He notes, "Not too long ago, cybersecurity meant installing the latest software patch; it was on par with facilities management. However, given the increasing number and magnitude of cybercrimes from SWIFT to Target, as well as new types of threats, companies that don't pay attention to this expose themselves to tremendous risk. It is up to senior leaders to take the lead in protecting and preparing their organizations, which means working together with government, industry, and academia."
The Cambridge Cyber Summit will focus on six areas, which also are key research areas at (IC)3:
Detecting vulnerabilities and sharing information
"Detecting attacks can be challenging due to the prevalence of false positives," says Madnick, noting that (IC)3 recently held a conference on this topic at MIT Sloan. "Large companies and governments may receive thousands of cybersecurity 'alerts' in a day, so detecting an actual threat is like finding the right needle in a haystack full of needles." When a company detects an actual threat, an important question is whether and how they should disclose that to the public or the government. Likewise, should the government be required to inform the public about breaches?
SWIFT and beyond: Protecting the financial system
The SWIFT funds transfer network has been viewed as one of the most secure networks in the world, but a network that moves trillions of dollars a day is an ideal target for cyber-criminals. "It's just a matter of time before they set their sights on your organization," says Madnick. Panelists, including Madnick, will discuss the vulnerability of the international financial system and what can be done to protect assets.
2016: The year of ransomware
Ransomware – which holds computer systems and their data hostage -- has been a threat lurking in the background for years, but Madnick calls it the "crime du jour" this year with recent attacks ranging from police departments to hospitals. It also raises ethical questions, such as whether organizations should follow some government's policies of refusing to pay ransoms for hostages. "Companies need to think about what their policy will be if their computer system is ever held hostage," says Madnick.
Are we already at war?
As organizations, especially government agencies, are increasingly attacked by state actors, there likewise have been counter-attacks. "The general consensus is that we haven't yet seen a true cyber war, but rather skirmishes," says Madnick. Speakers will address whether a full-scale cyber war can happen, and the roles and responsibilities of corporations.
Mission critical: Protecting our infrastructure
While we have seen relatively few major attacks on physical infrastructure, such attacks can have major consequences for public safety and the economy. Madnick explains, "Infrastructure safeguards are usually based on redundancies. An organization may have eight generators so if one fails mechanically, there are seven still in operation. But the same cyberattack that brings down one generator can also bring down the other seven." He adds that when major infrastructure is physically damaged, it can take months to complete repairs. "You can't just 'reboot and reload software' for a custom-built generator or turbine." Panelists will discuss what is being done to protect the critical infrastructure and how different sectors can work together to avoid a catastrophe.
Privacy vs. security: Beyond a zero-sum game:
Which is more important: a consumer's privacy or society's safety? There are major legal, ethical, and societal issues at stake, a sampling of such were evidenced in the FBI-Apple controversy. Panelists will examine what is at stake for consumers of technology and for national security, and seek solutions for getting past an all-or-nothing debate.
About MIT Sloan and (IC)3:
MIT Sloan is participating in the Summit through (IC)3, which is pronounced "IC-cube." (IC)3 is focused on addressing the managerial, organizational, and strategic aspects of cybersecurity. This consortium includes diverse and interdisciplinary faculty, with professors from MIT Sloan, the School of Engineering, and the School of Humanities and Social Sciences. To learn more, visit ic3.mit.edu.
(IC)3 is one of three interrelated and collaborative programs at MIT covering the full breadth of cybersecurity issues. The other programs at MIT include the Internet Policy Research Initiative (IPRI), focused on policy, and Cybersecurity@CSAIL, focused on improved hardware and software. CSAIL is MIT's Computer Science and Artificial Intelligence Laboratory. CSAIL and IPRI are also participating in the Cambridge Cyber Summit.
The Cyber Summit is open to the public, but pre-registration is required. To register, visit cnbc.com/cybersummit.
The MIT Sloan School of Management is where smart, independent leaders come together to solve problems, create new organizations, and improve the world. Learn more at mitsloan.mit.edu
Logo - http://photos.prnewswire.com/prnh/20160526/372755LOGO
To view the original version on PR Newswire, visit:http://www.prnewswire.com/news-releases/mit-sloan-to-share-expertise-in-inaugural-cambridge-cyber-summit-300333380.html
SOURCE MIT Sloan School of Management