AU hosts conference on cybersecurity
Experts gathered to answer questions regarding current state of cyber policy
A wide range of cybersecurity industry experts came together at AU on March 20 and 21 to participate in a conference titled “Cyber Security in an Age of Uncertainty,” which focused on exploring the extent of cybersecurity concerns today.
The event showcased United States and Israeli perspectives and was sponsored by AU groups including the Center for Israeli Studies, the Internet Governance Lab, as well as outside groups such as the Internet Society of Washington D.C. Chapter and Israel Cybertech 2017. Active cyber military operations, internet freedom, cybertheft and technological capabilities were the main focuses of discussion over the course of the two day conference.
One panel titled “Cyber Security and Human Rights in the Age of ISIS” brought together specialists on monitoring and protecting cyber networks. Benjamin Dean, a fellow for Internet Governance and Cybersecurity at Columbia University's School of International and Public Affairs in New York City, was one of the experts.
Dean began by talking about the “Internet of Things” which refers to the huge, growing network of interconnected devices that people use everyday. Besides just computers and smartphones, this term also encompasses smart grids, smart homes, intelligent transportation and even smart cities. All of these devices use the infrastructure of the internet, and need to be secure to be viable for mass public use including across international borders, Dean said.
“It is kind of like when the Europeans got to the Americas and immediately started taking gold,” Dean said. “What governments are learning today is how powerful data and information is, and how valuable that makes access to it. It is the gold rush of the 21st century.”
Following this, panel member Michael Nelson spoke. Nelson originally taught at Georgetown University with a focus on internet related global public policy and now works for a company called Cloudflare which offers internet security services that currently support over six million websites.
“I have been working on internet policy for over 30 years,” Nelson said. “In that time, I have seen a lot of stages in the development of the internet. But, where we are today is the most critical time in the state of the web since the 1990s.”
Nelson talked about his company, which he said “is essentially in the business of defending denial of service acts.”
“We have been able to protect people from their governments, anonymous, and three years ago we helped the Hong Kong street protesters who not only held a protest in the street, but also a protest in cyberspace,” he said.
Nelson then went on to explain how Cloudflare used all of its resources to defend the protesters’ network.
“On the first day, the Chinese government made a huge attack using enough spam and false inputs that normally would have shut down the protesters’ referendum in a minute,” Nelson said. “And the next day they doubled that attack.”
Over the course of 10 days, Cloudflare managed to remain secure, and by the end, they had deflected the largest Distributed Denial of Service (DDoS) attack in history.
Dr. Eldar Haber, a fellow at the Berkman Center for Internet and Society and an assistant professor at the Faculty of Law, Haifa University, followed Nelson. He focused on the protection of a state's critical infrastructure, whether that infrastructure is public or private.
Haber presented two different approaches that can be taken toward solving the problem of insecure critical infrastructure.
“Either a free market method dependent on companies choosing how to secure themselves can exist, or a state intervention compulsorily enforcing security measures can be implemented,” Haber said.
Haber admitted that there are problems with both possible scenarios, and in regards to market reliance, he said, “There are a lot of market failures that can occur, and a big company that has a monopoly may not be willing to implement proper security that the government would want them to have.” The United States, for example, mainly uses this market based approach.
“When we have a single government entity in charge of protocol, it might not be as good,” Nelson said, referring to the state intervention method. “And, governments are usually slow to react to changes in cyber security regarding critical infrastructure because of how fast the state of security changes.”