From broadband networks to wireless signals to power grids, cyberspace is all around us every day, and the cyber threat is therefore one of the most serious economic and national security challenges facing America.
This warning set the backdrop for “State of the Hack,” a guest lecture to the Stevens community on best practices in defending our information and communications infrastructure. Part of the newly revamped Deans’ Seminar Series – a joint effort of the Schaefer School of Engineering and Science and the School of Systems and Engineering – the lecture was delivered by Kevin Mandia, an internationally recognized cybersecurity expert.
“Cybersecurity is a pressing problem that is in the news almost on a daily basis, so this seminar gave us all a better sense of the issue and provided some ideas for what we ought to pursue as a solution, especially from a research perspective,” said Dr. Dinesh Verma, Dean of the School of Systems and Engineering.
Mandia is CEO and Founder of MANDIANT, an information security company with offices in Washington, D.C., New York City, Los Angeles and San Francisco that solves some of the most pressing cybersecurity threats and challenges facing Fortune 500 companies, financial institutions, government agencies, police departments and law firms. MANDIANT’s services include information security compliance, complex litigation support, computer forensics, expert testimony, network attack and penetration testing, fraud investigations, computer security incident response and counter intelligence support. During the last 18 years, Mandia has been on the front lines assisting organizations in responding to international computer intrusions, theft of customer credentials, and widespread compromise of sensitive data.
Mandia’s presentation began by presenting the scope of the problem: it is much easier for organizations to be hacked today than in decades past. Due to the rise of social media and online information, criminal hackers have an almost infinite amount of personal data available to them, and – by targeting end user accounts – numerous methods to intrude on the networks of target companies.
Retail and financial companies probably under the greatest computer security threat because they process and store credit card data, Mandia said. Criminals frequently initiate security breeches by cyber-stalking employees of these companies and sending them malware via email, instant message or even Skype.
Mandia shared detailed case studies of how he and his colleagues have responded to the most serious computer security incidents and breeches to these companies. For example, he described a major incident in 2008 in which Russian hackers stole credit card data from Royal Bank of Scotland using a method similar to the one described above and then created fraudulent credit cards that "mules" across the world used to withdraw almost $10 million in a single day. Aiding the FBI on its investigation, Mandiant helped apprehend many of the mules, although the hackers are still at large and in operation.
Mandia said most security breaches today are detected by the U.S. government. As criminals have advanced and adapted their methods, other techniques such as antivirus alerts, intrusion detection systems and proactive security audits are simply too slow and outdated.
He also demonstrated best practices and emerging trends that organizations are using to detect and respond to these incidents and to minimize the new risks of doing business in the information age – i.e. inspecting browser history and email content to identify malware.
The Deans’ Seminar Series was initially launched two years ago by the School of Systems and Engineering under the singular name Dean’s Seminar Series. Like today, the school hosted distinguished guests from industry, government and academia on a biannual basis to discuss important issues and topics related to its key concentration – engineering technology in a systems context. Previous speakers include Dr. John Mather, winner of the Nobel Prize in Physics; Michael Griffin, former NASA Administrator; and Dr. Ray Johnson, Chief Technology Officer of Lockheed Martin.
“State of the Hack,” however, was co-hosted by the Schaefer School of Engineering and Science, reflecting a new focus on partnership and cooperation between the schools and an interest in elevating the impact of the series.
“Collaboration across disciplines to address big problems is how real breakthrough’s happen, not when people drill deeper and deeper into their own focused fields,” said Dr. Michael Bruno, Dean of the Schaefer School. “As such, the Deans’ Seminar Series will now join forces across the university and the invited speakers will be relevant to a variety of academic interests – in this case, computer science, electrical and computer engineering, systems and engineering, mathematics, technology management, and more.”
The Deans’ Seminar Series events will occur at least once per semester going forward.