Skip to Main Content

Live TV
Shows
My Station
My List
Shop
Visit the official PBS Shop for t-shirts, tote bags, and more. Every purchase supports PBS.
Shop Now
Donate
Support your local PBS station in our mission to inspire, enrich, and educate.
Donate to WOSU

PBS is brought to you by

WOSU helps your community explore new worlds and ideas through programs that educate, inform and inspire. Your tax-deductible donation helps make it all possible.

Donate to WOSUExplore more from your station

More from WOSU

Technically Speaking TV

Cam Beasley, Kevin Gamache, & Michael Sardaryzadeh

Episode 2 | 29m 3sVideo has Closed Captions

Cam Beasley, Kevin Gamache, & Michael Sardaryzadeh

Cam Beasley, Kevin Gamache, & Michael Sardaryzadeh

11/07/2019

Problems playing video? | Closed Captioning Feedback

Problems playing video? | Closed Captioning Feedback

Technically Speaking TV is a local public television program presented by KAMU

Technically Speaking TV

Cam Beasley, Kevin Gamache, & Michael Sardaryzadeh

Episode 2 | 29m 3sVideo has Closed Captions

Cam Beasley, Kevin Gamache, & Michael Sardaryzadeh

11/07/2019

Problems playing video? | Closed Captioning Feedback

Genre

News and Public Affairs

Share This Video

Embed Video
Technically Speaking TV
Cam Beasley, Kevin Gamache, & Michael Sardaryzadeh
S2019 Ep2
Fixed iFrame
Width: in pixelsHeight: in pixels
Responsive iFrame

Where to Watch Technically Speaking TV

Technically Speaking TV is available to stream on pbs.org and the PBS app.

Open in new tab

WELCOME TO THE DIVISION OF INFORMATION TECHNOLOGIES TECHNICALLY SPEAKING TV.

I'M YOUR HOST OUT OF MICHAEL.

TODAY WE ARE JOINED BY KEVIN GOOD FISH THE CHIEF RESEARCH FOR THE TEXAS AND AM UNIVERSITY SYSTEM CAN BE EASILY THE CHIEF INFORMATION SECURITY OFFICER FOR THE UNIVERSITY OF TEXAS AT AUSTIN AND AAAAA ZAIDI THE CHIEF INFORMATION SECURITY OFFICER FOR TEXAS AND AM THANK YOU ALL FOR BEING HERE.

ACCORDING TO IBM THE EDUCATION SECTOR IS IN THE TOP 10 FOR MOST TARGETED INDUSTRIES FOR CYBER ATTACKS ACCOUNTING FOR A SIGNIFICANT PERCENTAGE OF ALL DATA BREACHES IN 2018 MICHAEL WHY DO YOU THINK UNIVERSITIES ARE SUCH A MAJOR TARGET FOR CYBER ATTACKS.

WELL HAVING BEEN IN THE FINANCIAL INDUSTRY AND HEALTHCARE AND GOVERNMENT IN DIFFERENT INDUSTRIES EVERY INDUSTRY HAS SOMETHING THEY WANT TO PROTECT.

FOR EXAMPLE OBVIOUSLY IN BANKING OR FINANCE INDUSTRY YOU WANT TO PROTECT FINANCIAL INFORMATION OF YOUR CUSTOMERS HEALTH CARE THE MAJOR THING TO PROTECT OBVIOUSLY IS YOUR PATIENTS HEALTHCARE INFORMATION AND SO ON AND SO FORTH AND IN HIGHER ED UNIVERSITIES LARGE ONES LIKE UTI OR TEXAS AM THAT ARE ALSO LARGE RESEARCH INSTITUTES.

YOU HAVE ALL OF THOSE THINGS IT'S NOT ONE MAJOR THING YOU'RE TRYING TO PROTECT IS YOUR TRIP.

YOU HAVE HEALTHCARE INFORMATION YOU HAVE FINANCIAL INFORMATION YOU HAVE STUDENT INFORMATION SO YOU HAVE A PLETHORA OF DATA AND INFORMATION THAT FALL UNDER ALL SORTS OF REGULATIONS FEDERAL REGULATIONS STATE REGULATIONS AND AND SO FROM AN ATTACK PERSPECTIVE THIS IS ALMOST LIKE A ONE STOP SHOP YOU CAN GET IN HERE AND WHAT ADDS TO THE EASE FOR HACKERS OR THE DIFFICULTY FOR SECURITY IN THESE TYPE OF ENVIRONMENTS IS THERE NEEDS TO BE A CERTAIN AMOUNT OF FREEDOM IN ORDER TO DO RESEARCH AND DO THE BUSINESS OF THE UNIVERSITY WHERE IN A CORPORATE ENVIRONMENT FOR EXAMPLE YOU CAN IMPLEMENT VERY STRINGENT CONTROLS VERY RAPIDLY AND THROUGHOUT THE ENTIRE SYSTEM YOU HAVE THE SECURITY ORGANIZATIONS AND THOSE INDUSTRIES OR COMPANIES CORPORATIONS HAVE MORE CONTROL.

