Leadership in Cybersecurity at BU MET in Focus at Faculty’s White Hat Conference Address
Dr. Kyung-shick Choi
Professor of the Practice; Director, Cybercrime and Cybersecurity
PhD, Indiana University of Pennsylvania; MS, Boston University; BS, Northeastern University
Dr. Tanya Zlateva
Dean, Metropolitan College & Extended Education; Professor of the Practice, Computer Science and Education; Director, Information Security
PhD, MS, BS, Dresden University of Technology
Dr. Lou Chitkushev
Associate Dean for Academic Affairs; Associate Professor, Computer Science; Director, Health Informatics and Health Sciences
PhD, Boston University; MS, Medical College of Virginia; MS, BS, University of Belgrade
The following comments are excerpted, with light edits, from the addresses of Metropolitan College Dean Tanya Zlateva, Associate Dean Lou Chitkushev, and Cybercrime & Cybersecurity Director Kyung-shick Choi to the attendees of the 2021 International White Hat Conference, held virtually June 1–2, 2021.
Dean Zlateva: Distinguished guests and colleagues from here and around the world, thank you for joining us for the 2021 International White Hat Conference. It gives me great pleasure to welcome you to Boston University Metropolitan College, in the city of Boston. I wish we were physically here, but we will connect virtually. And hopefully in the years ahead, we will [meet] together physically as well.
Director Choi: It is my absolute honor to be a part of this meaningful event as an organizer and speaker. Launching this White Hat Conference was one of my dreams as a cyber criminologist.
A question I have asked myself for years now is, why, as the good guys, are we continuously reluctant to share our knowledge? And yet the bad guys are constantly communicating and sharing their wealth of knowledge.
Dean Zlateva: The previous 18 months have been unlike any before. We learned to work and to learn with COVID in our midst. We realized keenly, clearly, and sometimes painfully, how closely connected we are with any corner of this planet. We also learned how critical trust and working together are for our survival, but how difficult they are to achieve. History tells us that in times of trouble and danger, the social fabric wears thin, and also gives way to tension, unrests, and confrontations. The last year-and-a-half was, unfortunately, no exception.
The impact of the pandemic on crime patterns appears to be, in many aspects, similar to what we observed in the past. However, there is an important, I would say crucial, difference. The computing and data revolution of the last 40 years that brought computational power to our fingertips and allowed us instant connection to remote locations thousands of miles away also opened new opportunities and paths for attack to criminals.
As company transitions to remote work were reliant on fast networks and cloud-based platforms, the large number of remote workers became targets for attacks and increased the vulnerability of the entire enterprise. So did the heavy reliance on cloud-based platforms.
According to a report by McAfee from last December, global losses from cybercrime hit close to $1 trillion in 2020, and the predictions are dire. This number is expected to grow rapidly. This is why [exploring] the theme of this conference, The Future of Cybercrime and Its Challenges: Innovative Solutions Against Cybercrime, is so important and timely.
Director Choi: I can vividly remember the first White Hat Conference in Bogota, Colombia. With the full support of the Colombian National Police and private sectors, the first White Hat Conference was facilitated to promote effective cybercrime investigation and training.
This year's White Hat Conference is fully sponsored by the US Department of Justices' Bureau of Justice Assistance (BJA). In 2019, the BJA awarded MET a federal grant to support the Student Computer Forensics and Digital Evidence Educational Opportunities program. Its goal is to develop effective cybercrime investigation training [and] test the best practices, reflecting the needs of all levels of law enforcement, and establish a training guideline in computer forensics and digital evidence.
Our research team from Boston University and our research partner, Utica College, have gathered input from federal as well as local and state law enforcement agencies to improve [academic approaches] to better serve agency needs.
Dean Zlateva: That cybersecurity is essential is now a fact that everybody knows, everybody accepts. [But] it is difficult to master. This audience of cybercrime professionals knows best that the one crime category that has skyrocketed across the world is cybercrime. In some countries, by double-digit [percentages] and climbing. Some of the attacks, such as the SolarWinds hack and the Colonial Pipeline ransomware attack, became very famous. But in parallel, a large and growing, steady stream of smaller exploits continually drains the resources of small- and medium-sized companies that are ill-equipped to defend themselves.
The development of effective criminal justice policies and preventive measures against cybercrime globally, in a highly-interconnected world, is a very complex interdisciplinary international endeavor. And we are only beginning to understand it. In addition, we need a large-scale, multifaceted education effort at multiple levels; from building awareness and dedication in the public, to developing a professional cybercrime force—which is a precondition for the world economy to prosper.
