Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Panel #1 Cybersecurity Outlook • Panelists – – – – Janet Bishop-Levesque, RSA Bob Guay, BioGen Larry Wilson, UMass John Schramm, Manulife/Hancock • Moderators – Wayne Burleson, UMass – Srini Devadas, MIT MIT COMPUTER SCIENCE AND ARTIFICIAL INTELLIGENCE LABORATORY 10/20/2014 Cybersecurity and Threats • Cybersecurity is a property of computer systems similar to performance and energy • Attackers take a holistic view by attacking any component or interface of system • Diverse threat models dictate different desirable security properties – Viruses and worms: Bug-free programs – Denial-of-Service attacks: Redundant resources – Cyberphysical attacks: Tamper-resistant hardware MIT COMPUTER SCIENCE AND ARTIFICIAL INTELLIGENCE LABORATORY Cybersecurity: Mainstream View • Computer systems are so complex that it is impossible to design them without vulnerabilities. • Therefore, the best we can do is to: – Focus on existing computing systems and their attacks to discover flaws – Design mechanisms into these systems to protect against these attacks – Manage risk and administer systems well • Unfortunately, new flaws are always discovered… • We need to do better than this “Patch & Pray, Perimeter Protection” mindset MIT COMPUTER SCIENCE AND ARTIFICIAL INTELLIGENCE LABORATORY Cybersecurity: A Holistic View • Security property cannot be articulated well when isolated to a component or layer need a systems-wide, architectural viewpoint • New theoretical and practical foundations of secure computing that integrate security in the design process security “by default” Remove program error as a source of vulnerability • Bring researchers from diverse disciplines and industry practitioners together to address a wide range of threat models MIT COMPUTER SCIENCE AND ARTIFICIAL INTELLIGENCE LABORATORY Three classes of benefits: • Prevention: Increasing the difficulty of attacks • Resilience: Allowing a system to remain functional despite attacks • Regeneration: Allowing systems to more quickly recover from attacks to fully functional state. MIT COMPUTER SCIENCE AND ARTIFICIAL INTELLIGENCE LABORATORY Question #1 • Is it worth investing in attack prevention technologies? Against: Techniques are never going to protect against all attacks and therefore detection, diagnosis and recovery techniques are a necessity and a better investment of resources. For: Prevention is better than cure, especially when it comes to customer services. Relates to Anna Nagurney’s keynote MIT COMPUTER SCIENCE AND ARTIFICIAL INTELLIGENCE LABORATORY 10/20/2014 Question #2 Will companies that wish to deploy secure systems incorporate a holistic design methodology, or is this too much to expect? Relates to Dave Clark’s keynote MIT COMPUTER SCIENCE AND ARTIFICIAL INTELLIGENCE LABORATORY 10/20/2014 Question #3 With a recent spate of attacks on servers and breaks that affect large sets of clients, are we at a point where clients will have to take more responsibility for their security through the use, for instance, of multifactor authentication and perhaps suffer more inconvenience? MIT COMPUTER SCIENCE AND ARTIFICIAL INTELLIGENCE LABORATORY 10/20/2014 Questions 1. Is it worth investing in attack prevention technologies? 2. Will companies that wish to deploy secure systems incorporate a holistic design methodology, or is this too much to expect? 3. With a recent spate of attacks on servers and breaks that affect large sets of clients, are we at a point where clients will have to take more responsibility for their security through the use, for instance, of multi-factor authentication and perhaps suffer more inconvenience? MIT COMPUTER SCIENCE AND ARTIFICIAL INTELLIGENCE LABORATORY 10/20/2014