UNIVERSITY IS A MUCH MORE UNIVERSITY SYSTEM IS A MUCH MORE DIVERSE ENVIRONMENT IN THAT THAT'S WHAT MAKES IT A LITTLE MORE ATTRACTIVE FOR THE ATTACKERS RIGHT CAMP.

HOW HOW DO UNIVERSITY STAY A STEP AHEAD OF THOSE ATTACKERS?

I THINK FOR ONE BEING DISRUPTIVE FOR THE ATTACKER IS REALLY IMPORTANT.

CHANGING THE LANDSCAPE FOR A CAMPUS AS MUCH AS POSSIBLE AS QUICKLY AS POSSIBLE IS AS IT IS IS A GREAT DEFENSE ON OUR CAMPUS.

WE SEE ROUGHLY 18 MILLION ATTACKS A DAY.

AND WHEN THE GUYS ARE LOOKING ACROSS OUR CAMPUS TO FIND VARIOUS TARGETS IF YOU'RE UPDATING YOUR SYSTEMS IF YOU'RE IF YOU'RE CHANGING THAT LANDSCAPE ON A REGULAR BASIS THAT MAKES IT HARDER FOR THE BAD GUYS TO TO FIND A BEACHHEAD TO INITIATE GOOD AND PIVOT LATERALLY FROM THERE.

SO THAT'S ONE THING.

I THINK THE OTHER THING IS THIS BEING BEING REALLY DILIGENT AROUND USING AUTOMATION AS MUCH AS POSSIBLE SO AUTOMATING YOUR RESPONSE TO DIFFERENT ATTACKS OR ALREADY DIFFERENT COUNTERMEASURES SO IF YOU NEED TO ACTUALLY RESPOND TO A BREACH SYSTEM THAT YOU AUTOMATE THAT YOU CAN ACTUALLY JUST DO THAT IN THE WEE HOURS OF THE NIGHT WITHOUT HAVING A HUMAN LAY EYES ON IT.

THOSE ARE REALLY IMPORTANT PROCESS BECAUSE IF YOU CAN AUTOMATE THAT ONCE YOU DETECT THE THREAT YOU PREVENT THAT THREAT FROM FESTERING AND GETTING GETTING GETTING WORSE AND SPREADING ACROSS YOUR CAMPUS.

SO THAT'S THAT'S HUGE I THINK.

SO THE IMPORTANCE FOR AUTOMATION IS THAT SPEED OF THE RESPONSE TO THE ATTACK.

YEAH AND WHAT YOU SEE A LOT OF TIMES THAT THERE'S SOMETHING CALLED BREAKOUT TIME FROM NATION ATTACK ATTACKERS FOR EXAMPLE SO RUSSIA HAS A BREAKOUT TIME OF ROUGHLY 19 MINUTES.

CHINA HAS A BREAKOUT TIME OF ROUGHLY TWO TO FOUR HOURS.

SO IF YOU CAN IF YOU CAN AUTOMATE THAT TIME TO YOUR RESPONSE.

SUCH THAT YOU ARE BEATING THEIR BREAKOUT TIMES YOU CAN YOU CAN YOU CAN CUT DOWN A LOT OF THAT THAT FALL OUT THAT MIGHT OCCUR FROM FROM A FROM A COMPROMISED RIGHT.

MM HMM.

KEVIN FROM YOUR PERSPECTIVE WHAT POSES THE BIGGEST CYBERSECURITY RISK TO UNIVERSITIES.

THE BIGGEST RISK TO UNIVERSITY IS THE VERY STRUCTURE OF THE AMERICAN SYSTEM OF HIGHER EDUCATION.

WHAT WHAT MAKES US SO GREAT THAT SENSE OF OPENNESS THAT SENSE OF COLLABORATION THE WILLINGNESS TO SHARE IS ALSO THE VERY SAME THING THAT MAKES US BULL VULNERABLE.

WHEN YOU LOOK AT THE U.S.

BASED SYSTEM OF HIGHER EDUCATION IT'S IT'S BUILT ON THAT SYSTEM OF OPENNESS AND STRONG COLLABORATION.

IT'S BUILT ON A WILLINGNESS FOR FACULTY MEMBERS OR RESEARCHERS TO GET TOGETHER AND PUSHED THE EDGES OF SCIENCE TO ADD TO THE BODY OF KNOWLEDGE.

IT'S A SYSTEM BUILT ON BEING INNOVATIVE AND WHEN IT COMES TO DEFENSIVE MEASURES THOSE SAME KINDS OF THINGS THAT MAKE US GREAT OFTEN MAKE IT VERY DIFFICULT TO IMPLEMENT DEFENSIVE MEASURES IN THE CYBER ARENA.

