For the third year in a row, Kaspersky Lab has provided content for the Massachusetts Institute of Technology’s (MIT) annual Independent Activities Period (IAP) in conjunction with the Cybersecurity at MIT Sloan (CAMS) consortium. This year’s IAP, entitled Cybersecurity Insight and held January 22-25, 2019, focused on practical, technical, and managerial aspects of cybersecurity.
The first two days of Cybersecurity Insight consisted of technical presentations, hands-on workshops and a capture the flag (CTF) contest.
Kaspersky Lab ICS CERT researchers Vladimir Dashchenko and Roland Sako talked about typical IoT security issues, highlighting examples of known vulnerabilities and their potential consequences discovered in their team’s research.
Kurt Baumgartner, a Principal Security Researcher with Kaspersky Lab’s Global Research and Analysis Team (GReAT), shared information with IAP participants about advanced persistent threats (APT) attacks. He provided an overview of the latest APTs and discussed some of the current methods for uncovering and identifying them.
Kaspersky Lab ICS CERT expert Ekaterina Rudina and Frederick Hirsch from Fujitsu presented on the Industrial Internet Consortium’s (IIC) IoT Security Maturity Model: Practitioner’s Guide, which the organization formally released this February.
Robyn Allen, an MIT alum and executive director of Project Alloy, a non-profit focusing on building a more inclusive technical community, spoke about inclusion metrics and best practices, from a management perspective, related to retention and promotion of underrepresented engineering talent. Kaspersky Lab is partnering with Project Alloy as part of its commitment to increasing diversity in the cybersecurity industry to support its ongoing mission of saving the world from cyber threats.
The technical segment of Cybersecurity Insight included a CTF contest run by Kaspersky Lab ICS CERT researchers. The CTF included tasks in the following areas: application security, reverse engineering, cryptography and digital forensics. Those who succeeded with the various tasks received prizes.
The managerial segment of the IAP included a number of sessions focusing on various ways to manage the business end of cybersecurity, where CAMS researchers presented on the following topics:
- Cyber Physical Systems
- Securing IoT Devices
- Cyber attacks as a service
- Building a Culture of Cybersecurity
- Measuring Cybersecurity
CAMS researchers organized a business game to practice managing a cybersecurity investment budget. Participants were able to create and spend a cybersecurity budget for a fictitious company and then analyze the results.
The IAP participant survey results showed that the attendees found the whole event informative and that the topics are relevant for the real world.