Carnegie Mellon University
April 18, 2017

A Grand Challenge

Members of the National Academy of Engineering discuss cybersecurity at CMU

By Abby Simmons

Image of David Brumley

The National Academy of Engineering (NAE) gathered for a regional meeting and symposium at Carnegie Mellon University's Software Engineering Institute to discuss cybersecurity, which is now one of the greatest challenges in the 21st century.

CMU President Subra Suresh's opening remarks on the intersection of technology and humanity noted the unintended consequences of technological advancements. Suresh referenced the NAE's 20 Greatest Engineering Achievements in the 20th Century, a list of inventions that revolutionized the way we live, including automobiles, spacecraft and computers. Several years later, the organization identified its 14 Grand Challenges for Engineering in the 21st Century, and securing cyberspace is now one of them.

"The remarkable thing about this is, if you put the two lists side by side, you cannot help but wonder if there is at least some partial connection to the achievements we helped to create in the 20th century and the grand challenges we face today," Suresh said at the April 13 meeting.

NAE President C.D. Mote Jr. added that current challenges are not about things — they are about people.

"And they are about all people on the planet," he said.

David Hickton, director of the University of Pittsburgh's Institute for Cyber Law, Policy, and Security, delivered the keynote address, "Confronting the Cyber Threat." He gave attendees a behind-the-scenes look at critical cybercrime cases solved during the six years he served as U.S. Attorney for the Western District of Pennsylvania. During that time, he often worked with experts at CMU and the University of Pittsburgh.

"We have some of the best investigators here in Pittsburgh, and when they put their minds to it, they can find anybody," Hickton said.

Hickton described how cybersecurity professionals are protecting the safety and security of people, safeguarding the intellectual property of corporations and the jobs of their employees, building resilient infrastructure and leveling the playing field for individuals who follow the rule of law.

Following the keynote speech, several CMU faculty members shared their research. David Brumley, director of CyLab, CMU's security and privacy institute, presented his work aimed at automatically checking software for exploitable bugs. His spinoff, ForAllSecure, developed a fully autonomous system that won the 2016 DARPA Cyber Grand Challenge, and he advises CMU's top-ranked Capture the Flag team, the Plaid Parliament of Pwning.

Professor Raj Rajkumar of the Electrical and Computer Engineering Department shared milestones from more than 30 years of autonomous vehicle research at CMU. He said emerging connected vehicle technology can improve safety, however, researchers also must address the multiple entry points it provides for malicious attacks.

Lorrie Cranor presented her work to make privacy and security software and systems more effective and easier to use. Cranor, director of the CyLab Usable Privacy and Security Laboratory, recently returned to the university after spending a year as the Federal Trade Commission's chief technologist.

David Manz, senior cybersecurity scientist at Pacific Northwest National Laboratory, a U.S. Department of Energy research laboratory, previewed his forthcoming book, "Research Methods for Cybersecurity," co-authored with PNNL's Thomas W. Edgar. While a majority of cybersecurity research falls into an applied category, Manz said, we need to push the rigor for more scientific approaches.

In her hardware-focused talk, Cyber Research Scientist Katie Liszewski provided an overview of cyber threats to the electronic supply chain. She explained ways her team at Battelle, a global research and development organization, developed time- and cost-effective machine learning techniques to test hardware for cloned and counterfeit materials.

Greg Shannon, chief scientist in the SEI's CERT division, recently returned to CMU after a stint at the White House Office of Science and Technology Policy as assistant director for cybersecurity strategy. He concluded the NAE symposium by addressing a fundamental step in solving the grand challenge of securing cyberspace: Experts must understand the nature of how humans perceive the building and breaking of trust.

"We chose cybersecurity as our theme today because it is such a pressing challenge that extends across engineering disciplines," said Paul Nielsen, director and CEO of the SEI, and master of ceremonies for the event. "Our growing dependence on autonomous systems and other technologies underscores the urgency of the work still to be done in assuring the security of the systems we use now and will depend on in the future."