THANKS KEVIN.

STAY WITH US.

TECHNICALLY SPEAKING TV WILL BE BACK IN A MOMENT.

EVERY OCTOBER THE DIVISION OF I.T.

NATIONAL CYBERSECURITY AWARENESS MONTH WITH THE RELEASE OF A NEW ONLINE GAME THESE GAME QUIZZES PLAYERS ON EVERYTHING FROM MALWARE AND PHISHING TO ONLINE SAFETY OVER THE YEARS THE CAMPAIGN HAS WON A NUMBER OF AWARDS INCLUDING THE BEST OF TEXAS IN 2019.

THE CAMPAIGN WAS FEATURED IN A SPECIAL GUIDE FROM THE CHRONICLE OF HIGHER EDUCATION.

PREVIOUS GAMES CAN BE FOUND AT YOUNG TAMC.

THAT LAST GAMES THE 2019 GAME THE AGGIE CYBER SECURITY CIRCUITS CAN BE PLAYED AT ITV THAT TAMC THAT YOU SLASH CYBER CIRCUS.

WELCOME BACK TO TECHNICALLY SPEAKING TV.

WE LIVE IN A WORLD WHERE IT SEEMS THAT ALMOST EVERYTHING IS CONNECTED TO THE INTERNET FROM THERMOSTATS AND REFRIGERATORS TO CARS AND EVEN FISH TANKS KNOWN AS THE INTERNET OF THINGS.

DO THESE POSE A SECURITY OR PRIVACY RISK.

CAMP MOST DEFINITELY.

SO TO THE MOST PARANOID FOLKS LIKE ME I THINK FOR SURE THESE DEVICES BRING A LOT OF GREAT CONVENIENCE TO AH TO OUR OUR OUR DAY TO DAY ACTIVITIES BUT WE HAVE BECOME MORE RELIANT ON THE COMPANIES THAT MANUFACTURE THESE DEVICES TO A ENSURE THAT THEY'RE ACTUALLY BUILDING THE DEVICES SECURELY SO THEY DON'T POSE A RISK AND B THAT THEY'RE NOT PUTTING PUTTING OTHER HARDWARE OR OTHER CAPABILITIES INTO THESE DEVICES THAT THEY DON'T DISCLOSE TO US.

SO WE BRING THESE DEVICES INTO OUR MOST SACRED SPACES AND A LOT OF TIMES AND WE TRUST THOSE VENDORS ARE KEEPING US SAFE.

TYPICALLY WE'VE NOT HAD TO REALLY RELY ON THAT TYPE OF LEVEL OF TRUST FOR OTHER THIRD PARTIES BUT AS WE BRING THESE MEASURES OF NETWORKS INTO OUR HOMES AND INTO OUR CARS AND INTO OUR MOST PERSONAL SPACES WE REALLY HAVE TO BE MINDFUL OF WHAT WE ARE EXPOSING OURSELVES TO.

ALSO THESE COMPANIES A LOT OF TIMES DON'T NECESSARILY JUST WANT TO FREELY DELIVER SERVICE TO US.

WE ARE THE COMMODITY OF A LOT OF THESE CASES.

SO THEY WANT TO MINUS MY DATA ABOUT THIS THEY WON'T UNDERSTAND WHAT WE DO WITH THEIR TECHNOLOGY AND HOW WE USE THEIR MAYBE THEIR COMPETING PARTNERS TECHNOLOGIES.

SO WE HAVE TO BE MINDFUL OF THAT THAT WE ARE NOT JUST CONSUMING A SERVICE WE ARE WE ARE THE SERVICE IN SOME CASES.

SO WHEN YOU'RE REFERRING TO THESE DEVICES THAT WE BRING INTO PRIVATE SPACES IN OUR HOMES YOU MEAN THINGS LIKE ALEXA OR SIRI OR EVEN THE NEST RECENTLY IN THE LAST YEAR OR SO THERE WAS A DISCLOSURE THAT THEY HAD A MICROPHONE THAT HAD NOT BEEN DISCLOSED PREVIOUSLY SO THERE ARE THERE ARE LEGITIMATE DEVICES THAT WE'RE BRINGING INTO OUR HOMES THAT MIGHT BE LISTENING TO US IN WAYS THAT WE DIDN'T THINK ABOUT OR MIGHT BE CAPTURING THINGS ABOUT THAT WE DID NOT ANTICIPATE.

MICHAEL LET'S TALK A LITTLE BIT ABOUT THESE INTERNET OF THINGS OR IO T DEVICES WHEN WE HAVE FACULTY STAFF AND STUDENTS ON CAMPUS CONNECTING THESE TYPES OF DEVICES TO THE TEXAS AM NETWORK.

WHAT TYPE OF RISKS DOES WELL FIRST I'D LIKE TO KIND OF REITERATE WHAT CAMP SAID.

