Connecticut Institutions Bolster Cyber Defenses

A Center of Excellence in Cybersecurity at the University of Connecticut’s School of Engineering is an initiative intended to support education and research in the field.

by Paul Schott, Connecticut Post, Bridgeport, Conn. / October 24, 2016

(TNS) — STAMFORD, Conn. — As the digital dangers mount, a number of Connecticut institutions are bolstering their cyber defenses.

The threats to information technology systems extend far beyond hacks of presidential campaign emails that are divulged on WikiLeaks. Organizations of all sizes — especially small businesses — are vulnerable to a proliferation of attacks. But the growing affordability of cybersecurity services and the launch of new initiatives involving the public and private sectors show that companies are hardly powerless against their online opponents.

“The volume of attacks has increased and so has the complexity of attacks,” said Laurent Michel, co-director of the Connecticut Cybersecurity Center at the University of Connecticut. “Not everyone is protected properly. You have to protect your information technology systems against the simplest kind of attacks, but also against more sophisticated ones.”

Many threats

Companies face a daunting number of threats to their IT systems.

More than 500 million personal records were lost or stolen in 2015, according to a report released earlier this year by the data-security firm Symantec. A record-setting nine “mega breaches” affecting more than 10 million records in each incident occurred last year.

The attacks can afflict all types of hardware and software. Web app attacks, point-of-sale intrusions, malicious software known as “malware” and “denial-of-service” attacks that compromise the availability of networks and systems comprise just a few of the weapons in cyber criminals’ arsenals.

But the reasons for the offenses tend to be consistent. Almost 90 percent of breaches had a financial or espionage motive, according to the Verizon 2016 Data Breach Investigations Report.

Just detecting a cyber attack can present a major challenge. Unlike the theft of a physical good like a truck, the crime might not be evident.

“Attackers who want to steal your intellectual property are not going to break into your system and leave crumbs all over the place,” said UConn’s Michel, who co-directs another security center at the university and also serves as an associate professor in its department of computer of science and engineering. “They do everything to be invisible so you don’t even know you’ve been breached.”

The subtlety of the attacks can also complicate efforts to quantify the losses.

Smaller firms are particularly vulnerable to data-security threats because they often lack the IT resources in people and capital investments that larger companies can afford. In 2015, 43 percent of all attacks targeted small businesses, according to the Symantec report.

“Even the local laundry service is a target,” the report said. “In one example, an organization of 35 employees was the victim of a cyber attack by a competitor. The competitor hid in their network for two years stealing customer and pricing information, giving them a significant advantage.”

Cyber attacks cost companies as much as $400 billion each year, according to the British insurance firm Lloyd’s.

But recent arrivals in southwestern Connecticut show how the market is shifting to make digital defenses more accessible to smaller companies with tighter budgets. The Piscataway, N.J.-headquartered cybersecurity firm BlackStratus opened in April offices in Stamford to house a security operations center and a sales team to support a new product CYBERShark, which essentially allows smaller firms to outsource their data security to BlackStratus.

By putting the technology in the cloud — with costs running as low as a couple hundred dollars per month — businesses can share the cost of using CYBERShark.

“All the infrastructure is monitored by us — we can detect potential threats and identify them and take action,” said Rich Murphy, BlackStratus’ vice president of products. “We will handle cybersecurity for you and when something is up, we will notify you.”

A $5.5 million state grant supported the opening of BlackStratus’ Stamford complex, which now houses 23 employees.

Taking action

Consumer financial-services firm Synchrony Financial and the University of Connecticut’s School of Engineering announced last week the launch of a Synchrony-funded Center of Excellence in Cybersecurity at the university, an initiative intended to support education and research in the field.

Synchrony officials were not available to comment this week on the initiative, but they said in previous statements that they had high expectations for the new venture.

“We are passionate about cultivating top technology talent in Connecticut who will soon be on the nation’s front lines of defense against cyber crime,” Carol Juel, executive vice president and chief information officer at Synchrony Financial, said last week. “Our partnership with UConn is an important step toward building the research and resources needed to fuel hiring in this growing area of technology.”

Through the partnership, the Stamford-based Synchrony will provide an endowment for a Synchrony chairperson to lead cybersecurity education at UConn and help develop a pipeline of information-security talent. In addition to research, Synchrony has committed to funding a cybersecurity fellowship program and a scholarship program that will provide stipends to attract graduate students to UConn, where they will study and conduct independent cybersecurity research.

Synchrony will provide $2.2 million for the new programs, which will be funded during the next five years.

Synchrony and UConn officials said the partnership would develop Connecticut talent to help fill openings in the cybersecurity industry. There were about 209,000 unfilled cybersecurity jobs in the U.S., according to an analysis of March 2015 federal Bureau of Labor Statistics by Peninsula Press, a project of the Stanford Journalism Program.

Officials in Hartford are also taking action. Gov. Dannel P. Malloy announced last week the creation of a new cybersecurity chief risk officer for Connecticut. Malloy’s pick for the position was Art House. He had served since 2012 as one of three commissioners in the Connecticut Public Utilities Regulatory Authority and most recently as the organization’s chairman. In that role, House helped to develop a plan for improved cybersecurity across the state for electrical, natural gas and water infrastructure.

In his new position, House will work to improve cybersecurity-related coordination and communication among state agencies and build relationships between the public and private sectors. He will also contribute to the ongoing development of the state’s first cybersecurity strategy, a plan that is scheduled to be completed in the spring of 2017.

“We’re trying to bring together the different elements of cybersecurity and gain from playing more as a team,” House said. “We’ll work with businesses and hospitals and universities and others to to find areas where can help.”

And collaboration around data defenses is needed more than ever as cyber attacks continue to evolve, said House’s new boss, state chief information officer Mark Raymond.

“If we’re going to be able to adequately defend not only state government but also all our businesses, we need to share more info on emerging threats,” Raymond said. “We each have elements that can help each other.”

©2016 the Connecticut Post (Bridgeport, Conn.) Distributed by Tribune Content Agency, LLC. 

NEW ON THE PODCAST

The Districts Podcast: Detroit and Houston or Bust