Cranor speaks at WiCyS Conference
CyLab Director Lorrie Cranor was among a collection of prominent names in cybersecurity speaking before over 1,300 attendees at last month’s Women in Cybersecurity (WiCyS) Conference. The conference provided opportunities for networking and encouraged continued growth in the number of women represented in cybersecurity, which has risen from 11% of the workforce five years ago to 20% today.
Brumley on Nielsen’s departure and cybersecurity
The Washington Post
In an article from The Washington Post, cybersecurity experts in government, academia, and the private sector discussed the implications and consequences of Kirstjen Nielsen’s ouster from the Department of Homeland Security. A majority of people believe her departure will hurt the DHS’s security mission due to her experience in cybersecurity and government policy, while others say the mission wasn’t doing well under her leadership. “Nielsen’s departure is another sad indication that the government lacks the will to make real cybersecurity and safety improvements,” said ECE’s David Brumley.
Sarjoun Skaff named one of 10 transforming retail industry
Bossa Nova Robotics co-founder and CTO Sarjoun Skaff was recently named one of Business Insider’s 10 people transforming the retail industry. The startup works with Carnegie Mellon’s biometrics lab to produce machines that work in retail store aisles, taking inventory and noting out-of-stock products. The company is currently working the Walmart to implement the machines in stores. “I admit to being naive when we first started this,” Skaff said. “As we started to build them, we started to realize the scope, the magnitude of the challenge is enormous.”
CyLab/ECE’s Biometrics Center Director Marios Savvides recently commented for a piece on the growing prevalence of AI powered facial recognition software. “We live in a time where AI can surpass the human brain's capability,” he said. Savvides and his group are working to further improve the accuracy of facial recognition software, particularly in cases where the face is partially obstructed.
Walmart has announced the company will add thousands of robots to its workforce, taking lower-level responsibilities such as scrubbing floors, scanning boxes, and checking inventory. As retailers aim to cut costs and increase efficiency, the introduction of robotic workers has been eminent. Forbes featured the move, and explained that according to a study by Carnegie Mellon startup Bossa Nova Robotics, the manufacturer behind the worker robots, 99 percent of the top retailers surveyed reported some kind of inventory problem, while 76 said that using robots in stores would improve employee productivity.
A TechCrunch article interviewed Bossa Nova Robotics CTO and co-founder Sarjoun Skaff about the company’s starring role in Walmart’s new initiative to introduce robots into its workforce. Created in 2005 by Carnegie Mellon Ph.D. students, Bossa Nova develops robots designed to make sense of the “black box” of inventory in the store. While some people fear robots replacing human jobs, Skaff argues that the robots will help their jobs, not take them. “Our robot doesn’t have arms right now, so it’s not replacing the manual labor of restocking a shelf,” he says. “It’s displacing the tedious task of looking for problems, which is really mind-numbing.…As soon as we can tell you where the problems are, you can spend your time fixing them, restocking the shelves and spending more time with shoppers.”
Leaders in cybersecurity gather at CMU for WiCyS Conference
More than 1,200 women, including many College of Engineering faculty and alumnae, gathered from March 28-30 for the Carnegie Mellon’s Women in Cybersecurity (WiCyS) Conference. INI Director Dena Haritos Tsamitis, CyLab Director Lorrie Cranor, and ECE’s Giulia Fanti and Limin Jia were all featured as prominent leaders advocating for an expanded workforce through support for women in cybersecurity. A panel discussing how women in tech groups can spark culture shifts in companies included INI alumna Saralee Kunlong, a senior software engineer at Yellow Pages; INI alumna Divya Ashok, senior director of product management at Salesforce; and Era Vuksani, a graduate student studying information security.
Cranor on password security and social network privacy
Random but Memorable
CyLab Director Lorrie Cranor was a special guest on an episode of podcast “Random but Memorable.” She spoke about her research on the human side of security, privacy, and passwords, and discussed the changes in password standards and management over the last several years, conceding that while there have been changes in standard, there still hasn’t been much change. While password managers and generators are becoming more common, there are still people who resist them. “We hear all sorts of reasons. People who just don’t know about them….there’s a lot of misinformation, there’s a lot of confusion,” Cranor said. She also spoke about informed consent for data privacy in social media companies.