IT IS NOT ONLY THE DEVICES IN OUR HOMES BUT ALSO THE DEVICES THAT COMPANIES PURCHASE FROM MANUFACTURERS THESE DEVICES DO SEND DATA BACK TO THE MANUFACTURERS A LOT OF DATA IN SOME CASES WHETHER IT'S FOR SERVICING WHETHER IT'S FOR DATA MINING.

SO THAT IS ABSOLUTELY TRUE.

I BELIEVE IN FIVE SIX YEARS FROM NOW THERE'S AN ESTIMATE THAT WE'LL HAVE ABOUT 75 BILLION IO T DIFFERENT IO T DEVICES IN SOME FORM OR FASHION ATTACHED TO DIFFERENT NETWORKS THE PROBLEM WITH THESE IOT DEVICES CURRENTLY IS THAT THEY'RE ALWAYS ON MOST OF THE TIME AND THEY ARE HARD OR IN SOME CASES IMPOSSIBLE TO PATCH AND SECURE.

I'VE I'VE WORKED FOR PRODUCT SECURITY FOR A MANUFACTURING COMPANY.

AND TO ANSWER IT TO GO BACK TO ANSWERING YOUR QUESTION I CAN TELL YOU THAT THE NUMBER ONE MOST EFFECTIVE THING IN SECURING IO T OR DIFFERENT TYPES OF DEVICES IS PUTTING PRESSURE ON MANUFACTURERS TO BAKE IN SECURITY INTO THESE DEVICES BECAUSE AT THE END OF THE DAY MANUFACTURERS PRODUCE DEVICES TO MAKE A PROFIT AND IF IF THERE IS A REALIZATION AS HAS BEEN HAPPENING FOR THE LAST FEW YEARS AMONGST MANUFACTURE IS THAT UNIVERSITIES CORPORATIONS ORGANIZATIONS DIFFERENT GOVERNMENT ENTITIES JUST SIMPLY WON'T BUT WON'T PURCHASE THESE DEVICES UNLESS THEY CAN BE ASSURED AND VERIFIED THAT THESE DEVICES ARE CODED SECURELY ARE DESIGNED SECURELY SO ON AND SO FORTH THAT GOES A LONG WAY IN SECURING THESE DEVICES WHETHER FOR HOME USE OR WHETHER FOR COMPANY USE FOR BUSINESS USE.

NOW THE SOMETHING THAT WE CAN DO INTERNALLY IS PURPOSEFUL MMMM NETWORKING MEANING NETWORK SEGMENTATION.

RIGHT.

SO FROM A BUSINESS PERSPECTIVE AGAIN TODAY IT'S VERY HARD TO SECURE INDIVIDUAL DEVICES BUT WE CAN SEGMENT OFF SERIES OF DEVICES INTO INTO CERTAIN NETWORK SEGMENTS AND MONITOR THOSE SEGMENTS ALSO SOMETHING THAT RELATES BACK TO THE UNIVERSITY WHETHER IT'S UTI OR WHETHER IT'S ST.

AM OR ANY OTHER UNIVERSITY IS FROM A BIOTECH PERSPECTIVE OR DEVICE PERSPECTIVE SECURITY AND CENTRAL INFORMATION TECHNOLOGY SHOULD BE IN THE LINE OF PURCHASING THESE DEVICES BECAUSE AGAIN IF THESE DEVICES AT SOME POINT HIT A CENTRAL GATEWAY THAT HAS SECURITY INVOLVED WE CAN PUT THAT PRESSURE ON THE MANUFACTURERS.

WE CAN REVIEW OR ASSESS THESE DEVICES TO SEE WHETHER THEY'RE SECURE OR NOT AND ALSO IN THE INSTALLATION OF THEM WHERE THEY GET INSTALLED AND WHAT NETWORK SEGMENTS THEY GET INSTALLED?

SO REALLY A COMBINATION OF THOSE THINGS CURRENTLY WILL HELP IMPROVE THE SECURITY OF IATA.

SO TAKING THIS A LITTLE CLOSER TO HOME WHAT ARE SOME THINGS THAT AN INDIVIDUAL COULD DO TO PROTECT OUR DATA AND OUR TECHNOLOGY.

A LOT OF TIMES WHEN WE'RE TEACHING STUDENTS IN THE CLASS THAT I HAVE WE ASK THEM TO REALLY CONSIDER HOW THE TECHNOLOGY THEY USED TODAY IN A GIVEN DAY AFFECTS PERSONALLY THAT A LOT OF TIMES STUDENTS DON'T EVEN CONSIDER HOW THE PRIVACY IN SOME CASES BEING TRAMPLED ON BY SOME OF THESE PRODUCTS.

THEY JUST WANT TO USE THE TOOLS THAT ARE THAT ARE AVAILABLE SO TO SO I THINK JUST BEING BEING MORE VIGILANT AND AND UH CREATING MORE OF A RATIONAL DISTRUST OF THINGS.

