Lawrence — FBI Supervising Special Agent George Schulzel said at a rally at the University of Kansas on Friday to explore how government, industry and researchers can work together to improve cybersecurity in the United States. , drew hundreds of people to the edge of their seats.
He participated in panel discussions with executives from Garmin, T-Mobile and the Federal Reserve Bank of Kansas City, addressing the technical challenges of raising the bar on cybersecurity.
“Now let’s go to the panel where I scare the living,” said Schulzel.
He raised the implications of the deployment of the malicious computer worm Stuxnet. The worm targeted supervisory control and data acquisition systems to damage Iran’s nuclear program. According to news reports, this cyberweapon was built by the United States and Israel during the administrations of Presidents George W. Bush and Barack Obama. Stuxnet infected an estimated 200,000 computers and destroyed his 20% of Iran’s centrifuges used to refine nuclear fuel. Iran responded by dedicating itself to its cyberattack program.
“Iran took it like, ‘Okay, they’re going to start recruiting and they’re going to start wreaking havoc.’ Schulzel said. “We have moved into a kind of future, recognizing that nations can influence world events, influence their enemies, and use technology to their advantage. I have.”
“I think all of these things will change the way we see the world and how we have to position ourselves to move forward. Thinking about it makes it hard to fall asleep.”
KU hosts the Center of Academic Excellence in Cyber Defense and Research, designated by the U.S. National Security Agency and the U.S. Department of Homeland Security.
‘We need more experts’
Invary CEO Jason Rogers says less than 1% of the world’s gross domestic product is dedicated to stopping computer breaches. Born out of a university’s innovation park, the startup is dedicated to identifying malware hidden in operating systems. Invary has made progress by relying on the expertise of the KU School of Engineering and technology developed by the NSA.
“We need more professionals,” said Rogers, who recommended greater cooperation between government, education and business. “Are we cooperating more than our enemies?”
Today, the average time from identifying a breach to containing it was 304 days. The average cost of a data breach was $4.3 million. However, the average cost of a large-scale breach of over 50 million records exceeded $400 million.
Lyle Paczkowski, senior technology strategist for T-Mobile’s Advanced and Emerging Technologies Division, said the United States needs a much larger workforce to improve cybersecurity.
He said there are 4.7 million people working in the cybersecurity field in the United States, but an additional 3.4 million will be needed to cover the bases. cannot create a pool of future talent, he said.
“Honestly, there are a lot of scary things to think about,” Patzkowski said. “Especially about digital twins and anything that can replicate you as a human or machine on a network.”
Dan Hein, security architect at Garman International, says cybersecurity failures require the involvement of interdisciplinary researchers. The work should include insights from people outside the traditional cybersecurity domain of computer science and computer engineering, he said.
“Be grateful for what you don’t know,” said Hine, who has a Ph.D. “We know some of the basic blocks and remedies of cybersecurity. Where do we need to go next?”
New technology, new threats
Mark Schmidtberger, information security manager at the Federal Reserve Board of Governors in Kansas City, said the rapid evolution of technology means future cyberattacks will occur in ways that are hard to imagine today. Cybersecurity people must focus on reducing the time between a cyberattack being identified and someone exploiting the threat, he said.
“We have to recognize that new technology is coming out there and accept it as something concrete. He said.
FBI Special Agent Schulzel says cybersecurity threats can’t be solved by law enforcement alone.
He said the FBI showed prowess in tracking down a notorious and violent bank robbery nearly a century ago. But, he said, killing or imprisoning these men and women did not end bank robbery as a lucrative profession. This was achieved when banks collectively rallied their investment in security, using armed guards, timed vault doors and bulletproof glass.
The same goes for the problem of ransomware crime, says Schulzel. The FBI and European law enforcement shut down his Hive, but not before a ransomware operation allegedly extorted more than $100 million from him. Hive allegedly worked with independent hackers to encrypt target computer systems and demanded payment to provide keys to unlock them.
Mothballing Hive has not completely eliminated ransomware from criminal activity.
“We’re good at tracking them down and bringing them to justice,” Schulzel said, “but that doesn’t satisfy the whole cybersecurity problem.” and taking additional steps to provide that additional security.”