A range of topics -- including the seriousness of potential cyber threats, who poses the greatest danger and what steps could be taken to put the U.S. in a better position to ward off attacks -- were discussed Thursday as part of a cybersecurity summit at Texas A&M.
The inaugural Cybersecurity of Critical Infrastructure Summit covered a variety of viewpoints during the all-day event -- offering up some constants, but also challenging the panelists and speakers to confront their differences.
Featuring more than a dozen speakers from government, private industry and academia -- many of whom have a long history with technologies, policies or issues related to cybersecurity -- the interactive sessions sparked both lively debate and a sense of shared uncertainty as to what comes next for the multi-billion-dollar field.
Emphasizing points made Wednesday night by keynote speaker John Launchbury of the Defense Advanced Research Projects Agency, Redseal CEO Ray Rothrock noted the issues that the human element of cybersecurity poses, citing data that roughly 95 percent of successful breaches begin with phishing or social-engineering methods such as using fake emails to get personal information, even as the reported number of cyberattacks continues to increase each year.
Threats against technology first started causing problems in the 1980s, and Rothrock said technology has not kept up with the rate at which threats have matured -- from disruption to crime and now to the level of espionage.
To respond, he said, there needs to be a focus on building "digital resilience" and a comprehensive defense strategy that can help to minimize the impact of cyberattacks.
While attacks on networks, information systems and computers may be more commonly discussed, speakers also addressed critical infrastructure and control systems, such as power grids, which also have potential to be the target of damaging cyberattacks.
Joseph Weiss, an industry expert in electronic security of control systems, repeatedly argued that such infrastructure systems need to receive greater attention and have a higher profile in the cybersecurity discussion.
Particularly, Weiss said he is worried that as systems and information technology cybersecurity rises in public profile, less attention will be paid to control systems until they, too, are seriously targeted.
Looking toward the global arena, nearly all of the speakers agreed that China and Russia currently pose the greatest cyberthreats to the U.S. and are both more advanced in their offensive capabilities.
The subject of some of the most pressing policy questions regarding cybersecurity -- how the U.S. identifies those responsible, seeks to deter further breaches and responds to attacks -- are some of the most opaque.
With varying opinions on each of the three components, some speakers emphasized support for a strong and damaging response -- whether physical or cyber -- as the best way to address cyberattacks, while others supported the idea that finding a way to bolster deterrences ahead of attacks as the most effective strategy.
Others, not interested in spending the necessary resources on the difficult and often imprecise act of trying to identify those responsible for attacks, said they believed putting resources into fortifying cyber defenses is the most likely to succeed.
Although there were a number of disagreements, the speakers nearly all agreed that both rapid innovation and stronger, more open collaborations -- and shared responsibility -- between the public sector, private sector and academia will be crucial to ensure success moving forward.
Robert Butler, co-founder and managing director of Cyber Strategies LLC, specifically praised Texas A&M's efforts thus far, citing the Texas A&M Cybersecurity Center as well as the strong programs it has through the College of Engineering, the Mays Business School and the Bush School of Government and Public Service.
"This is a great opportunity for Texas A&M as you think about this interdisciplinary cyber institute," Butler said. "There are a lot of problems to go around, and I think A&M is in a great position based on its competencies and its partnerships already to take it to the next level."
The summit, which concludes today, is hosted by the Texas A&M Engineering Experiment Station Texas A&M Cybersecurity Center, the Texas A&M University Institute for Advanced Study and the Bush School of Government and Public Service,