OUR QUESTION OF THINGS IS HOW DOES THIS WORK HOW ARE THEY USING MY DATA.

THAT'S THAT'S WHAT I WANT TO BUILD INTO MY KIDS AND INTO THE STUDENTS THAT ARE ON OUR CAMPUS.

QUESTION THANKS I'M JUST ACCEPT THEM AS THEY ARE NOW BECAUSE THEY'RE NOT ALWAYS AS YOU MIGHT EXPECT.

AND THEN ALONG THE LINES OF NETWORKING JUST MAKING SURE THAT YOU CAN ACTUALLY DO THAT SEGMENTATION LOCALLY AT HOME MAYBE THAT YOU YOU'RE NOT EXPOSING THOSE DEVICES TO A TOOL A WIDE OPEN NETWORK THAT YOU'RE AT YOUR HOME ON CAMPUS.

YOU KNOW WE WILL CREATE DIFFERENT STRIATIONS OF SYSTEMS TO SAVE YOU KNOW THE ELEVATORS OR IN NETWORK THE SPRINKLER SYSTEMS IN THIS NETWORK AND KEEPING THAT WALLED OFF IS REALLY REALLY IMPORTANT BECAUSE A LOT OF THESE DEVICES CANNOT BE SECURED OR THE VENDORS MIGHT NOT NECESSARILY EVEN BE AROUND IN THE NEXT FIVE YEARS WITH SOME THESE DEVICES ARE ENGINEERED FOR 10 AND 15 YEAR DEPLOYMENTS SO KEEPING THAT IN MIND THE ATTACK SURFACE CHANGES QUITE A BIT TO ANTICIPATE A NEW SET OF ATTACKS.

SO IF YOU'VE GOT YOUR CLOCKS AND ALL OF YOUR CLASSROOMS NETWORKED AS OUT DEVICES ANTICIPATE AN COX FROM STUDENTS WHO WANT TO GO TO CLASS EARLY BECAUSE THAT COULD HAPPEN.

IT'S THE MODERN VERSION OF PULLING THE FIRE ALARM WHEN YOU DON'T WANT TO TAKE A TEST RIGHT.

MICHAEL WOULD YOU SAY THAT THESE ARE REASONS WHY IT'S IMPORTANT FOR US TO ENCOURAGE STUDENTS TO ENTER THE CYBERSECURITY FIELD.

ABSOLUTELY.

ABSOLUTELY.

I I TRULY BELIEVE I.T.

IN GENERAL BUT SPECIFICALLY THE CYBERSECURITY FIELD IS OBVIOUSLY IT IS IT IS GROWING AT A PRETTY FAST PACE.

I THINK IT'S GOING TO GROW EVEN FASTER.

GOING BACK TO THE I.T.

OR MEDICAL DEVICE ALL SORTS OF DEVICES HOME USE DEVICES THESE ARE EXPLODING I MEAN JUST JUST THINK ABOUT IT HOW LONG HAVE WE TALKED ABOUT CARS SELF-DRIVING CARS AND SO ON AND SO FORTH.

WELL SOON THIS IS GOING TO BECOME MORE AND MORE OF A REALITY AND IMAGINE THE AMOUNT OF EFFORT AUTOMATION PEOPLE THOUGHT PROCESSES THAT HAVE TO GO INTO SECURING THOSE THINGS BECAUSE REALLY PEOPLE'S LIVES ARE AT DANGER AT THAT POINT.

IF CERTAIN CARS GET HACKED AND AND THERE'S ALREADY BEEN EVIDENCE OF CARS BEING HACKED MANY TIMES.

SO THAT ALSO FROM A MEDICAL PERSPECTIVE AS WEARABLES BECOME INSERT REBELS AS MEDICAL DEVICES AND OHIO T'S BECOME MORE AND MORE AS WE MOVE INTO THE FUTURE PART OF HUMAN FUNCTION OR MEDICAL ANALYSIS WILL THESE DEVICES AGAIN GOING BACK TO DEFIBRILLATORS BEING HACKED AND PACEMAKERS AND CHILD HEART MONITORS AND SO ON AND SO FORTH.

IT BECOMES A MORE IN A MORE IMPORTANT ARENA IN FIELD THAT MORE WE NEED MORE PEOPLE.

CURRENTLY WE DO HAVE A SHORTAGE IN CYBERSECURITY AND GOOD CYBERSECURITY TALENT AND I THINK THE PROBLEM IS THAT CYBERSECURITY IS KIND OF LIKE THE SURGERY PART OF THE MEDICAL FIELD MEANING IN ORDER TO BE A GOOD CYBERSECURITY PROFESSIONAL.

YOU WOULD HAVE HAD TO GO THROUGH THE PROGRAMMING AND NETWORKING AND SO ON AND SO FOR SO YOU DO HAVE TO UNDERSTAND HOLISTICALLY HOW TECHNOLOGY WORKS HOW IT'S INTERCONNECTED AND HOW IT RELATES TO THE INDUSTRY OR THE CORPORATION COMPANY OR BUSINESS YOU'RE IN.

