Confronting Escalating Cyber Attacks
Strategies for Addressing Future Attacks on Critical Infrastructure
Cyber attacks are increasingly impacting critical infrastructure, government and wider society with escalating disruptions of essential services that underpin American society and the real potential of debilitating impacts on our physical and economic security as well as public health and safety.
This initiative brings together thought leaders from the government, business and academia for vital insights into the threat and actionable strategies to address it through:
- Quick Briefs (60 second summaries from each thought leader)
- To-the-Point Interviews (8-10 minute focused discussion)
The Thought Leaders
Federal Chief Information Security Officer
U.S. Office of Management & Budget
"We need … a paradigm shift for how we're approaching cyber security. And to me that is zero trust principles … re-architecting the way that our workforce accesses resources, the way that we trust devices, the way that we get give intelligent access. And it really means treating everything as untrustworthy until we prove it otherwise by thorough verification, validation."
Vice President, Business Security Risk, Humana
Former Deputy Chief Information Security Officer, US Bank
"[We] need to prioritize our cyber health … to implement those basic cyber hygiene practices … to invest in the people, the processes and the technologies to reduce the critical risk. And we need our government partners … to bring the whole of their capabilities in a coordinated way to lead this joint effort."
National Risk Management Center Director,
U.S. Cybersecurity & Infrastructure Agency (CISA)
"We … have to look at systemic solutions…more requirements about better cybersecurity… building cybersecurity to contracts… breaking down barriers to information sharing, and public private partnerships...leveraging financial levers to incentivize additional cybersecurity."
Subcommittee Director, Cybersecurity, Infrastructure Protection & Innovation
House Committee on Homeland Security
"We're starting to see … real consequences, … that's going to drive action … we're going to have to take the approach of nothing's off the table…government needs to lead by example … to resource … to defend its own networks, and … to better partner with the private sector by providing better intelligence ... better tactical support…"
Managing Director, Cyber & Strategic Risk Practice
"We should reframe cybersecurity as cyber safety... like food safety, or occupational safety, or even transportation safety…We need minimum software and hardware security standards. It’s mind-boggling that we still buy stuff that doesn’t have a minimum security standard."
Chief Information Security Officer
"A cyber attack … has become one of the highest risks that companies nowadays have to face and so a defense in depth and defense in breadth program … is a must have to enable every organization to protect their assets ..."
Director, Operations Security & Emergency Response Policy
American Petroleum Institute
"We see … often a lot of victim shaming. And that is not how we're going to better defend our country, our infrastructure … we need to have … companies invest more, but we need to have a better deterrence to what is often criminal actors or nation-states that are adversarial for geopolitical reasons that are targeting private companies."
NYU Distinguished Research Professor / Chief Executive Officer, TAG Cyber
Former Chief Security Officer, AT&T
"The challenge in one word is complexity… 100% of the critical infrastructure that's in place today, is probably not sufficiently understood by the people who have responsibility to protect it…take inventory, simplify, learn how things work"
Director of Cyber Strategy
"A one size fits all does not work in the cybersecurity environment ... it's understanding the sector, what's important to the sector, and then tailoring the overall cybersecurity risk mitigation programs, partnerships, best practices to that sector’s requirements and needs."
- Quick Brief and Full Interview to be released
Co-Chair, NYU Center for Cybersecurity
Professor of Practice, NYU School of Law
Former General Counsel, Head of Public Policy, Verizon
"We can ... increase cybersecurity by first concentrating on the most important risk issues; next by recognizing that reducing cyber-risk will likely be accomplished by tailoring incentive-based solutions to the type of insecurity we are trying to correct; and finally by recognizing that progress … will be in small steps, not grand schemes"
Thought Leader Roundtable
A Thought Leader Roundtable with representatives from both the public and private sectors discuss this challenge — exploring consensus, as well as differences of perspective. This discourse should hopefully inform decision-makers in both business and government.
- Ed Amoroso NYU Distinguished Research Professor / Chief Executive Officer, TAG Cyber; Former Chief Security Officer, AT&T
- Moira Bergin Subcommittee Director, Cybersecurity, Infrastructure Protection & Innovation, House Committee on Homeland Security
- Jesse Goldhammer Managing Director, Cyber & Strategic Risk Practice, Deloitte
- Bob Kolasky National Risk Management Center Director, U.S. Cybersecurity & Infrastructure Agency (CISA)
- Jenny Menna Vice President, Business Security Risk, Humana; Former Deputy Chief Information Security Officer, US Bank
The cyber challenge is complex with the threats ever-evolving and interdependencies within and between organizations complicating defense and response efforts. Responsibilities for cyber defense and necessary investment can be unclear. Perpetrators include criminals, nation-states, activists, and hybrids thereof.
A holistic understanding of the evolving cyber landscape and a framework for concrete action to manage the risks to critical infrastructure are vital.
NYU’s INTERCEP Center and the NYU Center for Cybersecurity in collaboration with others are convening key stakeholders and thought leaders in urgent discussion to better understand the challenge and identify specific actionable strategies to address it.
Core questions that we will address:
- What are the primary factors/drivers behind our vulnerability to cyber attacks?
- What can be done to address these?
- Who must take action?
- How can we best motivate these parties to take action?
Our near-term objective is to spotlight insights and concrete strategies to inform action by key stakeholders via:
- To-the-Point Brief Interviews of Thought Leaders: To highlight divergent perspectives on both the immediate cyber challenge and actionable strategies to address it through short focused interviews of thought leaders and stakeholder representatives. These will be distilled quick viewing insights available for online viewing by policymakers and wider representatives from the public and private sectors. Written transcripts will also be available.
- Interactive Virtual Forum with Thought Leaders and Policy Makers: Having clarified some of the leading insights, the goal of the forum will be to facilitate back-and-forth clarification, discussion and potentially evolution of insights and actions to inform organizational strategies and public policy.
- Potential Development of a Coalition of Interested Parties: Enabling key stakeholders to collaborate on advancing any consensus strategies.