the possibility of cyber terrorism. Today is Sept. 15. Just a few days ago, thoughts of 9/11 filled many of the minds in this city and beyond…and still do.

The Internet is the spinal cord of 21st-century progress. So all an invader has to do is scramble the connections -- by hacking into the Domain Name System or the Border Gateway Patrol. A disgruntled hacker with nose rings sitting in a Moscow cafe can paralyze a nation.   A real BadB or fictional Girl with a Dragon Tattoo can deplete your bank account in a split second!

Sometimes, I think back fondly to the ancient Greeks. Back in Plato's day, logic was a wonder. It was the route to truth. And today it has indeed enabled the wonders of computer networks and the Internet. But it's also a threatening explosive. Logic bombs may be sitting quietly in our electric grid, waiting to explode. We have Conficker, that mysterious botnet ready to do who-knows-what.

We can all actually see this sword hanging over our head. And we know it could bring down the grid, shut down the ATMs, stop the trains, paralyze Wall Street, steal patient personal information, a citizen's identity, and hamstring military forces - basically, put governments and citizens on their backs for weeks.

We also face a truly eerie spectacle: Developed nations are vulnerable to less-developed nations. Sometimes.  I try to imagine the ancient Gauls, working from a fire-lit camp near the English Channel, bringing Roman civilization to its knees. Actually, I can't visualize it. It took them weeks even to communicate with Rome. And as recently as the death of Queen Victoria, it took the news a year to reach parts of Scotland.

Today it's different. North Korea -- a country that it is acceptable to say bad things about - could humble Western nations in cyber combat, because we depend on the Internet and it doesn't. If I ride horses so often I've forgotten how to walk, and you shoot my horse, well -- I've got a tiny problem.

So now, for the first time in history, low-tech is a battlefield advantage. And of course we're all ecstatic about that here at New York Institute of you-know-what.

What can we do? Today, you'll address that matter from many angles. There is a cascade of further questions, and here are just a few.

What kind of regulation do we need? In his book Cyber War, Richard Clarke calls for three above all: regulating Tier 1 ISPs, safeguarding the grid, and putting a better cyber-moat around the Department of Defense. He mentions many other specific strategies and indeed this would just be a beginning.

Is it enough? Do we need a new Internet? The New York Times recently posed this question, saying that more and more experts like you think we need to start over. We created the Internet as a pleasure boat and now the pirates are here. But what would a new Internet look like? Who would craft it?

Stanford has its Clean Slate Project aimed at allowing a new Internet to emerge directly from within the current one. Can it work?

Howard Schmidt, the White House cyber czar, advocates a trusted identity system for the Web. Can that work?

The public remains pretty oblivious to your hard work, and people need to understand what you do better. Cyber crime thrives on secrecy and darkness. It's happy down in the basement. Expose it, talk about it, teach it in the classroom, build defenses, punish it harshly, and we can reduce it.

Let's see what progress we can make today while still having a good time.

Once again, welcome to NYIT.