IN ORDER TO ULTIMATELY BE ABLE TO CONDUCT CYBERSECURITY EFFECTIVELY AS A CYBERSECURITY PROFESSIONAL.

SO IT'S NOT SOMETHING YOU CAN JUMP IN IN SIX MONTHS ALL OF A SUDDEN BECOME A CYBERSECURITY TO CYBERSECURITY PROFESSIONAL.

IT DOES REQUIRE YEARS AND YEARS OF EXPERIENCE AND PAYING ATTENTION AND ANALYSIS AND THAT'S WHY THERE'S A SHORTAGE AND THAT'S WHY I THINK IT'S GOING TO EXPLODE EVEN MORE AS FAR AS THE NEED FOR CYBERSECURITY PROFESSIONALS.

AND SO I ENCOURAGE ANYONE WHO HAS AN INTEREST IN TECHNOLOGY TO CONSIDER THE CYBERSECURITY FIELD.

MICHAEL STAY TUNED.

TECHNICALLY SPEAKING TV WILL BE BACK IN A MOMENT.

WELCOME BACK TO TECHNICALLY SPEAKING TV.

KEVIN WE'VE HEARD THIS TERM INSIDER THREAT USED IN RELATION TO CYBERSECURITY.

CAN YOU TELL US WHAT THAT IS.

AND IF YOU SEE THAT AS A SIGNIFICANT THREAT TO UNIVERSITIES AND TO RESEARCH INSTITUTIONS SURE THE UNITED STATES COMPUTER URGENCY READINESS TEAM DEFINES INSIDER THREAT AS THE POTENTIAL FOR AN INDIVIDUAL WHO HAS OR HAD AUTHORIZED ACCESS TO AN ORGANIZATION'S ASSETS TO USE THEIR ACCESS EITHER MALICIOUSLY OR UNINTENTIONALLY TO ACT IN A WAY THAT COULD NEGATIVELY AFFECT THE ORGANIZATION.

SO INSIDER THREAT IS A CONSIDERABLE PROBLEM FOR UNIVERSITIES AND RESEARCH INSTITUTES AND OFTEN IN WAYS THAT PREVIOUS PRIVATE INDUSTRY DOESN'T HAVE TO CONSIDER FIRST.

UNIVERSITIES WELCOME STUDENTS AND VISITING SCHOLAR AND FACULTY FROM ALL OVER THE WORLD TO COLLABORATE AND TO PUSH THE BOUNDARIES OF SCIENCE AND KNOWLEDGE THIS COLLABORATION DOES NOT ALWAYS COME WITH AN EXTENSIVE VETTING THAT YOU WOULD BE ABLE TO DO IN PRIVATE INDUSTRY.

THE WHOLE IDEA BEHIND ACADEMIC COLLABORATION IS TO SHARE INFORMATION AND PUSH THE BOUNDARIES OF SCIENCE.

THE WILLINGNESS ITSELF TO SHARE THAT INFORMATION COUPLED WITH RELATIVELY EASY ACCESS TO OUR NETWORKS.

CAN POSE A SIGNIFICANT RISK IF UNIVERSITIES AREN'T AWARE AND ACTIVELY MANAGING THAT PROBLEM WELL.

CAN YOU TALK A LITTLE ABOUT SOME OF THE NATIONAL CYBERSECURITY EFFORTS.

THE TEXAS I M IS PARTICIPATING IN.

SURE IN 2018 THE TEXAS YOUNG AM UNIVERSITY SYSTEM WAS INSTRUMENTAL IN STARTING THE ACADEMIC SECURITY AND COUNTER EXPLOITS PROGRAM.

THIS IS A NATIONAL LEVEL ORGANIZATION THAT IS FOCUSED ON AWARENESS AND TRAINING OF NOT ONLY CYBERSECURITY BUT THE LARGER RISK TO OUR RESEARCH SECURITY EFFORTS ACROSS THE COUNTRY.

WE HAVE MORE THAN TWO HUNDRED AND FIFTY INDIVIDUALS INVOLVED TODAY FROM OVER A HUNDRED UNIVERSITIES AND THIS IS SOMETHING THAT THAT WE ARE WORKING WITH ON A DAILY BASIS TO MAKE OUR UNIVERSITIES RESEARCH BASE MORE SECURE SO TO WRAP THINGS UP HERE.

I'D LIKE TO SERVE AS ZOOM OUT TO A HIGH LEVEL QUESTION CAMP OF THE CYBER SECURITY THREATS THAT YOU'RE AWARE OF THAT YOU TRACK.

WHAT SCARES YOU THE MOST HUMANS SO HUMANS HUMANS ARE OUR WEAKEST LINK.

