As technology progresses, new concerns continue to sprout up along with it. “Ransomware attacks have surged in 2020,” Curtis Dukes with the Center for Internet Security stated. Going on to elaborate, “cyber criminals are also expanding their target set and shifting their focus to privately owned critical infrastructure providers.”
On September 14, Duke in DC hosted a congressional briefing, From Technological Advancement to FinTech – How Congress Should Think About Cyber Policy, which addressed many new technological threats faced in the U.S. including ransomware, cryptocurrency and much more and what measures policymakers can take to prevent them.
Joining Curtis Dukes in the conversation was featured panelist Jimmie Lenz, director of the Master of Engineering in FinTech and the Master of Engineering in Cybersecurity at the Duke Pratt School of Engineering and moderator Kim Kotlar, adjunct assistant professor at the Pratt School of Engineering and Duke cyber mentor.
Ransomware attacks happen when cyber criminals use malicious software. Dukes stated “they are delivered as either an email attachment or as an embedded link – to infect the network and lock out the critical files until the ransom is paid.” He explained that ransomware attack patterns are also evolving, and every industry vertical could be a target.
Kotlar noted that we have seen an increase in cyber-attacks related to cryptocurrency to which Lenz replied, “ransomware and cryptocurrency are becoming inextricably linked.”
“Cryptocurrency is fairly new…we certainly had ransomware attacks before, but they are much more prolific,” said Lenz, an expert in machine learning, blockchain and financial innovation.
When it comes to how to prevent these kinds of attacks, Lenz noted that most current measures are defensive rather than offensive. He suggested that “the preventative side is where we should be thinking and where we have opportunity.”
The panelists each lined out where they hope to see congressional action on these issues. Dukes noted that he would like to see Congress implement a cyber breach notification system and incentivize the adoption of national security best practices. When it comes to cryptocurrency, Lenz said the one thing Congress can do is ‘incentivize.’
In effect, this would create a ‘bureau of cyber statistics’ which, as Dukes explained, “would establish the quantitative foundation and produce those type of statistical analysis on this evolution of the cyber ecosystem.” Further, this new body would provide the basis for informed policymaking and aid national risk assessments.
The group also agreed that a large problem in cybersecurity is the lack of data and information on certain attacks – including how attackers got around a victim’s network and defenses.
Lenz also discussed the continued advancements in quantum computing sciences with reference to IonQ – the first publicly traded pure-play quantum computing company – founded by Duke’s Jungsang Kim and Chris Monroe.
“We should be talking about quantum hardening,” Lenz stated, “we’re going to have to leapfrog things, we don’t have the time for linear.”
“We’re going to have to leapfrog things, we don’t have time for linear.”
Jimmie Lenz
Lenz described FinTech as the “melding of finance and technology.” In his early career as a trader, he witnessed how the field evolved from a highly manual environment to an increasingly electronic and automated financial ecosystem and said it has only continued to evolve rapidly over just the past decade.
“In the past, somebody went to a bank because it was like a supermarket – you could go there and buy all kinds of different services. Now, I don’t have to go to a supermarket… I can do all this on my phone.”
Above all else, the panel highlighted the critical need to properly educate people on the risks associated with cybersecurity and how to properly train and approach ransomware attempts. “There really needs to be an education initiative,” said Lenz “we would be happy to do this at Duke for whatever members are interested. Education in this area – because it is so new – is so important and understanding the architecture underneath… in particular before legislating.”
“In the cyber domain where collaboration is king,” said Kotlar, “we need people with all skill sets with different levels of interests to come together.” Lenz, who is leading Duke’s new strategic partnership with the Federal Deposit Insurance Corporation (FDIC) on risk management, FinTech and cyber also emphasized this need for collaboration.
“A lot of regulation takes place in a rearview mirror, and we don’t want to do that,” said Lenz.