By Mary Frost
Brooklyn Daily Eagle
Downtown Brooklyn was Ground Zero for white-hat hackers over the past week, as cyber security professionals, researchers and students gathered for the 10th annual Polytechnic Institute of New York University (NYU-Poly) Cyber Security Awareness Week (CSAW).
The conference had something for everyone, from one of the world’s biggest cyber Capture the Flag competitions, to a hardware “embedded systems” competition, a high school digital murder-mystery, career fair and Department of Homeland Security trivia quiz.
While mostly undergrads (and one high school team) played in the 36-hour Capture the Flag event, Ph.D. students competed for best published student cyber security research. One of them, Masoud Rostami from Rice University, described a new way to prevent hackers from taking over implanted medical devices (IMD) such as pacemakers, insulin pumps, defibrillators.
This topic has been much in the news lately, after former vice president Dick Cheney's doctor told of his fears that Cheney could be assassinated by a terrorist remotely hacking into to his implanted pacemaker. While WiFi access has many positives, such as being able to update a device’s software without having to remove it from the patient’s body, Cheney’s doctor disabled remote access because the threat was too great.
Rostami said his group’s solution requires a “Touch to Access” policy. “Instead of being able to access the device at 300 feet, you have to touch it for 10 seconds,” he told the Brooklyn Eagle. The method uses the electrical minutia of the patient’s own heartbeat as an authenticator.
The event also included the THREADS Conference, where more than a dozen professional “DARPA (Defense Advanced Research Projects Agency) Cyber Fast Track” hackers presented papers. THREADS was keynoted by Peiter C. Zatko, aka Mudge, long-time member of hacker group Cult of the Dead Cow (and one of seven hackers who testified before a Senate committee in 1998 that they could bring down the Internet in 30 minutes, according to Wikipedia).
NYU-Poly was one of the first universities to introduce a cyber security program, and is designated as both a Center of Academic Excellence in Information Assurance Education and a Center of Academic Excellence in Research by the National Security Agency.
“Cyber security is here to stay,” said Nasir Memon, head of NYU-Poly's cyber security program and founder of CSAW. “We’re developing technology at an unprecedented scale and the world is becoming more interconnected very day. This brings tremendous benefits, but risks come along with it.”
Memon told the Eagle he “can’t see the world going forward without security professionals. We need lots of engineers.” Events like CSAW are essential to nurturing that engineering talent and building the workforce of the future, Memon said.
CSAW's challenges were created and managed by NYU-Poly graduate and undergraduate students in consultation with faculty and industry players. NYU-Poly grad student JV Rajendran organized the Embedded Systems Challenge. The point, he said, was to embed a malicious circuit that circumvented the security team's tools.
While chips are often designed in the U.S., “Those who sell the IP (intellectual property) blocks have design teams in other countries – China, India, Taiwan. You never know what’s happened inside the embedded devices,” Rajendran said.
His advice to engineers and designers? “Trust but verify.”
Beth Potts and Han Lin, managers of cyber security at Sandia National Labs, told the Eagle they were looking to recruit 25 – 50 new employees “today.”
“We’re looking for all disciplines,” Potts said. “R & D, hardware and software engineering, forensics, reverse engineering. It’s a promising field, especially for U.S. citizens. Attractive information is being stolen at a rapid pace. You have to be able to defend it, and to do that you have to have the mindset of the hacker.”
James Sillcox, Director of Career Development at NYU-Poly, said that students interested in the field should “be smart and start early, and get into a good college.” He added, “Every student I know in cyber security has found employment.”
The kind of students that NYU-Poly is looking for have done well in math and science and enjoy calculus, he said. He added, however, “Technical skills aside, we’re looking for students who are creative, who think outside the box, who are problem solvers, with strong teamwork.” NYU-Poly wants students with more diverse backgrounds and more women, he said. “We need people who think different.”
For more information about CSAW, visit https://csaw.isis.poly.edu/