Carnegie Mellon University
October 22, 2018

Breaux Talks Cybersecurity at NCSA/Nasdaq Summit

By Josh Quicksall

Dr. Travis Breaux, Associate Professor in the Institute for Software Engineering, spoke recently as a part of the 2018 NCSA and Nasdaq Cybersecurity Summit. Held at the Nasdaq MarketSite, the summit brings together technical thought leaders to connect and exchange ideas around corporate understanding of risks associated with cybersecurity.

Citing the danger posed by cyberattacks to our nation’s infrastructure, the event featured discussions ranging from how to protect municipalities from attack to building a culture of cybersecurity in large organizations.

Breaux took part in two panel discussions. In the first, “Protecting Our Elections from Domestic and Foreign Cyberattacks”, Breaux suggested that while direct hacking of voting machines is a concern, there are more indirect ways of influencing elections through technology. Breaux noted three examples of such indirect attack:

  1. Influencing voter preferences through adversarial influence, typically via social media;
  2. Undermining motivation, by either convincing voters that their candidate will win so they can stay home, or convincing them that their vote won’t matter;
  3. Destabilizing access, by misinforming voters about long lines, a different voting location, being able to vote by phone, or by invalidating a voter registration.

In the second discussion, Trends in Cyber Warfare, Breaux joined execs from Dell, Cofense, and the National Rural Electric Cooperative Association. As well as discussing the need for more trained technologists on the frontline and the value of coordination between industry, the academy, and government, the panel addressed the topic in cyber warfare that most concerned audience members: the expansion of the overall threat surface. While other panelists noted the role of end-users and IoT in this expansion, Breaux called attention to the topic via emerging threat vectors such as adversarial machine learning approaches to dupe artificially intelligent systems. “Take, for example, an autonomous car that is driving down a street. It should see the person crossing the street but, instead, it sees a paper bag...These are the kinds of worst case scenarios. We don’t know the efficacy of the ability to conduct these sorts of attacks, but we know the surface is there.”

For his part, Breaux was excited to represent the academic research and education perspective during the event, particularly noting that the blending of sectors gives rise to great opportunities to combat cyberattacks in the future. “This was an exciting opportunity because the target audience for the NCSA is the public,” Breaux explained. “And it’s nice to see C-level executives from top security companies and state agencies come together to highlight challenges and where we’ve made progress. Nowadays, there’s a strong preference for security automation and viewing people as the weakest link, but this event, and the NCSA in general, view people as the solution and they take education seriously.”

To learn more about the Summit, visit the NCSA website. And to watch a capture of the “Trends in Cyber Warfare” panel, please visit the NCSA on Facebook.