In November, the United States Attorney’s Office for the District of Maryland and the University of Maryland cohosted the 2023 Cybersecurity Conference at The Hotel in College Park.
The conference brought together experts from government, industry, and academia, including the director of the Center for Governance of Technology and Systems (GoTech), Dr. Charles Harry, to discuss the ever-evolving landscape of cybersecurity. The three panels explored issues ranging from current threats to strategies on how to manage and mitigate the risk of a cyber incident.
"The partnership between UMD and the US Attorney's Office to put on this important event highlights the need to combine rigorous contextual analysis of the threat, likelihood, and consequences of cyber crime with the practical challenges of enforcing the law," said Harry. "The threat is sophisticated and increasingly international in origin requiring a deeper set of skills across disciplines to meaningfully address the problem."
The opening panel on current trends in cybersecurity set the tone by emphasizing the dynamic nature of cybersecurity threats. Moderated by Ryan Dickey, Senior Trial Attorney, Cybersecurity Unit in the Department of Justice’s (DOJ) Criminal Division, the discussion featured representatives from the Federal Bureau of Investigation (FBI), Department of Homeland Security’s Cybersecurity and Information Security Agency (CISA), the National Security Agency (NSA), and the U.S. Attorney's Office.
The panelists highlighted the rising complexity of cyber threats, including ransomware attacks, fraudulent schemes, and nation-state activities. They outlined the primary motives of threat actors, including cybercriminals driven by financial gains and nation-states for political purposes. Practical steps for companies were emphasized, such as using complex passwords, multi-factor authentication, and staying vigilant against phishing attempts. The panel also touched on future challenges in cyber, such as the potential impact of quantum computers and the need for post-quantum computing standards. The importance of collaboration was underscored, with CISA launching cross-sector cyber performance goals and advocating for secure software practices.
The second panel, moderated by Leonard Bailey, the head of the DOJ's Computer Crime and Intellectual Property Section’s Cybersecurity Unit, enumerated lessons learned from cyber attacks on critical infrastructure to spotlight key vulnerabilities. The panelists used the Colonial Pipeline ransomware attack as a stark example of a cyber event causing second-order effects, including nationwide panic and resource shortages.
During the panel discussion, notable experts from Johns Hopkins Applied Physics Laboratory and private sector companies including Exelon Corporation and Morgan Stanley, elaborated on the significant repercussions of large-scale disruptions. They focused on the convergence of threats from nation-states and other actors and how distinctions between threat actors are breaking down. Further, the interdependence of the private and public sector adds complexity to the landscape. In order to make progress, the panel argued for hiring the right talent to tackle these issues, understanding that humans are vulnerabilities in themselves, fixing supply chain problems, comprehending the risks of emerging technologies, and emphasizing policy harmonization around cybersecurity.
At lunch, Rick Ledgett, former Deputy Director of the NSA, emphasized the importance of collaboration between industry and government. His comments helped dispel the notion that either the market or the government alone can fix cybersecurity issues.
During the concluding panel of the conference, Harry moderated a group composed of senior officials at Marriott International and the Maryland Department of Information Technology. To start the discussion, Harry highlighted the idea of complex systems, cyber risk as a multidimensional problem, and the demand for inclusion and collaboration across various disciplines. The panelists shared insights into how to balance competing concerns during a cyber incident, including the importance of communication and collaboration with law enforcement as soon as a cyber attack occurs. The discussion also touched on the need for unified national standards and frameworks on cybersecurity to facilitate information sharing and improve overall cybersecurity posture.
The 2023 Cybersecurity Conference served as a critical platform for experts to share insights, strategies, and collaborative approaches to tackle the ever-evolving challenges in cybersecurity. As the digital landscape advances, the importance of proactive measures, information sharing, and a united front against cyber threats cannot be overstated.