Director Choi: Students often expect government agencies, private sector [stakeholders], and academics to guide and expose them to the field of cybercrime and cybersecurity, hoping for us to open the door to success. Unfortunately, many of us do not know the shape of the door and its color, because the field is not only fairly new to us as well, but it is also incredibly broad at the same time.
The overarching goal of this year's conference is to discuss important drivers and disruptors of change in cybercrime and to address the importance of technology-related issues in this area, in particular the global challenges related to developing effective criminal justice policies and preventive measures against cybercrime.
Over the last few years, the development of technology and information has dramatically increased within nations located all around the world. This in turn has had a massive influence on the issue of cybercrime that society must face daily. Interestingly, current innovations are already being utilized to commit cybercrimes, and the merging of traditional crimes with various novel types of cybercrimes essentially formulate hybrid criminal methods.
Some of the future challenges that cybercrime research and practices will most likely face often involve effects such as novel social systems, cyber-physical infrastructure, novel virtual technologies, as well as law enforcement proficiencies. Due to the lack of awareness, the probability of falling victim to these new types of cybercrime will inevitably increase.
Associate Dean Chitkushev: As we know, computers are increasingly becoming an inseparable part of social activities. We expect, over the next 10 years, the trend that we have been seeing over the last 20 years to continue. We will continue to see, in my opinion, the increased accessibility to internet, [and we expect] the predatory personal crimes to increase.
More people will continuously be connected to the internet, and I think [that] will increase the computer-related crimes, and crimes in a cashless economy. So, we are going to see a lot of challenges to enforcing these policies in the digital space. At the same time, we are going to continue to deal with legacy internet problems.
I expect that we will see much more Byzantine type of attacks of people; entities within the network who are in dormant cells, or those that have been authenticated at the time, and after that they have compromised their security issues. All these things will present extreme challenges to the cybersecurity identification and investigation [concurrently].
Another big concern is obviously the Internet of Things (IoT)—the “smart environments” that are going to be created—as well as electronic health records, Smart Grid nanotechnologies, blockchain-based digital forensics chains of custody, and the evolution of wireless to higher frequencies with larger data.
In general, all these things are putting tremendous pressure on cybersecurity. They're increasing the amount of data [used], they're increasing the size of devices. And all the seamless human-to-computer communication—where now we don't have to type or we can just talk or discuss with the computer, and computers are more and more verbally and visually communicated and recorded—will represent another major challenge for the cybercrime investigation.
We will need global, worldwide cybersecurity units that can look into that. But there is one thing for sure, the need for learning new hardware and systems will be more than ever present. We'll have various operating systems that people will need to be trained on software techniques.
So, a steady demand of qualified experts who can identify, investigate, collect, and analyze digital evidence, both in public and private sector, will be present. And the demand is likely to exceed the supply. Conferences like [this] one are extremely important. As a global event, it gathers researchers and collaborators from all over together to exchange and work together on techniques and find new possibilities in how to fight any crime. The importance of a conference like [this] will continue.
Director Choi: Science fiction writer William Gibson states that the future is already here, it's just not evenly distributed. Perhaps this means that it is important to explore all current and new technology to gain better understanding of the nature of cybercrime issues so that we can eventually scientifically predict those cybercrime phenomena.
Expertise, contribution, and commitment to the field of cybercrime and cybersecurity are needed more than ever. And I could not be prouder to be part of a White Hat Conference as one of the conference committee members.
I truly believe education is the most empowering force in the world and education can make a difference. Again, we are joining the White Hat Conference to strengthen our capability of handling cybercrime issues through our various sessions.
It is my utmost hope that this White Hat Conference facilitates a positive outcome, such as minimizing potential cyber-threats in both our society and the global community at large. I also hope this event helps to reveal the true shape and color of the door to reach success within the field of cybercrime and cybersecurity in criminal justice. It is time to release our secret recipes for our optimal cybercrime investigation practice.
Center for Cybercrime Investigation
Director : Kyung-Shick Choi
Main Office : 46 Warren Ave, Milton, MA 02186
Training Center : 1010 Commonwealth Ave. Room 515 Boston, Massachusetts 02215
TEL : 617-358-2807 | FAX : 617-358-3595
EMAIL : email@example.com
Center for Cybercrime Investigation and Cybersecurity
Director : Kyung-Shick Choi | Main Office : 46 Warren Ave, Milton, MA 02186
Training Center : 1010 Commonwealth Ave. Room 515 Boston, Massachusetts 02215
TEL : 617-358-2807 | FAX : 617-358-3595 | EMAIL : firstname.lastname@example.org