CfIA Successfully concludes 10th Annual Cyber Security Summit
The Center for Information Assurance (CfIA) successfully hosted its 10th annual Cybersecurity Summit on October 12, 2017 at the FedEx Institute of Technology on the University of Memphis campus. Dr. Dipankar Dasgupta and Dr. Judith Simon, Co-Directors and Dr. Kan Yang, the Associate Director of the Center, were involved in hosting of this year's summit and welcomed professionals from multiple areas in the Cybersecurity industry and students.
The Summit started with a presentation from Thomas Davis, who is the Director of Information Security, Compliance and Risk at ServiceMaster. He emphasized the importance of having security built in from the start of any project. Both servers and code age poorly, so frequent testing becomes more important as time passes. Davis concluded his presentation with a discussion of tools that both organizations and average users can utilize to help find compromises in their systems.
The next presenter was the CfIA's own Co-Director, Dr. Judy Simon who has been associated with the center since its formation in 2004. Recently, Dr. Simon received the high honor of being selected as a member of the National CyberWatch Center's Curriculum Standards Panel (NCC-CSP). According to Dr. Simon, this panel will identify the learning objectives, concepts, procedures, situational judgments and intellectual abilities needed to develop capability and maturity in cybersecurity foundation principles and protocols. There are two different models for education: Outcome-Based and Competency-Based. Outcome-Based education focuses on the results, while Competency-Based focuses on a student's rate of improvement. The panel has determined that the Outcome-Based method is a better fit for this wide-ranging curriculum proposal. After determining which of these two educational models is most effective, this panel hopes to develop a new model so that they can provide continuing education for IT professionals and develop/provide 2 and 4-year programs.
After a networking break, the attendees then listened to a presentation from Bob Sydow, who is the Principal and Americas Cybersecurity Leader of Ernst & Young in Cincinnati, Ohio. After graduating from the University of Memphis in 1981, he has since become a leader in the Americas division of the global company Ernst & Young, which includes over 2000 people in North and South America. Sydow's presentation focused on Cyber Economics, which is a data-driven experience that looks at the open source data that is available in addition to risk analysis to understand the economic impact of cyber threats. With Cyber Economics, it is important to understand how, who and why someone is targeting you. Understanding these three items will help a business understand how to better implement additional controls and where to target their spending. At the end of his presentation, he stressed the importance of training more individuals in analytics and information, since the future of cybersecurity cannot be sustained with just coders and programmers.
Pictured (l-r): Bob Sydow, Dr. Judith Simon
After lunch, Steve Crocker, the Director of Information Security & Information Security Officer at Methodist LeBonheur Healthcare, gave a presentation on the current state of cybersecurity in the Healthcare field. Prior to working with Methodist LeBonheur Healthcare, Crocker was the CIO for Magna Bank for 14 years. During his presentation, Crocker emphasized the importance of healthcare industries doing more to improve their security. Weak security, combined with the value of the data that is stored in healthcare establishments, makes this field a relatively large target for cyber criminals. Crocker stated that he believed that a combination of the focus on compliance (as opposed to risk) and the lack of quick action with regard to government regulation led to the current state of cybersecurity in the healthcare field. To improve cybersecurity, he emphasized the importance of changing the process for mitigating cyber attacks, documenting everything, updating systems, and segmenting the network. He concluded his presentation with a prediction that healthcare will continue to be a massive target, but that he believed that it was possible for the field to eventually be a leader in cybersecurity innovation.
The next speaker was Ron Cundiff, who is a manager at Vanick, a software development and integration solutions company. Cundiff has 23 years of experience in IT and has worked in multiple positions. In his presentation, Cundiff focused on the importance of increasing security awareness. During a cyber attack, people can be considered the weakest link. 81% of breaches are due to stolen and/or weak passwords, and 1 in 14 people fall victim to phishing attacks. These statistics, combined with the fact that attackers are becoming more advanced, are reasons why it is important for people to become more aware. Towards the end of his presentation, Cundiff suggested the following tips for staying safe online: identify potential weaknesses (like weak passwords), perform routine risk assessments and reinforce best practices amongst yourself and fellow employees.
The summit's last speaker was Dr. Gerry Dozier, who is both a professor and the Director of the ID Research Lab at Auburn University. His presentation focused on Identity Science, which is the understanding of the dynamic nature of the 'self' interacting with the environment. As Dr. Dozier said, "Since you leave behind digital exhaust when you go online, it is possible for someone else to track the information that is left behind with the proper tools." In particular, Dr. Dozier expressed his interest in reducing the number of de-anonymization attacks, which can uncover a machine's personal writing style. While not a perfect solution, he has discovered that utilizing Iterative Language Translations helps mitigate de-anonymization attacks, albeit while leaving behind digital fingerprints. Some Iterative Language Translations include Adversarial Stylometry, which has a 9-feature set, and Adversarial Authorship, which has a table with a set of actions and a cluster of writing styles. In addition to using Iterative Language Translations, he also utilizes a tool that will morph text well enough to fool Identification Systems.
The afternoon highlight was the traditional panel discussion, with this year's topic focusing on cybersecurity in the healthcare industry. Prof. Dasgupta moderated the panel focusing on the latest cybersecurity issues and how these are impacting the healthcare industry and how to avoid cyber incidents. The panelists, who each had a wide range of expertise in healthcare, IT security, and public health, participated in discussion. The panelists pictured below are: Lynette Larkin and (St. Jude Children's Hospital), Steve Crocker (Methodist Le Bonheur Healthcare), Dr. Soumitra Bhuyan (University of Memphis), and Brian Elrod (St. Jude Children's Hospital). The discussion covered recent cybersecurity incidents in the news, hardware vulnerabilities, FDA regulations and more. The panelists concluded the discussion by providing potential solutions to the lack of cybersecurity in the healthcare field. There was a particular emphasis on individuals and organizations learning from past mistakes and looking for trends to prevent future mistakes. It was particularly apparent to the panelists that healthcare providers needed to learn how to not only protect patient data, but all data. After the panel ended, Dr. Dasgupta and Dr. Simon concluded the Summit with a farewell address.
Pictured (l-r): Lynette Larkin, Steve Crocker, Dr. Dipankar Dasgupta, Dr. Soumitra Bhuyan, Brian Elrod
The event was a great success, and received many positive comments from attendees and speakers. Below are just a few of the comments that we received from attendees:
I want to commend and thank both of you, and your technical team, for a well-organized Cyber Security Summit. I thoroughly enjoyed it. It was a day well spent.
It was a pleasure. I had a great time doing it. I respect what the University is doing and I will support you in any way that I can.
Thanks again for the opportunity to speak at the Cyber Security Summit. I really appreciate having the chance to engage with the community in order to improve the state of cyber security overall. Keep me in mind for future events, as I'd love to help in any way possible.
I enjoyed the cybersecurity panel last Thursday and I hope the symposium was a successful one Again, thank you for the invitation.