A LOT OF CASES THE WE WORK A LOT TO SECURE SYSTEMS AND INFRASTRUCTURE BUT REALLY ARE OUR PEOPLE ARE OUR WEAKEST LINK.

MAKING SURE THAT THEY'RE VIGILANT IS HARD.

MAKING SURE THEY UNDERSTAND TECHNOLOGY IS HARD.

MAKING SURE THEY DON'T CLICK THAT LINK IS REALLY HARD BUT ALSO MAKING SURE THAT THE FOLKS THAT ARE DEVELOPING SYSTEMS THAT WE CONSUME SERVICES THAT WE CONSUME UNDERSTAND TECHNOLOGY SO ALL TOO OFTEN WE WILL REVIEW AND I'M SURE YOU GUYS RUNNING THIS TOO WILL REVIEW DIFFERENT THIRD PARTY APPLICATIONS OR PRODUCTS WHERE THEY HAVE SIGNIFICANT VULNERABILITIES OR EXPOSURES IN THOSE PRODUCTS?

THESE ARE WELL-ESTABLISHED COMPANIES AND A LOT OF CASES SERVE IN MANY MANY BROAD AUDIENCES BUT THEY JUST DIDN'T UNDERSTAND THAT FUNDAMENTAL THING ABOUT HOW THE DOWNSTREAM TECH STACK WORKED OR SOME OTHER COMPONENT OF WHAT THEY WERE RELYING ON UPSTREAM WORKED.

SO IT CREATED AN EXPOSURE.

SO I THINK WE'VE MOVED AWAY AND A LOT OF CASES FROM THIS NOTION OF HAVING A DIGITAL NATIVE TO APPLICATION NATIVES WE DON'T HAVE.

WE TALKED ABOUT THIS IN TERMS OF FOLKS UNDERSTANDING TECHNOLOGY WE DON'T HAVE AS MANY PEOPLE I THINK THAT HAVE A WELL ROUNDED UNDERSTANDING OF TECHNOLOGY TODAY AND IT CREATES A LOT OF GAPS SO HUMANS ARE MY BIGGEST CONCERN HUMANS?

ALL RIGHT KEVIN WHAT THREAT CONCERNS YOU THE MOST THE INSIDER THREAT BY FAR.

WHEN YOU LOOK AT THE U.S.

SYSTEM OF HIGHER EDUCATION IT IS THE BEST IN THE WORLD BECAUSE OF OUR SENSE OF OPENNESS OUR WILLINGNESS TO COLLABORATE AND THE EXTREME INNOVATION THAT WE HAVE IN THE UNITED STATES BUT WHEN IT COMES TO THE INSIDER THREAT THAT SAME THING THAT MAKES US GREAT IS THE VERY SAME THING THAT MAKES US VULNERABLE.

SO OUR CHALLENGE IS TO PROTECT WHAT IS BEST ABOUT OUR SYSTEM OF HIGHER EDUCATION WITHOUT DAMAGING IT.

AT THE SAME TIME.

OK.

SO MICHAEL SAME QUESTION.

LAST QUESTION WHICH CYBER SECURITY THREAT CONCERNS YOU THE MOST.

WELL AS FAR AS CYBERSECURITY THREAT THREATS GO IN THE IN THE CORPORATE WORLD OR AT WORK.

RANSOMWARE IS IS THE ONE THAT I'M CONCERNED WITH THE MOST.

I THINK THAT'S CURRENTLY THE MORE PREVALENT TYPE OF ATTACK THAT REALLY REQUIRES IT S IT IS HARD TO CATCH UP WITH AND STOP ONCE ONCE IT'S INSIDE OF YOUR NETWORK.

AND SO IT'S THE MOST VISIBLE AND SO ON AND SO FORTH.

BUT FROM A MORE HOLISTIC PERSPECTIVE THE SECURITY ISSUES WITH THE INTERNET OF THINGS IS OF THE MOST CONCERN AGAIN.

WE ARE BECOMING MORE AND MORE ACROSS THE GLOBE NOT JUST IN MORE INDUSTRIALIZED COUNTRIES BUT ACROSS THE GLOBE AS MORE COUNTRIES BECOME INDUSTRIALIZED LIKE UNITED STATES AND WE ARE BECOMING A WEB OF INTERCONNECTED DEVICES AND AND SO A RASH OF ATTACKS BASED ON VULNERABILITIES THAT EXIST CURRENTLY OR COULD EXIST IN THE FUTURE WITH FUTURE RAH DEVICES IS WHAT REALLY CONCERNS ME.

GOING BEYOND THE WORKPLACE I KNOW THAT THE MOST SIGNIFICANT OR MOST EXPENSIVE CYBER ATTACK IN 2080 SCENE WHICH WAS CALLED WANT TO CRY SIGNIFICANTLY IMPACTED THE NATIONAL HEALTH SYSTEM IN THE UK.

