To combat cybersecurity threats, experts point to internal vulnerabilities

The cybersecurity field is facing new challenges as threats become more sophisticated and connectivity spreads throughout different government organizations and industries.

MTA Chief Information Security Officer Tariq Habib, who moderated City & State’s Digital NY Summit & Awards panel about cyber security on Thursday, opened the discussion by drawing attention to the fact that we live in a critical moment of change and modernization, in which “we do not know the risks presented by new, exciting technologies.”

The speakers touched upon several different aspects of those changes. Fred Rica, a cybersecurity expert at KPMG, acknowledged there has been a shift in the kind of adversary the industry has to deal with. “They’re so well funded, so persistent, that just keeping up with them on a day-to-day basis is a huge challenge,” he said.

Rica mentioned the change in work habits, as a new generation enters the workforce, and an increased connectivity as something cybersecurity officers need to adapt to. As an example, Enlightened, Inc. President and CEO Antwayne Ford mentioned “bring your own device” policies that are becoming increasingly common.

Ford also talked about the increase in connectivity, and “connection points” between different systems, sometimes can be the gateway for attacks. “We have to make sure those that are connected to use are also acknowledging that at least that connection point should be secure,” he said.

The two also talked about the importance of training and awareness as a non-digital strategy to improve cybersecurity, and conducting “drills” and constant assessment of teams. On the topic,  Deputy Chief Information Security Officer for the City of New York Colin Ahern said cybersecurity is a “people problem and is a computer problem.”

Nasir Memon, a professor in the Department of Computer Science and Engineering at NYU Tandon, said “users are the weak link in the chain.”

Memon and Ahern talked about the city’s and industries’ strategies to find and recruit more qualified personnel. As part of the strategy, the two mentioned the “Cyber Fellowship” initiative; a master’s program in cybersecurity that aims at creating more diverse security teams, promoting the publication of research and establishing a more open cybersecurity industry, according to Ahern.

The program is being developed in partnership with the New York University Tandon School of Engineering. According to Memon, the “cyber fellows” will get both the academic training and hands-on experience that are needed in cyber security jobs. He also recognized that the city is one of the forces behind the creation of the program.

When asked about the city’s initiatives to improve cyber security, Ahern talked about his role as head of the city’s Cyber Command. The unit was created in July 2017, through an executive order signed by Mayor Bill de Blasio to establish a centralized management of the city’s cybersecurity and “protect its residents from cyber threats.”

According to Ahern, the city has “teams of teams” involved with cybersecurity, and this is one measure that, by centralizing the management, will be helpful in “providing reliable services to residents.”