The speed and complexity of tech innovation—from 5G networks to the prevalence of artificial intelligence—will require more sophisticated and holistic safeguards, according to cybersecurity experts who gathered last week at the University of Maryland’s first Executive Cybersecurity Summit. The first-of-its kind, three-day event assembled over 125 high-level private sector executives, senior policymakers, government leaders and academic researchers, for a broad conversation including not just technical issues but also often-overlooked intricacies of cyber threats, such as human behavior and economic impacts.
“It takes partnerships that span sectors and disciplines to understand a growing threat of this magnitude and complexity,” said University of Maryland President Wallace D. Loh. “Academia already plays a unique role in fostering these partnerships. It’s one of the reasons for convening this summit.”
Sponsored by the University of Maryland’s Office of the Provost, the Executive Cybersecurity Summit was organized by the University’s Maryland Global Initiative for Cybersecurity (MaGIC), a campus entity that promotes and coordinates efforts across the University of Maryland to expand cyber education, research and development activities. The summit was designed to fill a critical gap in the ongoing conversation on cybersecurity by bringing the challenges facing the public and private sector to the research community, and explore not just the technical challenges of cybersecurity, but the tech-induced impacts relevant to organizational leaders.
“I think that the activities and pressures on the ground are so demanding that the public and private sectors have a tendency to move too fast to solve the immediate problem, when actually the problem is much more involved,” says Keith Marzullo, dean of UMD’s iSchool. “That need to move quickly limits their ability to think more deeply. And that’s where we can come in.”
Speakers included Rick Ledgett, former deputy director of the National Security Agency; Grant Schneider, federal chief information security officer and senior director of cybersecurity of the National Security Council; Jon Darby, director of operations for the National Security Agency; Major General Linda Singh, Adjutant General of Maryland; Curt Dukes, VP and GM of CIS; Congressman Dutch Ruppersberger, Maryland’s 2nd District; and Debora Plunkett, former director of the NSA’s Information Assurance Directorate.
Many of the experts stressed the urgency for building the professional workforce on all sides of the cyber issue to include law, public policy, communications and enterprise. Schneider pointed to engagement with both cyber and non-cyber staff as critical to risk management.
“Developing that workforce is one of the most critical things we need to do,” he said. “We need more cybersecurity professionals, we need more STEM, people who can hopefully solve all of these cybersecurity challenges for us. We also need more lawyers and people who can translate what the technicians are talking about, and those who understand the business mission and values. We need a far more nuanced conversation between CEOs and CISOs.”
Speakers also listed a variety of factors—including fledgling technologies, knowledge and communication gaps, even national and regional emergencies—that compromise security and information by offering more points of entry for cyber hackers and nation-states. Singh touched on the Baltimore riots following the death of Freddie Gray, which cyber attackers attempted to exploit to access the state’s systems. That experience was the impetus, she said, for revolutionizing the Maryland National Guard’s cybersecurity system.
“You need to gather the experts but also give them the space create and innovate,” she said.
Research also plays an important role in studying the interconnection of systems and in understanding how they can make us vulnerable. Ledgett pointed to emerging technologies and techniques such machine learning as areas not well-tested or understood in today’s threat environment. Facial recognition in particular, which is poised to change everything from how we buy things to how we travel, is particularly vulnerable.
“I’ve had colleagues tell me that it will take a cybersecurity breach equivalent to Pearl Harbor to change the game,” said Ledgett. “I think that the work that institutions like the University of Maryland and folks in the private sector can do is essential to making that not be the case.”
MaGIC’s Executive Director Daniel Ennis said he expects the summit to be an annual event at the University of Maryland, possibly bridged with a series of lectures that explore a deeper range of topics connected to the cyber issue.
“Ultimately a lot of these solutions are going to come from the private sector and academia and the research it develops,” he said.