Last fall the FBI arrested a 100-person global criminal ring for phishing, a cyber crime that lures online users into sharing their private data, and in February CNN aired a dramatic broadcast on cyber warfare. More recently, Google announced it was pulling its search engine in China after the company experienced a series of cyber attacks and mounting frustration with the country’s Internet censorship laws. Cyber crime, it would seem, is everywhere — precisely the point industry professional Robert Giesler likes to drive home. NYU-Poly met with Giesler, vice president of cyber programs at technology firm SAIC, for a sneak preview of the important issues he’ll present this Wednesday, April 7 at his lecture "Cyber Conflict: Fact and Fiction."
Q: You’ve said raising public awareness about cyber attacks is a strategic imperative. Why?
A: The amount of e-crime and cyber theft going on in the United States probably totals up to billions of dollars in lost revenue and intellectual property. If you aren’t aware that it’s happening, you’re never going to know how to protect your information adequately, so national leadership from the president on down is imperative.
Q: Which cyber security issue deserves more attention than it receives?
A: The role of the public needs to be emphasized. Quite frankly, the dialogue now is between government and the commercial sector, yet most of the tens of thousands of computers controlled by criminal rings in nation-states are actually personally-owned computers. If you don’t know enough to put anti-virus software on your computer and to update that software, or if you don’t understand there are already people out there reading your data, then you become part of the problem.
Q: It sounds like you’re emphasizing user behavior rather than hard- or software that protects cyber data.
A: The most striking note about cyber security is that the greatest vulnerability is human behavior. I can build the strongest network known, but if the operator is of ill intent, the network will be penetrated every time. The greatest return on investment is to focus on training and education. Technology will always adapt. Technology will always be there, but we frequently undersell the value of the human in network behavior.
Q: What types of workers will the cyber security field need in the future? How might a student best position him- or herself to qualify for those positions?
A: There is an acute demand for a combination of political science and technology degrees. If you have a degree in either direction, go out and get some practical experience in the other discipline. It’s critical to have people driving public policy that have a good, strong backing — either practical or academic — in both. Stay at NYU-Poly, get a master’s, and you will be well considered in industry as well as in government. SAIC is very excited to be teaming with NYU-Poly.