HACK 2016: National Cybersecurity Awareness Month Seminar
The Nuclear Regulatory Commission’s (NRC) Officer of the Chief Information Officer (OCIO), Information Security Directorate (ISD), with support from MAR, hosted the HACK 2016: National Cybersecurity Awareness Month (NCSAM) Seminar on October 19, 2016.
The emphasis of the Helpful Applied Cyber Knowledge (HACK) seminar this year was to increase the knowledge and awareness of participants to the impact of potential threats they may unknowingly face because of their activities on their connected devices (laptops, smart phones, and tablets) and to provide an understanding of how social engineering is shaping the cybersecurity industry. The seminar had close to 200 participants over the course of the day and had the highest attended of any NCSAM seminar in the past three years. As this was the first year that MAR was involved with the planning and coordination of the event, under the watchful eye of Natalie Springirth, we could not be more pleased as to how it turned out.
Internationally renowned speakers from outside the NRC captured the audience with their unique insights and opinions on cybersecurity. The backgrounds of the speakers varied which peaked audience attention on their talks, which all had an underlining theme of social engineering.
VS Subrahmanian, a Professor in the Department of Computer Science, director of the Center for Digital International Government and co-director of the Laboratory for Computational Cultural Dynamics at the University of Maryland, kicked off the seminar discussing behaviors linked to cyber-vulnerability. Public Broadcasting Service’s (PBS) program NOVA 15 Years of Terror recently featured him. Professor Subrahmanian walked guests through how digital devices, social activity, and online behavior can lead one to be vulnerable to cyber-attacks and shared how users can protect themselves.
Thomas Barnard, Principal Attorney at Ober|Kaler and former Assistant United States Attorney, guided the audience through the Cybersecurity Act of 2015 and later reviewed how to recognize and respond to social engineering.
Beau Houser, Deputy Chief Information Security Officer (CISO) for the Centers for Medicare and Medicaid Services (CMS) was introduced by his former boss, NRC’s current Chief Information Officer (CIO), Dave Nelson. Mr. Houser revealed how CMS conducts exercises on phishing emails to educate users. He explained that the highest percentage of those who failed exercises came through those emails with ecards or those asking for feedback regarding parking at work. He stressed the importance of focusing on what is coming into your inbox as that is the # 1 vector that hacker’s use to gain access to your systems.
Tony G, Senior Associate, Booz Allen Hamilton, lead the Subject Matter Expert Panel: Cybercrimes and Security Trends as a panel moderator. The panel featured MAR’s own, Mike Orticari, Thorne Graham, and the NRC’s Senior Information Technology Security Officer (SITSO) for the Cyber Situational Awareness, Analysis, and Response Team (CSAART), and Malion Bartley from the NRC’s Office of the Inspector General, Cyber Crime Unit. The panel discussed recent cybersecurity threats and trends they experience in their day-to-day work in the field as well as recent cyber-attack attempts, including one from a former disgruntled NRC employee.
The audience favorite was Jennifer Golbeck, a Professor in the College of Information Studies, Affiliate Associate Professor of Computer Science, and Director of the Social Intelligence Lab at the University of Maryland. Professor Golbeck shared how activity on social media, especially Facebook, can be tracked and used against users in her talk titled The Curly Fry Conundrum. In her work, she studies programs that use algorithms to track Facebook users “likes” and correlate them to personality traits. She spoke about the human side of cyber in Diamond Heists and Email Passwords where she shared real world examples of social engineering attacks.
Mike Simon, the CEO of Cryptonite NXT, gave an overview of cybersecurity problems in today’s networks and how they can be addressed using a new approach to defending networks before detection of an attack.
The participants of HACK 2016 walked away with increased awareness and understanding about the role of cybersecurity in their lives and important proactive steps they can take to protect themselves at work and at home. Overall, the event was a huge success and the OCIO looks forward to having MAR support their hosting similar events in the future.
Subject Matter Expert Panel from HACK 2016 (from left Mike Orticari, Tony G., Thorne Graham, Mike Mangefrida [HACK MC], and Malion Bartley).