News

Srini Devadas - Cambridge Cyber Summit convenes industry, academia, and government

Hosted by CSAIL, event featured discussions on cybersecurity with tech leaders and officials from the NSA and FBI.

CSAIL
October 12, 2016

On Oct. 5, MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL) hosted a summit that brought together cybersecurity experts from business, government, and academia to talk about better ways to combat cyber-threats directed at companies and countries.

Co-organized by the Aspen Institute and CNBC, the "Cambridge Cyber Summit" featured discussions with leaders that include Admiral Michael Rogers, director of the National Security Agency (NSA); and Andrew McCabe, deputy director of the Federal Bureau of Investigation (FBI).

Taking place in MIT's Kresge Auditorium, the event included a mix of interviews and demos from top government officials, technologists, and "white hat" security hackers, as well as live coverage throughout the day on CNBC.

The summit focused on critical issues in privacy and security. Rogers spoke of the growing threats to public and private companies, including trends on how hacking has changed over time and the importance of law enforcement being able to access criminals' information.

"The challenge for us is how to access content in a way that will protect [people's] rights," but still allow us to generate the answers to protect our citizens," Rogers said.

Throughout the day there were constant reminders of the summit's timeliness. During an interview with senior national security official John Carlin, CNBC anchor Andrew Ross Sorkin broke the news of an NSA contractor who had just been arrested for allegedly stealing top-secret information — and asked Carlin to chime in with his thoughts.

"There's been a shift in approach post-9/11," said Carlin. "Success is not prosecution after the fact. It's preventing an attack from occurring in the first place. We need to learn and adjust our defenses to ensure that we can prevent the next one, before it happens."

During a live demonstration of the dark web and ransomware, CSAIL's Srini Devadas spoke about the complex nature of anonymity.

"The good side of it is that it protects the everyday web user," said Devadas, a professor of computer science at MIT. "The other part, in places like the dark web, shows the bad side — when bad people target innocent users."

White-hat security hacker David Kennedy, who had previously penetrated the healthcare.gov website in just four minutes, demonstrated how easy it is to uncover personal information. He took a volunteer from the audience and, using just his full name and hometown, was able to uncover his social security number and address, as well as send him a text message that seemed to come from his wife's phone.

CSAIL's Daniel Weitzner, founding director of the MIT Internet Policy Research Initiative, spoke passionately about maintaining user privacy in the face of legitimate national security issues.

"Over the last decade, there have been efforts to introduce technology to make surveillance easier, which has put users at risk," he said. "There will never be perfectly secure systems, but we will always try to close the gaps."

The summit comes on the heels of several recent cybersecurity efforts at MIT, including last year's launch of three new initiatives that span multiple labs and departments. The three efforts — Cybersecurity@CSAIL, the Internet Policy Initiative (CPI), and MIT Sloan's Interdisciplinary Consortium for Improving Critical Infrastructure Cybersecurity (IC)3 — aim to provide a cross-disciplinary strategy for tackling the complex problem of cybersecurity.

"Cybersecurity is a topic that CSAIL has valued from our very beginnings as Project MAC, an effort to create time-sharing systems that multiple people could use at once," CSAIL Associate Director Polina Golland said during the summit's opening remarks. "In fact, by many accounts MIT is credited as being the birthplace of the computer password itself — and our researchers have since continued to make important breakthroughs in the cybersecurity space."