Center for Cybersecurity Lecture Series
Conversations at the Forefront of Cybersecurity
From understanding the damage hackers might do to now-ubiquitous computerized automotive features to thwarting bad actors seeking to undermine democracy, the faculty members of NYU’s Center for Cybersecurity are providing timely insights and advice in a series of lectures moderated by Distinguished Research Professor Edward Amoroso.
Lectures with main takeaways can be viewed below.
Low Power, High Security
Cybersecurity, Hardware Design, and Machine Learning
Siddharth Garg (Electrical and Computer Engineering) discussed how cybersecurity concerns should influence hardware design, including support for machine learning.
The takeaways include:
- Modern AI technology, specifically deep learning, is poised to enable entirely new capabilities, autonomous driving and navigation for instance, but its reach extends far beyond engineering applications to healthcare, the physical sciences, arts and entertainment, and other fields. (5:20)
- Despite this promise, there is need to be wary. For example, at NYU we have shown that deep learning is susceptible to an entirely new class of attacks analogous to — but very different from — the bugs and viruses in conventional software. These call into question whether these technologies can be safely deployed, at least as of now, in domains involving human life. (13:50)
- In addition, a body of work shows that deep learning inherits the inherent "biases" in the large datasets on which it is trained, such as corpora of news articles that historically, and likely to this day, contain all manners of implicit and explicit gender and racial bias. (24:20)
How Secure?
Measurement of Security and Privacy
Damon McCoy (Computer Science and Engineering) spoke about the intersection between the security and privacy of technology systems and various modern societal concerns.
Among his major points:
- With mobile devices an increasingly major component of our lives, the abuse of technology in order to stalk and harass is also on the rise. (12:10)
- Automakers and many other manufactures have unwittingly become software companies, and while computerized systems have led to many efficiencies, they’ve also broadened the threat landscape. (16:00)
- Being cybersecurity researchers in New York City allows us to be fully engaged in the fabric of the community, and collaborations between NYU researchers and City agencies have been beneficial to both. (26:50)
Building Systems Resilient to Nation-State Actors
Advances in Software Security
Justin Cappos (Computer Science and Engineering) touched upon a variety of topics, including the utility of Python, the rewards of open-source development, and the joys of working and studying in Brooklyn.
He stressed:
- It is more gratifying to make a practical impact on the world through your technology than to make enormous sums of money. (One example of this philosophy in action can be found in Uptane, a framework he developed to protect software delivered over-the-air to the computerized units of automobiles, thereby thwarting attacks from malicious actors; Cappos has made all Uptane materials, including technical papers, security audits, and a public reference implementation, available for use totally free of charge.) (15:19)
- In developing security software, always keep in mind that something is likely to go wrong; design accordingly, so security is not compromised even when the inevitable occurs. (20:18)
- There are few better places to work and study than Brooklyn. You might argue that the city doesn’t literally have the very best of everything; still, you can’t deny that we do, indeed, have everything! (28:11)
Beyond the Arm of the Law?
Training Lawyers in Cybersecurity
Randy Milch, co-chair of the Center for Cybersecurity and one of the leading experts in security aspects of corporate law, discussed some of the key issues practitioners and policymakers should understand.
Among his compelling points:
- While results like identity theft get a lot of attention when breaches occur, according to a Department of Justice study, outcomes that grievous are actually relatively rare. (15:35)
- We are fortunate that core cyber posts in federal agencies like the DHS and NSA are being filled by knowledgeable, hardworking people with a wide diversity of experience. (17:47)
- It's important that engineers and lawyers study cybersecurity issues together — in programs like NYU's MS in Cybersecurity Risk & Strategy — because in the real world, they must work together to create strong systems and set effective policy. (22:30)
Games, Deception, and Cyber Security
Game Theory in Cybersecurity
On July 2, Quanyan Zhu (Electrical and Computer Engineering) shared his insights on cyber deception, autonomous defense, and cyber-physical system security.
The audience learned:
-
·Research and graduate study allow you to see beauty in unexpected places by providing you with new ways to think and perceive; that's important not only in engineering but in every facet of life since thinking leads to exciting intellectual adventures. (7:28)
-
·Game theory is useful for any student: if you don't have a clear academic path in mind, it will be useful because it has applications in almost any field you might choose. If you are set upon a specific discipline, it will provide you with new tools to solve problems in that discipline. In cybersecurity, for example, it can help you gain a deeper understanding of the long-term interactions between attacker and target, rather than just making short-term fixes and getting attacked again. (11:41)
-
Cyber insurance is markedly different from life insurance or home insurance. It is well-known how to quantify risks in those cases, because there is no "attacker" per se, as there is in cybersecurity--unless you consider nature and life expectancy to be attackers. (18:30)
Too Big to Fail
Cybersecurity Issues in Financial Services
On July 9, Joel Caminer, the Director of Cyber Security Education at NYU Tandon, discussed what he learned during his time as a CISO in the financial-services, sector, the value of lifelong learning, and the jobs landscape for cyber professionals.
He stressed:
- There’s learning to be done during every step of your journey; it doesn’t stop once you earn a degree. That said, it can be liberating to return to school as a mid-career professional, because you get to ask questions you’ve always wanted to ask but couldn’t. (15:50)
- Asking which fields are going to need security professionals the most is the wrong question; the demand is great in so many fields — from financial services to healthcare to tech firms — it’s almost easier to list who doesn’t need cybersecurity help. To solve the cybersecurity labor shortage, and because it’s a multi-disciplinary field that needs more diversity of thought and perspective, we need to widen the tube of people coming into cyber careers. Programs like Bridge to Tandon, Cyber Fellows, and M.S. in Cybersecurity Risk and Strategy (offered jointly with our law school), along with shorter-term certificates, will help support professionals either considering cybersecurity or already in the field. (16:45)
- Truly online learning is here to stay and will continue to grow as a viable alternative to support a workforce that needs lifelong learning with greater flexibility (due to family, jobs, commuting, and other factors. (27:06)
Hacking Reality
Technology for Detecting Deep Fakes
On July 16, Professor Nasir Memon, who introduced cybersecurity studies to NYU Tandon in 1999, making it one of the first schools to implement the program at the undergraduate level, spoke about the new threats that Deep Fakes bring to the cybersecurity landscape, the importance of interdisciplinary cybersecurity solutions, and more.
Among his points:
- You can't learn about cybersecurity by listening to lectures: you have to get hands-on, break things, and take systems apart. (7:03)
- Any proposed cybersecurity solution that doesn't take a holistic approach isn't going to work because security isn't just a tech issue; it involves human behavior, business, and law as well, and those perspectives must be taken into account. (9:55)
- When videos and photos are altered, there may be other costs and casualties, but the major one is trust. We need to begin building "islands” of trust, particularly in areas like journalism or law enforcement, where being able to rely on what you're seeing is so important. (25:00)
Trust but Verify
Trustworthy Intelligent Systems
On July 23, Rachel Greenstadt (Computer Science and Engineering) spoke about her experiences in studying intelligent systems that act autonomously and with the integrity necessary to be trusted with important data and decisions.
She pointed out:
While criticism and rejection are difficult, young researchers can learn from the experience and use it to improve their work down the line. (3:55)
As a graduate student focused on the tech aspects of the internet, I was initially disillusioned to see a business model developing based on monetizing the collection of consumer information; I came to realize that it's never just the technology that's important — it's the economics, the policy, and many other aspects that matter as well. (14:19)
When you are choosing a field of research, focus on what you care about and what you think will make a difference in the world before considering any other factors. (22:10)