Tuesday, October 1, 2019

Cybersecurity and Vulnerability - Brilliant Lecture by Dr. Art House, Chief Cybersecurity Risk Officer of Connecticut

After teaching my Transportation and Logistics class this morning, it was time to help host the guest lecture of Dr. Arthur H. House, who is the Chief Cybersecurity Risk Officer of Connecticut. Former Isenberg School Dean, Dr. Thomas O'Brien, had made the introductions to Dr. House, for me and my great Finance colleague, Professor Mila Sherman. His lecture was part of the UMass Amherst Security Series.  The topic of his talk was: Cybersecurity and Vulnerability. Mila and I had had several grants on cybersecurity with colleagues from the Isenberg School and the College of Engineering and both of us continue to do research and to publish in this area. The UMass Amherst INFORMS Student Chapter also helped to publicize his talk and the turnout was fabulous, with students and faculty from multiple schools and colleges at UMass Amherst!

We began his visit with a nice lunch at the University Club and we talked for 2 hours!
Joining Dr. House and me at lunch were: former Dean Tom O'Brien, a friend of House's for 6 decades, Chris Misra, who is the CIO at UMass Amherst, and Professor Mila Sherman.

Dr. House has had an incredible career, having earned his PhD at the Fletcher School of Diplomacy at Tufts University.  He became the Chief Cybersecurity Risk Officer for the State of Connecticut in October 2016, after four years as Chairman of Connecticut's Public Utilities Regulatory Authority (PURA). He recently returned from speaking in Latvia (and we compared notes, given my recent visit to Kyiv, Ukraine). His work includes cybersecurity strategy and action plans in the Black Sea and Balkan regions.  
He has worked in national security, and served as Director of Communications in the Office of the Director of National Intelligence and the National Geospatial-Intelligence Agency.  As a White House Fellow, he was Special Projects Officer at the National Security Council. Tom O'Brien was also a White House Fellow. House spent 10 years in the Congo, and shared some of those fascinating experiences with us at lunch. He also worked for the World Bank and  was a Congressional Adviser to the United States Mission to the United Nations.
In the United States Senate, Dr. House was Chief of Staff to Senate Majority Leader Robert Byrd and Senator Abraham Ribicoff and Legislative Assistant to Senator Chris Dodd.  Amazingly, as can be seen from various writeups on his career, specific assignments included the Camp David Peace Agreement, the Strategic Arms Limitation Treaty and the Tokyo Round Trade Negotiations. The stories he shared with us at lunch even included the SALT negotiations at which he was present in Russia, with Brezhnev in attendance. It is not every day that you get to have lunch with someone who has taken part in major historical events in the US!  And can he do imitations of famous people; honestly, SNL should just hire him. His ability to reproduce accents is simply incredible and hilarious.
Since there were no classrooms available for this guest lecture at Isenberg, since it was prime class time, his talk took place at the Computer Science building. It was good to walk after the leisurely lunch (and we did share desserts).
Dr. Mila Sherman  introduced our speaker and then he began his mesmerizing lecture, which had the audience at the edge of their seats throughout.

He began his lecture by sharing some personal details and then asked the question: "Are we safe" and answered: "Of course, not!" We can't assume that a business or organization is safe from cyberattacks since even the Pentagon has been compromised.
He made the following points, which he then elaborated upon:
1. We are dependent on the digital world (computers and Internet) and, hence, vulnerable;
2. We need to protect ourselves;
3. We need to anticipate strategic surprises, and
4. States must play a critical role in cyber defense.
He emphasized that the advantages of cyber are immense from air traffic control to critical infrastructure but so are the vulnerabilities. The Internet was not designed with security in mind since it was supported by DARPA and was initially for academics who trusted one another. He envisions 3 Internets eventually, with Bakanization, and you can probably guess who would be behind the other two.
He spoke about who is behind the threats and the monetary aspects of selling the hacked products (which I have actually published a paper on in the INFORMS journal Service Science). Even health records are commodities that can be sold. He talked about phishing attacks as well as ransomware with the latter sometimes targeting smaller enterprises from hospitals to municipalities, etc. for payments in bitcoins.
Sadly, he stated that the "US is losing its edge" in cyber defense and also spoke about cyberwar and asymmetries.
He spoke about certain nation states targeting our elections and critical infrastructure and the details that he had were quite frightening. And, he even showed a slide of Kyiv at night after the cyberattack in 2015 on its power grid.
He emphasized that we need norms and rules and he suggested a great idea - for businesses and organizations to have a cyber rating similar to a credit score, and this would be audited regularly, since one's brand reputation as well as stock value can be seriously negatively affected after a cyberattack.
"Cyber is the perfect weapon" he said and "We need to defend ourselves." We can't get the feds to do this, so states must, and Connecticut is leading the way! 
He also noted the need to create a positive cybersecurity culture; to plan, and to be ready for the unexpected. Sad to say, he also sees "massive complacency." 

After his talk, Art House stayed to meet and continue the discussions with the audience. I was so delighted that even some of my undergrads, in addition to my PhD students, came. This was an incredible talk and educational experience!
Many thanks to Dr. Tom O'Brien for giving us this incredible opportunity with special thanks also to Professor Brian Levine, the Director of the Cybersecurity Institute at UMass Amherst! The brilliant lecture by Dr. Arthur H. House we will never forget!