Sekar on automated visitor security systems
ECE/CyLab’s Vyas Sekar was interviewed by NBC News about the safety and privacy of automated visitor security systems, which are replacing receptionists and security guards in businesses, schools, hotels, and hospitals. An IBM X-Force Red study revealed that five different systems are vulnerable in previously unknown places, making not only individuals’ information susceptible, but also company information if connected to a wider network. “An attacker always looks for the weakest link, so if they find one of these systems that collects personal data and is network-connected, it’s like a goldmine for them,” Sekar said. “If these systems are not secured and a company does not have the right security practices in place, then that’s a big security risk.”
Hong discusses spam in Reader’s Digest
Spam emails are an inevitable part of communicating online, and yet many of us are still unsure of exactly how they work against us. As CyLab’s Jason Hong notes in Reader’s Digest, different types of spam emails lead to different user consequences. To combat this, Hong warns us to be wary of emails that have urgent tasks and recommends that we use different passwords for each of our accounts. Spam can be a problem, but knowing what to expect and how to deal with it is half the battle.
CyLab/ECE’s Marios Savvides spoke with CNET in an article about how AI has helped to drastically improve facial recognition. While there are privacy and bias concerns, facial recognition is now being used more widely, at airports, in home security systems, and on cruises, with a 99.7 percent accuracy for the most cutting-edge systems. However, even deep learning neural networks can make mistakes. Savvides, director of the CyLab Biometrics Center, separates some of the data to make things clearer for the neural net. His team can reconstruct faces even in conditions that aren’t optimal. “We live in a time where AI can surpass the human brain’s capability,” he says.
Parno quoted in PopSci on end-to-end encryption
Mark Zuckerberg’s recent announcement regarding end-to-end encryption and the future of Facebook’s messaging services has stirred up quite a bit of chatter within the tech communities. While encryption is essential to privacy, leading experts in the field point out that there are both pros and cons. One proponent of encryption is ECE’s Bryan Parno, who emphasizes that it is essentially impossible to break. “To the best of our knowledge, as cryptographers, the amount of time it would take to decrypt those messages without knowing the key is hideously large,” Parno told Popular Science.
Cranor quoted in NEXTPittsburgh on WiCyS
CyLab Director Lorrie Cranor spoke with NEXTPittsburgh about the 2019 Women in Cybersecurity (WiCyS) conference. From March 28-30, Carnegie Mellon hosted the conference, which aimed to support and connect young women in this critical field that is only 14 percent women in the U.S. (and 11 percent worldwide). “A lot of our important critical systems are not as secure as we would like them to be,” said Cranor, who is one of the keynote speakers of the conference. “If half your population is not considering this as a viable career path, then you’re really cutting into the pool of available workers.”
Acquisti quoted on possible impacts of stricter data privacy rules
The Wall Street Journal
CyLab’s Alessandro Acquisti was quoted in a WSJ article about how big tech companies like Facebook and Google handle customers’ personal information and what stricter privacy rules could do to these companies. Some say that stricter rules will benefit big companies that have more resources at their disposal, but others say that stricter rules will undercut big companies’ advertising and weaken their advantage over smaller companies. Acquisti says, “Both are reasonable claims. But it is far too early to tell which will turn out to be true.”
Cranor elected to CRA board of directors
Computing Research Association
CyLab Director Lorrie Cranor has been elected to the Computing Research Association (CRA) board of directors. Her term will run from July 1, 2019, to June 30, 2022. CRA members elected Cranor in recognition of her many accomplishments, including her work as director of CyLab, Bosch Distinguished Professor, FORE Systems Professor, co-founder of Wombat Security Technologies, and more.
Cranor featured in Post-Gazette
The Pittsburgh Post-Gazette featured Lorrie Cranor’s appointment as the new director of CyLab. Cranor said, “I look forward to supporting CyLab’s ongoing success and bolstering research aimed at making our increasingly digital world safe and trustworthy.”
CyLab’s Virgil Gligor and Maverick Woo received the distinguished paper award at the Network and Distributed Systems Security (NDSS) Symposium in San Diego, California. Their paper, “Establishing Software Root of Trust Unconditionally,” presented a novel test that can be run on any computing device to discover malware with a high degree of confidence. “This is the only solution that exists to any security or cryptography problem that's unconditional,” says Gligor. “This seems important—researchers have sought such solutions for decades.”
Two Engineering faculty members spoke at the RSA Conference in San Francisco earlier this month, CyLab Director Lorrie Cranor, and CyLab/ECE’s Lujo Bauer. They were among eight total Carnegie Mellon faculty and staff members who spoke at the conference, which is focused on security and welcomes 40,000 attendees each year. Cranor led an all-day seminar that focused on how and why human behavior makes cybersecurity difficult. Bauer presented at the seminar and was a panelist on the panel “Hacking the Human: Special Edition,” which Cranor moderated.