THAT WAS A FORM OF RANSOMWARE RIGHT THAT YOU MENTIONED EARLIER.

YES IT WAS YES IT WAS A UNFORTUNATELY I HAD TO DEAL WITH THAT THAT EXACT TYPE OF ATTACK AND IN ANOTHER IN ANOTHER INDUSTRY IN ANOTHER COMPANY.

AND IT TRULY IS A VERY HARD THING TO GET AHEAD OF AND STOP ONCE IT'S HIT YOUR NETWORK ONCE IT'S INSIDE YOUR NETWORK AND IT STARTED STARTED PROLIFERATING.

SO THAT IS TOP OF MIND FOR ME AND FOR AN INDIVIDUAL A LAY PERSON IF THEY FIND THEMSELVES THE VICTIM OF THIS TYPE OF RANSOMWARE.

IS THERE A WAY FOR THEM TO PROTECT THEMSELVES WHAT DO THEY DO?

HOW DO THEY RESPOND?

WELL ONCE YOU'VE DISCOVERED DO YOU HAVE RANSOMWARE.

RANSOMWARE HAS HIT YOU BECAUSE YOU GET A PROMPT ASKING FOR MONEY REALLY.

THE THING THAT YOU NEED TO DO IS CONTACT THIS SECURITY ORGANISATION IN YOUR COMPANY OR AT YOUR UNIVERSITY AS FAST AS POSSIBLE TIME REALLY IS OF THE ESSENCE IN THESE TYPE OF ATTACKS.

SO AS SOON AS YOU SEE THAT YOU HAVE TO IMMEDIATELY CONTACT SECURITY HELP THEIR SECURITY HOWEVER YOUR ORGANISATION IS STRUCTURED I UNDERSTAND THAT THE STATE OF TEXAS RECENTLY EXPERIENCED A CERTAIN NUMBER OF RANSOMWARE ATTACKS WITHIN CITIES AND COUNTY GOVERNMENTS IS THERE A WAY TO RESPOND TO THESE OTHER AND SIMPLY ROLLING BACK TO BACKUP.

IS THAT THE PRIMARY RESPONSE THAT YOU'VE SEEN IN SOME CASES THE BACKUP IS THE ONLY OPTION.

IN OTHER CASES THE INFRASTRUCTURE MIGHT NOT HAVE BEEN SIGNIFICANTLY IMPACTED AND YOU CAN JUST BLOW THE INFRASTRUCTURE AWAY AND RESTART FROM FROM BARE METAL AS IT WERE.

SOME SOME SOME ORGANIZATIONS OR MMMM POLICE DON'T HAVE THE LUXURY OF HAVING SOPHISTICATED I.T.

OPERATIONS OR STAFF WHO ARE READY TO SERVE THEM SO WHEN THEY GET HIT BY THESE THESE UH THESE THESE INSTANCES THEY CAN BE VERY DISRUPTIVE TO THEM AND THEY DON'T REALLY HAVE A BACKUP TO FALL BACK ON.

SO I THINK WHAT WE FIND IS A LOT OF THOSE COMMUNITIES JUST KIND OF THEY DON'T NECESSARILY ENTERTAIN THE IDEA OF PAYING THE RANSOM BUT THEY JUST DISCONNECT IT REBUILD AND KEEP GOING WE'VE WE'VE EVEN SEEN SOME PLACES GO BACK TO PAPER OPERATIONS AS THE RECOVERY SO HAVING A GOOD BACKUP PLAN THAT DOES NOT REQUIRE A COMPUTER IS ACTUALLY A REALLY GOOD THING IN THE TRADITIONAL ACADEMIC SENSE.

IF YOU'RE HEADED TO USE THESE CHALKBOARDS UH MAYBE MAYBE THAT'S OK.

SO IF YOU IF YOU HAD IF YOU HAVE OTHER MECHANISMS TO PROVIDE YOUR SERVICES MAYBE THAT'S A GOOD THING TO HAVE AS A BACKUP PLAN.

ALL RIGHT WELL GENTLEMEN THANK YOU ALL VERY MUCH FOR JOINING US.

CYBER SECURITY IS A CONCERN THAT IS ONLY GOING TO CONTINUE TO GROW AS TECHNOLOGY ADVANCES TO KEEP YOU SAFE ONLINE.

THE DIVISION OF INFORMATION TECHNOLOGY CREATES A NEW CYBERSECURITY AWARENESS GAME EACH YEAR.

IF YOU'D LIKE TO TEST YOUR SKILLS WE INVITE YOU TO TRY OUR AWARD WINNING GAMES AT YOUNG T YOU DON'T NEED TO USE FLASH GAMES.

THANKS AGAIN FOR WATCHING WE HOPE THAT YOU WILL JOIN US ON THE NEXT EPISODE OF TECHNICALLY

Support for PBS provided by:

Technically Speaking TV is a local public television program presented by KAMU