Contact InformationMain office:
3rd Floor, main building
Meet the department:
The CCRI Department of Marketing and Communications is the hub for all internal and external college communications. If you have news you want people to know about, let us know!
Web Content manager
Experts share advice for staying safe online at second annual Security Awareness Day
Oct. 31, 2014
Coming off the heels of a successful first inaugural Security Awareness Day last year, the Community College of Rhode Island once again put on an all-day event featuring keynote speakers and breakout sessions all aimed at bringing awareness to issues in cybersecurity on Oct. 30.
Director of Networking and Telecommunications Bruce Barrett said approximately 450 people registered for the event. The event’s 13 sponsors made it possible for the event to remain free and open to the interested public, he said.
The annual event is meant to coincide with National Cyber Security Awareness Month, which is happening across the country, but many of the guests and speakers had local connections, and much was made of the fact that Rhode Island has an important part to play in the fight to protect our information and networks online, both nationally and here at home.
“Here at CCRI, students use new mobile technology every day through wireless computing, mobile printing and distance learning. Students can do research and homework from anywhere, anytime,” said CCRI President Ray Di Pasquale. “But with each advancement, there comes challenges and risks that truly affect how we live and protect ourselves online. This is an especially important issue in higher education, as our student records are protected by federal regulations.”
One speaker on the agenda for the morning had intimate knowledge of the ramifications of those regulations on the higher education space. David Sherry, chief information security officer at Brown University, gave a presentation on the evolution of privacy and why it matters to security. Drawing from 22 years working in technology, spanning time at government agencies, security startups, financial services and now higher education, Sherry brought what he called a holistic approach to examining issues of privacy, security and where the two intersect (and, likewise, where they might not).
Sherry explained that in the higher education spaces, such as at Brown and CCRI, regulatory and legal obligations mean that privacy concerns have to be addressed both separately and in conjunction with security concerns. Differentiating between privacy and security, Sherry explained that even if a network is closed and secure, as Brown’s campus network is, there is still the need for privacy within that network. Student data, for example, should not be accessible to everyone on that closed network.
The health care system is another field in which concerns about privacy and security often must overlap in this way. As such, Sherry said that organizations looking to appoint their own chief information security officer – an extremely necessary position, in his view – should seek someone with a legal or regulatory background.
Sherry said that in his time adapting to his evolving role at Brown, he found that he spoke the language of business and reputation management as much as he did the language of security and technology, saying that the two spheres were interchangeable concerns in the way today.
Other than the burgeoning role of the chief information security officer, Sherry’s talk focused on some of the ways that privacy and security are perceived in the larger world.
Privacy and security concerns have been evolving, “fairly new” concepts, said Sherry, coinciding with shifts in democratic thinking and in the development of technologies such as cameras and the printing press, which make the proliferation of information easier across channels and space. It’s not so easy to start over in a new town with a new identity, for instance, if your old identity and criminal record can follow you.
“Cameras really made a big change,” explained Sherry. “As cameras progressed, suddenly people could take a picture of you out in public. And you were no longer in control of when or where you might be photographed.”
It was precisely this advancement that most concerned the first speaker of the morning, Dr. , associate professor of computer science at UMass Lowell. Fu’s presentation – aptly titled “All Mobile Devices Are Watching You!” – showed just how vulnerable we’ve made ourselves at the hands of “smart” technology, such as smartphones, wearable tech including watches and Google Glass and more.
“Everyone has smart devices. We all carry them. And they are all equipped with cameras, so we’re surrounded by so many cameras. But what if those cameras become malicious?” he began.
In demonstrations that were as illuminating as they were disturbing, Fu showed how surveillance systems ranging in complexity from smartphone cameras to small drones could be used to capture footage of targets entering sensitive information, such as passcodes and PINs, into their personal devices as well as public use ATM machines. Fu and his team were able to design software that could automate the process of extrapolating these passwords, even when the numbers being punched on the target screens weren’t visible to the naked eye.
Other than taking the precaution of covering up screens or shielding an ATM’s pin pad with your body, Fu suggested downloading a free app that he and his team had developed, called PEK (Privacy Enhancing Keyboard), available for Android platforms. The software randomizes your keyboard during times of passcode entry, meaning that an insidious drone or a nosy neighbor with Google Glass wouldn’t be able to reliably hack your data.
Turning to a more macro perspective on security, U.S. Sen. Sheldon Whitehouse and U.S. Rep. James Langevin, both of whom are quite active on the issue of cybersecurity at a national level, spoke about some of the concerns of privacy and security, as well as what the country is doing to combat the growing threat cybercrimes pose.
“Terrorists seek to disrupt our critical infrastructure, foreign governments steal intellectual property worth billions of dollars from American businesses to help their own industries and other criminals, from so-called hacktivists to spammers, also put us at risk. The scale of cyber threats facing America raises the question of whether we are responding adequately as a nation. In my view, we are not,” said Whitehouse.
The first step in combating these attacks is raising awareness, he said, much as the Security Awareness Day program aimed to do. “I’m glad awareness is our focus today,” he said.
Langevin, who has long worked alongside Whitehouse in an effort to make the public more aware of the potential danger as well as some of the basic steps to combat the problem – changing passwords regularly, holding corporations more accountable to disclose information when breaches occur, etc. – said that the free and open architecture of the Internet would always make us vulnerable to breaches and attacks.
But, he said, “Almost every attack begins with someone clicking on a bad link, not patching their computer. Improving your own personal cyber hygiene is probably the single most important thing you can do to protect yourselves and others. Bottom line is this: We’ll never solve cybersecurity, much as I wish we could. It’s a challenge that we have to manage. Again, it’s about closing that aperture of vulnerability that is right now wide open down to something much more manageable. Just like you and I use a seatbelt to drive safely to minimize risk in a car, use best practices to minimize risks in cyberspace.”
After the general sessions for the morning were over, participants returned to breakout sessions of their choice on topics ranging from malware to security auditing.
blog comments powered by Disqus