Given the fact that the most common password for computer users is “password,” and the second most common is “12345,” cybersecurity is an issue for everyone – not just corporations that handle personal information.
That was the message recently conveyed by a panel of cybersecurity experts hosted by the Center of Excellence for Security Innovation (CSI), a collaboration between UConn School of Engineering and Comcast.
Donna Dodson, chief cybersecurity advisor for the National Institute of Standards and Technology (NIST), told the audience at the Wilbur Cross Building that getting companies and individuals to think about cybersecurity is the first step toward a more secure network.
“I may not understand the mechanics of my car, but I know it’s my responsibility to keep it safe,” said Dodson, the featured speaker at the event.
Toward that end, the NIST wrote a guidebook for the public, titled “Framework for Improving Critical Infrastructure Cybersecurity.” “It’s helpful because it provides a common language for people,” she said. “And it promotes concepts of resiliency and protecting your environment.”
UConn’s Mark Tehranipoor, Director of CSI, and the Center for Hardware Assurance, Security, and Engineering (CHASE), said education about cybersecurity should begin early. “We really have to take it down to the undergraduate level and even bring it down to high school level.”
Everyone is needed in the effort to prevent cyberattacks, according to Liam Randall, of Critical Stack, an Ohio-based company that specializes in network security. For every person working on preventing attacks, he said, someone else is working on new ways to carry out such attacks.
“When you look at the impact that one person can have, that really keeps me up at night,” he said.
Steve Mace, Associate Vice President for Systems Technology in the Science & Technology Department of the National Cable & Telecommunications Association (NCTA), said the sophistication of cyber-attacks is now “very high,” so raising the level of counterattacks is all the more crucial.
Panel moderator Dr. Laurent Michel, Associate Professor, UConn Dept. of Computer Science & Engineering and Associate Director of CSI, suggested that today’s cyber-attacks are a combination of ingeniously executed ones and cruder efforts that succeed because of poor security.
As recent attacks against Anthem, Target and Home Depot indicate, the size of a company is no guarantee of security.
“We’ve seen some smaller companies that are well-versed in controlling their networks, and we’ve seen the opposite with large companies,” said Matthew Scholl, Chief of the Computer Security Division, ITL at NIST. “There’s no correlation between size and cybersecurity.”