Conference at CCNY Explores Cyber Threats, Prevention Strategies
More than 100 experts on network and telecommunications security from academia, government and industry attended a two-day conference on Cyber Infrastructure Protection: Policy and Strategy, June 4 – 5. The event, sponsored by The Grove School of Engineering’s Center for Information Networking and Telecommunications and the U.S. Army War College’s Strategic Studies Institute, offered presentations on the newest threats to cyber infrastructure as well as novel strategies for thwarting them.
Attendees heard experts from the National Defense University describe a scenario whereby a powerful, aggressor nation could use cyber warfare to conquer a weaker neighbor within a week. By first launching cyberattacks against the financial, energy, telecom and media systems of the target country’s key ally, it would render that nation unable to come to the defense of the state now under siege.
Dr. Peter Tippett, founder of ISCA Labs which is now part of the company's Cybertrust division, discussed how network managers who know their network can block most attacks. With the publication of the Verizon Business Data Breach Investigations Report detailing actual investigations into 90 security breaches, Tippett argued that he has data that can be applied to the discipline of enterprise security to make it safer.
Krishan Sabnani, vice president of networking research at Bell Labs warned about new types of denial of service attacks that affect mobile data networks. The attacks, which have been made possible by an inherent weakness in the mobile IP protocol, are relatively straightforward to mount, but hard to detect and defeat.
Nasir Memon, Professor of Computer Science and Engineering at the Polytechnic Institute of NYU, advised chief information officers to stop focusing on intrusion detection and prevention systems and start dealing with the computers on their networks that have already been compromised by cybercriminals. "Intrusion prevention is not enough,” he said. “You have to be watching inside your network very carefully and looking for infections.”
In addition, Anup Ghosh, Research Professor and Chief Scientist at George Mason University's Center for Secure Information Systems (CSIS) described a novel approach to protecting against accidental malware infections known as drive-by download attacks. The idea, developed by CSIS in conjunction with Northrup Grumman Information Systems, gives users PCs that run virtual machine software that act as sensors to detect malware infections and prevent them from infecting enterprise networks.
Media Coverage of the Conference:
InfoWorld, June 5, 2009
“CIOs: Your Networks Have Already Been Compromised”
“New DOS Attacks Threaten Wireless Data Networks”
Internet News, June 5, 2009
"For Better Network Security, Know What You Have"
Internet News, June 6, 2009
"Enterprise Security Should be Cheaper and Better"
Network World, June 8, 2008
“Internet Cleanroom: New Weapon Against Drive-by Download Attacks Emerges”
“10 Things You Didn’t Know About Cyberwarfare”