Having just returned from a meeting on data science in Tokyo, Frank Hsu, PhD, the Clavius Distinguished Professor of Science, took a moment to discuss the conference he co-founded here at Fordham in 2009: the International Conference on Cyber Security (ICCS). This year’s conference, which is co-sponsored with the Federal Bureau of Investigation, will be held July 25 to 28 at Fordham’s Lincoln Center Campus.
You’ll be sitting on a panel about education and cybersecurity. With the number of cybersecurity jobs expected to increase by 37 percent over the next 6 years, how would you describe a good cybersecurity education today?
Cybersecurity education has become an interdisciplinary program. It’s primarily a science and technology, but it’s also related to policy and society. There are many aspects, including cognitive science, psychology, political science, economics, sociology, law, as well as computer and information science. But you cannot just teach students the skills; you have to have the methodologies. A good cybersecurity education will provide the foundations, but above all students have to learn how to keep learning.
What are some of the newer issues to be discussed this year?
Insider threats. A company not only has to have a policy on cybersecurity that includes instant response, but they also have to prevent or predict something that might happen. Many of those intrusions are really coming from the inside. It’s called exploitation of the company’s cyber infrastructure. You can screen people before they get into the company, but you should also be able to identify and forsee people who may become disgruntled and might want to cause the company harm.
How about cyber health?
When we talk about cybersecurity we’re not just talking about cyberattack, we’re also talking about cyber exploitation, which may be happening to you and you’re not aware of it. That’s why we need to be aware of our cyber health. When you use a computer in a library and you don’t log out or delete your searches, you leave a fingerprint and people can get into your account. That’s not good for your cyber health.
What are some of the perennial topics?
Critical infrastructure remains very important, because so much of it, like the power grid, is connected to the internet. There’s been much progress, but there’s much more to do. Much of the critical infrastructure has been there for 50 to 100 years, and it’s difficult to revise or reinvent all of it. It also relates to what we call the “Internet of Things.” There are more physical devices connected to the internet than ever before—and that should also be a concern for cybersecurity professionals and policy makers.
Is there money to be made amidst all the risk?
If the cybersecurity industry is to move ahead, it’ll have to attract more investment. Up until now, there haven’t been that many cybersecurity companies that have an IPO. It’s only recently become recognized as a place to invest, so we’ll be talking about venture capitalism and how to attract investment. Cybersecurity is so hot that every investor is trying to get in to it, but it’s not easy to make a decision on where to invest. From a tech point of view, cybersecurity is a good investment, but from a financial investment standpoint the risk may be pretty high. Many startups fill a niche, but if the niche is suddenly gone, it cannot sustain the growth. I’d say that cybersecurity is very different from a trendy niche or a traditional IT technology.