A leader in cybersecurity told those gathered for the opening of a three-day summit Wednesday that while there are a number of security problems that remain unaddressed, he ultimately is positive about the future of U.S. cybersecurity efforts.
Currently serving as the director of the Information Innovation Office at the U.S. Defense Advanced Research Projects Agency, John Launchbury acted as the opening keynote speaker for Texas A&M University's Cybersecurity of Critical Infrastructure Summit, sharing his insights into the challenges facing the field, as well as the ways in which his office is working to combat and overcome them.
Defining a cyber attack as "when somebody gets into my machine and does something that I haven't authorized," Launchbury said there are a number of ways -- ranging from simple to complex, multi-step processes -- in which a computer or system could come under attack.
One well-known vulnerability, Launchbury said, is the use of weak passwords, as well as unsafe storage of passwords, such as leaving it written on a sticky-note next to the computer. He said these are easy ways in which cyber attacks can be facilitated.
That said, Launchbury added that he believes users are too often blamed for their part in allowing cyber attacks to occur, with not enough responsibility being passed down the line to developers and manufacturers.
Using Apple as a positive example, Launchbury praised the technology company as a "poster child" for building secured systems that have been designed and are controlled in a way that makes exploitation difficult.
While having a more open system may have its benefits, he said the practice then has potential to open up new vulnerabilities of which can be taken advantage.
"It's not all bad," Launchbury told those gathered at the George Bush Presidential Library. "There's a bunch of things that we have already been able to do in the cybersecurity world that have made a difference."
Launchbury pointed out that over the past five years, email spam has been drastically reduced thanks to new practices put in place through modern email systems like Gmail and on devices like the iPhone.
Launchbury explained that his team is seeking to find ways to achieve three goals they believe will aid in the fortification of cybersecurity: to build in security that will help fight off cyber attacks, find ways to manage the inevitable insecurity of some systems, and to develop a plan of action that will hopefully allow them to be dominant in the cyber realm.
Among the ways Launchbury said DARPA is working to achieve those goals include "cyber-retrofitting" older technologies and vehicles to protect from attack, encouraging the advancement of supercomputer-driven cyber-defense systems and promoting new, better designed systems and practices that will allow for greater protection.
Another way in which Launchbury said cybersecurity is being approached is through an effort to design systems that are too costly and inconvenient for common online users to compromise, effectively leaving only the "peer" nation-states with the resources to conduct such a challenging operation in play.
Looking forward, Launchbury said there are still many questions, ranging from infrastructure to responsibility, left to be answered in the cybersecurity realm -- some of which he hopes are discussed as the summit continues today.
Hosted by the Texas A&M Engineering Experiment Station Texas A&M Cybersecurity Center, the Texas A&M University Institute for Advanced Study and the Bush School of Government and Public Service, the summit is expected to bring together experts across a variety of technical and policy backgrounds.
To learn more about the summit, visit cybersecurity.tamu.edu/cybersummit2017.