Cybersecurity experts discuss the perfect storm — a convergence of Internet of Things, Cloud, and Security
8th Annual Sloan Cyber Lecture
With the increasing adoption of the Internet of Things (IoT), concerns are growing about security, particularly hardware security, which is an integral part of the IoT framework. Security threats permeated the discussion at the eighth installment of NYU Tandon School of Engineering’s Sloan Lecture Series on April 25, which brought together world-class academics and industry practitioners to discuss advances, risks, and solutions in cybersecurity.
Sloan Cyber Lecture Series #8 - Convergence of IOT, Cloud, Security: A Perfect Storm
Paula J. Olsiewski, the Program Director at the Alfred P. Sloan Foundation, highlighted the foundation’s role in the cybersecurity arena in her welcome remarks. She also spoke to diversity in STEM and encouraged organizations and institutions to champion their diversity initiatives.
The keynote speaker Walden C. Rhines, CEO of Mentor Graphics, shed light on the growing threat to silicon security and its relationship with the Internet of Things. Rhines projected the relative impact of hardware hacking in the IoT at almost 100 billion systems, which easily overshadows the impact of common attacks that affect users, applications and even operating systems. It also transcends industries, affecting everything from banking, healthcare, and national defense.
Rhines also recognized the challenge for the chip industry today to design secure chips and safeguard the global, modular value chain of the chip design process. Discussing the emerging methods to secure silicon, Rhines listed:
- Chip camouflaging techniques that are difficult to reverse engineer
- Securing the value chain by designing chips with a fingerprint, in essence, that can only be activated during assembly
- Embedding an extra processor in the chip, the sole function of which is to monitor its operation and identify unusual activity.
Rhines felt that not enough manufacturers and consumers take silicon security seriously. He predicted that it would take a well-publicized incident that causes financial harm, for the industry to invest in hardware security. His prescient lecture rang true with this past weekend’s ransomware attack, which crippled thousands of computers running Microsoft Windows and disrupted operating systems and cloud computing at businesses, hospitals, and schools around the globe.
Rhines believes the tussle between client demands for security and the industry’s inability to effectively eliminate risk will result in future silicon suppliers and designers eventually adopting better practices to secure silicon.
After his lecture, Rhines was joined in discussion by distinguished panelists Brian Cohen, a Research Staff Member in the IT and Systems Division at the Institute for Defense Analyses (IDA), Mark M. Tehranipoor, the co-director of Florida Institute for Cybersecurity Research at the University of Florida, and Michael Fritze, a Senior Fellow at the Potomac Institute for Policy Studies. Moderated by Professor Ramesh Karri of Electrical and Computer Engineering at NYU Tandon, the panel discussion spanned a range of topics, including open-source software and hardware and their place in the IoT ecosystem, design companies’ support of internet protocol (IP) encryption, consumer confidence about built-in security and cyber security regulations versus standardization.
Open-source software and hardware is a major topic of discussion in the tech industry. Rhines added that open source always carries a risk of vulnerability, hence some organizations forbid the usage of open-source software or hardware altogether, while others like Mentor Graphics, use it sparingly and closely monitor it. Cohen also pointed out the necessity and opportunity for research into hardware assurance. “There are a lot of tools out there that do software assurance that will test your open source code for common vulnerabilities. Right now we don’t have that on the chip side. That’s an opportunity for hardware and an area ripe for research,” Cohen said.
All the panelists concurred that as cyberattacks become more sophisticated and the Internet of Things evolves, hardware security will be an emerging area of interest and research for all cybersecurity professionals in minimizing risks to IoT devices.
Watch the full lecture:
Learn about our Master's Programs in:
NYU School of Professional Studies
Master of Science in Public Relations and Corporate Communications
Class of 2017