Corey Moss

There has been much industry chatter lately, especially on social media and why not as we have just experienced the greatest occurrence in AV trade show history in ISE 2017. There were many presentations given at the show, and one that was recognized was about cybersecurity. There were certain well-known industry individuals that presented, and I understand that attendance was OK. In fact, one of those presentations talked about “The Dark Arts.” I do know who gave the presentation and we discussed it. Such opportunities for the industry are great, however I’m not sure if it’s getting through in all the right ways.

Over the last few years, commercial AV has been tackling the subject of network security and more recently, cybersecurity. The smart home security conversation has been addressed well and I know that this discussion continues with seriousness in mind. As for the commercial side, I see certain signs of seriousness, however I see jokes as well. This is what concerns me, as well as should concern others greatly.

I’ve collected a couple of references to some real discussion going back two years, and it should be considered as very real for the industry.

In 2015, Oregon State University’s Electrical Engineering and Computer Science Dept. put out an article Building a Defense Against Cybercrime in which this statement was made: Another minute, another 307 cyber threats. Recognizing the urgency for curriculum on the topic, the School was building its program in cybersecurity, including hiring four new faculty who specialized in cryptography, security protocols and network security. They also partnered with Intel Security, recognizing the great need for an expert which had already developed a course called “Defense Against the Dark Arts,” which was taught by Intel field experts at California Polytechnic State University.

Candace Worley, senior vice president and general manager for Endpoint Security at Intel Security had this to say: “We are passionate about this field of work and study, and believe that one of the best avenues for combating cybercrime is to educate the next wave of university graduates with the skills necessary to make the cyber world a safer place.”

In NSA/CCS NSA Staffer Talks Cybersecurity with Teen Math Phenoms, Mervin Bierman, an information assurance professional at the National Security Agency, engages with students in the Rutgers Young Scholars Program in Discrete Mathematics in a session called ‘Defense Against the Dark Arts.’ That’s right – high school students, math whizzes, the real phenoms. They call Bierman a showman, and I guess to grab high school students’ attention when discussing an extreme hot-button subject in society today, one would have to be.

defense-against-the-dark-arts

Bierman wore a dark polo bearing the NSA seal and changed into various characters as he blended theatrics with cybersecurity principles to educate students about information security in cyberspace. Of the nearly two dozen students, most initially seemed hesitant to go along for this ride – even after Bierman took them through several hours of number theory and probability. Remember – phenoms. Finally the Harry Potter fans in the room realized that these ‘dark arts’ did not involve magic.

Bierman went on to explain about certain basic cyber tools used to defend against bad actors, with an emphasis on the importance of strong passwords to start. He said, “Once I have your password, I have the key to the rest of your accounts” discussing why cyber criminals work so hard to steal them.

Listed in the presentation that Bierman gave were the most common passwords used in 2015 in the United States (this is a 2016 article), which included ‘abc123, superman, batman, and justinbieber’ leading one student to shout out that Justin Bieber was their password.

For those reading this blog, how many of you are using any of these passwords? I’ll bet more than care to admit. For those who are not yet aware, Bierman goes on to say that it’s better to use “passphrases” instead of passwords, and to include special characters – or, to create a personal system in which you’d change letters to corresponding numbers. Let’s just say for business and education clients – this should be a must.

This statement though is the highlight as he says, “You are the best defense against bad actors on this planet.”

And yes, we need to be the client’s best defense as well, meaning their front-line partner in defense as Intel was for Oregon State. OK, maybe I’m getting a little overambitious here, however if we are going to talk about network and cyber security, shouldn’t we have concerns to this level? Like not sitting in the background after the job is done and dropping the security piece all in their lap, or just being there “when needed within 24-48 hours?”

Back in my integration days the discussion was not about security, it was about putting the equipment on the client’s network where when they did happen to ask the integrator to do it, the response they got more times than not was “I thought that was your job?”  I had a very good friend who was the Director of IT in a major NJ community college, and he told me such stories of that kind of reaction he received from certain major area integrators. I also dealt with the CIO of a well-known private college in New York who told some of the same stories. We did most, if not all of their business as we understood their needs – all of them.

Now, we as an industry face a much bigger picture, and that’s the information security (InfoSec) discussion – let’s even go as far as to call it a cybersecurity discussion in AV if we must. I’d stick with InfoSec though as it is widely recognized as the term that the IT industry professionals use, and the major players focus on. Major players like Palo Alto Networks, Dell SecureWorks. Cisco, Herjavec Group (yes, Shark Tank’s Robert Herjavec), Fortinet and BAE Systems just to name a few.

Look up cybersecurity, it will either point to computer security or information security (both cybersecurity and information security are synonymous, especially in federal government circles). I’ve seen certain hashtags used concerning cybersecurity discussion on social media in the industry , and this one makes a whole lot of sense – #AVInfoSec – if you must.

Going back to that presentation for the math whiz students, software and firewall options were also explored, which Dr. Joseph Rosenstein, a Rutgers University mathematics professor and director of the program, described as a perfect introduction to students’ subsequent course on coding and cryptography.

High school students folks. OK, maybe they are math phenoms, however anyone who cares to be educated and informed on what can be highly beneficial to them as well as their clients need to start paying real attention. It’s also high time to hear from those who live and breathe it every day outside of the industry, along with those in the industry who do bring the InfoSec discussion, and bring it well and most informed.

This is the website for the NSA’s STEM outreach program. The industry needs to find such enterprise level programs, and experts to present as well.

me-pic

With almost 20 years in audio visual integration and IT/computer sales and consulting, Corey Moss is the owner of Convergent Tech – online publications (Convergent Tech Blog and Convergent AV) and consulting. Corey writes for the publications and hosts/produces podcasts – ‘Convergent Tech Blog Discussion’ (on Convergent Tech Blog) and ‘The AV Life’ and ‘The Edge of AV’, both on Convergent AV. He has written for numerous industry publications about AV, IT, unified communications and collaboration (UCC), cloud and software, IoT, cybersecurity and more. He has also conducted interviews with AV and IT executives and global influencers.

Find out more about Corey on LinkedIn and Twitter.