SUMIT explores balancing cyber security and privacy
The University of Michigan hosted speakers from the technical, legal and operational sectors of cyber security, to discuss the field’s latest trends and threats for its 12th annual cyber security conference Thursday.
The conference, titled Security at the University of Michigan IT, is the University’s flagship event for National Cybersecurity Awareness Month.
It attracted a wide range of students, faculty and Ann Arbor residents — 700 viewers registered to either attend the event in person or stream it online, for 13 panels. Law Prof. Margo Schlanger was the only female panelist of the 13 at the event, which included public and private sector representatives.
Kelly Auwers, a planner of the event and an administrative assistant for Information and Technology Services, acknowledged the lack of female representation, connecting it to diversity and inclusion in the field of cyber security as a whole.
“Last night, we had our host dinner, and Margo (Schlanger) and I were the only females,” Auwers said. “In ITS, we’ve been having these discussions about why there aren’t more women in tech. And I think there are a lot more now; they’re still kind of working their way up. We have to get them to higher positions, where they could be doing stuff like this.”
Don Welch, the University’s chief information security officer, introduced the first panel with the theme that would run throughout the entire day: the compromise citizens make between civil liberties and cyber security.
“Security is hard,” Welsh said. “It is something that we are going to constantly have to battle with. … I keep thinking that maybe we’ve hit bottom, but nope, we’ve got a ways to go. There are very few ways we can get more secure without giving up something. One of the things we generally have to trade off for more security is privacy. A society has to decide what’s the right trade-off.”
During the panel, “Hacking and Securing the Internet of Things,” the panelists discussed the surge of “smart devices” and their susceptibility to hacks. Panelist Sol Bermann, the privacy officer and IT Policy and Assurance strategist at the University, cited a New York Times article that reported a nearly 70-percent increase in Internet-of-things devices worldwide, which allow for greater internetworking of physical devices and software.
“We’re going to have an omni-connected, Internet-of-things world,” Bermann said.
Panelist Matthew Garrett, the principal security software engineer at CoreOS, noted the negative realities of a world so intensely linked through technology, pointing to the loss of privacy as an example.
“We’ve seen active attacks on celebrities’ email accounts … that contain information about them,” Garrett said. “If you were able to compromise a celebrity in order to obtain a video feed, that could be a very financially lucrative thing for people with loose morals to engage in. But it’s important to remember that not all attacks are driven by financial concern. There are plenty of people on the Internet who are just bored.”
The afternoon’s events expanded to address salient national and current topics, including a pop-up discussion of security and privacy in an age of terrorism. The moderator, Schlanger, asked the panelists to postulate about the challenges facing the next president of the United States.
During the panel, David Medine, former chair of the Federal Privacy and Civil Liberties Oversight Board, emphasized the importance of reestablishing that board, an independent agency within the executive branch formed after 9/11 to ensure the protection of privacy and civil rights in terrorism prevention efforts.
“There are two related things the next president needs to think about,” Medine said. “How do we balance national security, privacy and civil liberties in the next administration? We’re obviously living in a dangerous world, with terrorist attacks at home and abroad. What steps do we take to prevent those and maintain our values of privacy?”