Q&A with UTSA Computer Science Professor Cybersecurity Expert Dr. Gregory White
In continuation with the first part of our interview, we are given the privilege to also correspond with Dr. White, the director of UTSA’s Center for Infrastructure Assurance and Security (CIAS) and a professor in UTSA’s the Computer Science Department, concerning the state of U.S. cyber capabilities. Dr. White is a scholar in computer science has also written many academic articles and conference papers on the subject of computer security
Accordingly, we are very privileged to have his expert perspective on the following questions:
Topic: The State of U.S. Cyber Capabilities:
Q1. What are the kinds of cyber threats currently posed to U.S.'s critical infrastructure? Does the U.S. currently have the cyber capabilities to thwart these threats?
Dr. White: The threats to the U.S.’s critical infrastructures follows along the lines of question 3 above. Nation states and terrorist organizations primarily. Whether the U.S. is capable of thwarting attacks is debatable and depends on who you talk to. It can probably be said that the U.S. is at least as prepared as any other nation to address the threats to its infrastructures. One thing, however, is that the U.S. and other developed countries are more susceptible to attacks on their critical infrastructures than are less developed nations. If a country has trouble on a normal, daily basis keeping power flowing – if they have frequent power outages – then an attack on their electrical infrastructure will likely have less of an impact on the nation than a similar attack on a more developed nation.
Q2. Being an expert in the field of computer science and thus having a first-hand in-depth knowledge to predict what the future of U.S. cyber security will look like, do you have high faith that the U.S. has the cyber capabilities to meet and fight off these threats? If no, what is lacking?
Dr. White: The weak link has always been, and will continue to be, the human element. If you look at some of the most significant breaches that have occurred, often it is a user who does something that they should not have done (e.g. clicked on a link or attachment in a phishing attack) that has been the way that the attacker has been able to gain access to a system. We have been trying to build a “trusted computing base” (i.e. a “secure computer”) since the 70’s and we haven’t gotten there yet. We are not likely to get there in the near future either. We can’t ignore technology solutions, but we can’t rely on them solely.
Because of this, it is imperative that nations have a detection and response capability (the operational model of computer security is protection = prevention + (detection + response).) We try to prevent an attack from occurring by securing our systems to the best of our ability but we recognize that because of users, or because of 0day exploits (new vulnerabilities and exploits) we will not be totally successful at prevention. Thus, we need to be looking for (detecting) when our prevention techniques failed and then be able to respond to the situation swiftly. This is an area that the U.S. is fairly good at in its critical infrastructures, but can still improve upon. (Some infrastructures are more capable in detection and response than others. All need to be very capable.)