Tuesday, December 11, 2012

A Student's Account of the Cyber Security Symposium

[Moderator's Note: While students at UNC Charlotte are often exposed to research in the classroom and in the labs of their faculty, one of the most important research opportunities a university can offer its students is when academic conferences come to campus. Students get a chance to rub shoulders with researchers from all across the country and hear the inside stories regarding what is current in the field. Here's a report from Joseph Kaemmerlen, a senior in the College of Computing and Informatics, drawn from his experiences at the Cyber Security Symposium, held by the college at UNC Charlotte last October.]

How do you combat the ever-increasing global threats surrounding cyber crime?

UNC Charlotte’s College of Computing and Informatics hosted its 13th annual Cyber Security Symposium back in October and I’m still utilizing the ideas I learned from the Symposium to further my studies in software and information systems. If online information security, cyber confidentiality, and availability of data interests you, then you’ve stumbled upon the coolest blog entry.

The Security Symposium addressed several interesting topics including the future of information security. Expert guest speakers from all over the country discussed the latest issues around the web including privacy, identity, and confidentiality. In computer academia we call this CIA (Confidentiality, Integrity, and Availability of data).

But if you are just interested in how to keep your personal information safe online and keep your confidential documents private, the symposium could have taught you a thing or two. For starters, the ideas from the symposium have substantially influenced my internet habits and extra ways I go about ensuring my online privacy. I change my password quite frequently, I log out every time I log in on a computer at UNC Charlotte, and I am extra careful about responding with personal information via email. My rule of thumb is if it is something personal like a social security number, Personal Identification number, or other personal code I restrain from transmitting it online.

Wells Fargo, Bank of America, TIAA-Cref, BB&T, White Hat, Fortalice, Zeichner Risk Analytics, Chris Swecker Enterprises, IBM, Ara, Symantec, TASC, and Guidance Software all had chief security officers in attendance.The professionals from these organizations all discussed the emerging security risks in information technology and communication.

Due to the advancements in technology, consumers need to understand the importance of "security mechanisms," which are policies governed by the three precepts of CIA to protect data. We learned that educating customers is vital to minimizing security threats. Socially engineered attacks are still the biggest threat. These threats come mostly in the form of individuals disguising their identity and misleading victims into giving out their confidential information. Customers can minimize these types of threats by knowing policies implemented by the companies and not allowing access to confidential information via the internet. My advice is treat your password like it’s a silver-age mint condition comic book.

Also at the symposium, I heard Ehab S. Al-Shaer, UNC Charlotte professor and the Director of the Cyber Defense and Network Assurability (DNA) Center housed in the School of Computing and Informatics introduce research opportunities and NSF funding available for various interests regarding Cyber Security.

Dr. Al-Shaer introduced the symposium stating that 80% of network vulnerabilities in the Air Force were due to inappropriate or incorrect configurations. This was staggering because it is the responsibility of the IT professional to properly secure the network.

This also points to the need for properly trained security professionals. I recall several appalling security breaches in several other government or military agencies when national security is at stake. For example I’ve felt insecure since knowing South Carolina’s tax return database was hacked allowing tens of thousands of people to become potential victims of identity theft.

Have you ever wondered why your internet connection is slow? Network congestion behind the scenes is caused by a problem that needs to be fixed by the IT professional. Network downtime is a costly problem that could be prevented but has to be addressed.

Surprisingly, human error is still responsible for a significant portion of security breaches. The philosophy of the CCAA is predominately manual management practices and their main objectives are: 1.) enterprise networking
2.) cloud and data centers
3.) critical and cyber-physical infrastructure
4.) Smart mobile devices
5.) ubiquitous systems
6.) software defined networks

A panel on "The Future of Enterprise Security and Privacy" particularly interested me. Bei-Tseng (Bill) Chu, Professor and Chairman Department of Software and Information Systems, gave a brief introduction of each of the panelists and talked about the future of enterprise cyber security. This is something on every company's mind and in government too -- Mayor Fox declared October cyber security awareness month in Charlotte. Panelists each talked in turn about various issues including cloud computing, mobility, data sharing, and identity, privacy in the new generation, abundance of new malware, legal cases, and education.

One of the key ideas which was demonstrated by the actual panel was data sharing among the financial companies. The idea was the hackers were quite willing to share attacks and expose vulnerabilities amongst themselves so the financial sector also needed to do the same to better combat attacks.

The goal would be to share results to prevent the same attack from hitting the next company and to drive up costs of the hackers. Identity was brought up as something to be managed as an industry and treated as an eco-structure. The current generation of young adults are growing up with much of their private information available on the internet and they need to still learn to be cautious about wht they share online. This symposium along with my studies have really opened my eyes. Often times we are introduced to new technology but the laws aren’t always there yet to protect the users.

But, it is also important to remember the primary threat still comes from insider threats and those who know the ins and outs of the systems they are sworn to protect. The legal aspects were also interesting. Banks are being sued over identity theft although the panelists stated that most cases showed the account holder was responsible for giving away account information. They did not discuss the implications of  compromised databases that hold account information. Information security still has lots of work to do in education both employees and clientele. The companies need to understand that they have a responsibility to customers who aren’t as educated in technology as they are and the customers need to understand the ins and outs of the online users responsibilities before relinquishing any of their personal information.

Overall, the symposium was impressive. I would have liked to have attended all day if I had the time in my schedule. The ideas shared were meaningful and made me think about concentrating on a Masters Degree in Information Security and Privacy. The most significant piece of information was the financial panelists all stated that finding information security people to hire was difficult. This was great news for me and great news for future computer majors. If you’re not a computer major and any part of this interested you, maybe you should come talk to the department about adding a minor or declaring a computer major.

No comments:

Post a Comment