During her opening remarks at the first annual Cyburgh convention at Carnegie Mellon, speaker Summer Fowler stated in a confident and engaging way that Cybersecurity started in Pittsburgh. She mentioned her boss and the CERT program and some tales from the 1980’s, but for someone that doesn’t speak cybersecurity I had to dig a little more.
I pulled Fowler aside and introduced myself and asked for more details on how she can make this bold claim about this now multi-billion dollar industry starting in Pittsburgh. She started cyber-splaining…
Back in 1987 when the Internet was young, a grad student at Cornell unleashed the first internet worm (the Morris worm) which wreaked havoc and scared the bejesus out of Washington. Government established a cybersecurity thinktank at Carnegie Mellon and named it CERT (computer emergency response team). CERT was placed in the Software Engineering Institute (SEI) which is one of the government’s forty-two Federal Funded Research and Development Companies (FFRDC) along with more household names like the RAND corporation Los Alamos National Labs. CERT has been under the leadership of Richard Pethia from the beginning and he still holds the director spot today.
During the Cyburgh conference there were a myriad a speakers that spoke to the conference’s theme of People, Process and Technology.
CMU Provost Farnam Jahanian opened and thanked the Pittsburgh government for being so open to progress in this field and then local 14-term Congressman Mike Doyle turned around and gave the praise right back to the people of the area, the universities and private companies in the region.
Local IT big wigs from Giant Eagle, UPMC, Alcoa and Duquesne Light held a round table discussing some of the problems that they all share. Chris Carmody, the Senior VP of IT at UPMC relayed a story about how 14k of his 65k employees fell for a phishing scam making him wonder if they’re doing enough to educate the users on cybersecurity. All the professionals also talked about consulting firms stealing all their good talent and the levels that the need to go to keep and retain their cybersecurity professionals.
Finding and keeping the right people in the cybersecurity field was a overarching topic throughout the day with it becoming obvious how in demand the field is. Giant Eagle senior director of IT, Jeremy Gill, mentioned that schools like Carnegie Mellon have cybersecurity training and internships down pat but they need to take this message “to the state schools…like Slippery Rock…and the community colleges… and high schools.”
Hearing this demand for more people going into cybersecurity from not only the employers but from the academics at the conference, I wanted to dig more on the “how”. I went back to Fowler and asked her what she would do if she was a principal of a high school to get more students into cybersecurity. First, she said it was important to just make them aware that there is a profession that is cybersecurity. Over 75% of students don’t realize that there are great jobs in this sector and will continue to be. She says that they need to know that cybersecurity needs are multi-disciplinary, covering businesses in the private and public sector, in businesses from the large ones down to her “daughter’s ballet studio.”
I spoke to one local company whose cybersecurity niche isn’t what you’d think of. Spiralgen, a startup which grew out of Carnegie Mellon’s Tepper School of Business, is currently using its software to provide cybersecurity to nuclear reactors. Spiralgen is proposing to use its code to prevent pump controllers from being hacked leading to a nuclear accident like Three Mile Island.
The keynote speaker of the day was former Governor and head of Department of Homeland security Tom Ridge. He was interviewed by Tribune-Review journalist Andrew Conte, who did a good job as moderator. Ridge, while noticeably older and more stoic than his George W. Bush days, brought great insight to a field that I thought was a stretch to associate with him.
Ridge talked candidly for a half an hour and made multiple mentions to the fact that he could speak freer now that he wasn’t in public office. Ridge commented on the struggles of a large company or government entity in providing cybersecurity noting that the enemies in the digital war are “hackers to sovereign states, industries, hacktivists” and more. After a user asked if we should have an infrastructure tax to help fund cybersecurity measures, Ridge said that there is more than enough money in the federal government for CS but that it had to be used more appropriately and pulled no punches in mentioning the current political administration’s failing in this arena.
Ridge’s most poignant comment for me was when he was asked whether or not there could be a cyber 9/11. Ridge said that there couldn’t be one but his reason wasn’t what you’d expect. He noted that 9/11 was a surprise attack and knowing what we all know about cyber-terrorism and hacking attempts this could never be a surprise.
To conclude, this inaugural event asked the right questions, pointed out the correct deficiencies and shared best practices. It’s great that Carnegie Mellon would share one of its areas of expertise and let the locals know another gem in this “Most Livable City.”