CyLab’s Alessandro Acquisti spoke with CNET about California Gov. Gavin Newsom’s recent comments saying that companies should be charged a “data dividend.” They would pay a fee to use user information, and some of the benefit would be given back to the users. Legislation is being drafted by Common Sense Media to be submitted soon. Some privacy advocates, however, see a data dividend as an incentive for users to disclose their private information, as opposed to protecting it. Acquisti says these concerns are valid, up to a point. “I do not believe that such a significant change in the policy of consumer data will be implemented by the tech industry, in absence of regulatory intervention.” Acquisti said.
Savvides on the future of airport security
Twin Cities Pioneer Press
CyLab’s Marios Savvides was interviewed by the Twin Cities Pioneer Press about the future of airport security and the role advancing technology will play. Some airlines and airports have begun to test and implement biometric systems that scan travelers’ faces instantly to verify identity. “With a facial-recognition system, there would be no need for a TSA agent to check your ID,” Savvides said. “The system captures an individual’s iris and full face as they walk by.” A future with biometric screening, however, has some people concerned about data security and privacy, while others would simply like more consistent and respectful TSA officers.
Libert discusses AI and digital privacy reform
CyLab’s Tim Libert spoke recently on how AI and data-harvesting have affected personal privacy in the digital landscape. With the successful implementation of Europe’s General Data Protection Regulation (GDPR), Libert says the passage of similar legislation in the U.S. will hinge on the strength of lobbying efforts. “In the long term, I just don’t think it’s a sustainable model,” he says of current data-harvesting practices.
CyLab team studies user behavior to detect malicious websites
In an article for Security Magazine, ECE Ph.D. student Mahmood Sharif spoke about a CyLab research study to predict and detect malicious websites before users are exposed to them. The team analyzed the relationship between user behavior and malicious websites with data covering three months of web traffic from 20,000 users in 2017. They found that 11 percent of users were exposed to malicious
ECE’s Raj Rajkumar was quoted in an article by KQED that discusses why autonomous have a long way to go before they become mainstream and available across the country. While ample research and development are occurring in Pittsburgh and Silicon Valley for companies like Uber and Google’s Waymo, there are several reasons why the industry needs at least 10 years—probably more—of technological development. One reason is the weather, particularly snow, that is hard to predict and even harder to control. Heavy snow, rain, fog, and other conditions obstruct the view of the cars’ cameras, interfering with object recognition sensors. “It’ s like losing part of your vision,” Rajkumar said.
Brumley on offensive cyber operations
The Washington Post
ECE/CyLab’s David Brumley was interviewed by the The Washington Post about the Trump administration’s goal for loosening constraints on offensive cyber operations. A majority of security experts agree with the move, which allows the U.S. to challenge international adversaries and reconsider their attacks, but they advise to proceed carefully and caution against giving the military free reign. Brumley believes the move is “common sense” on an operational level. “The military should be able to use their judgmen—within the confines of law—to determine where and how to conduct an offensive cyber operation,” he said. “Allowing the men and women who are experts in cyber to make the call on how to use cyber is common sense.”
Congratulations to the winners of the 2018 College of Engineering Staff Recognition Awards! At the 24th annual staff award ceremony winners were announced and length of service awards were distributed. The winners in each category were:
- Continuous Excellence Award: Beth Hockenberry (CEE)
- Innovation Award: Megan Kearns (CyLab)
- Inspirational Leadership Award: Sandra DeVincent Wolf (Dean's Office)
- Spirit Award: Deborah Kuntz (EPP)
- Rookie Award: Mi Kim (MechE)
- Burritt Education Award: Kate Sencindiver (MechE)
CyLab Director Lorrie Cranor recently commented for NBC News on the dramatic increase in the number of personal records stolen by hackers in the past year. Hackers stole almost 447 million personal records in 2018, more than double the 198 million estimated stolen in 2017. “We've always been sloppy when it comes to data security and the hackers are finding creative new ways to exploit that,” says Cranor.
Acquisti comments on Facebook privacy issues
The Economic Times
In 2018, Facebook confronted a series of data privacy crises, disillusioning users and angering privacy advocates. CyLab’s Alessandro Acquisti weighs in on the debate, saying “time and again, Facebook has shown a cavalier attitude towards the handling of users’ data.” He also comments that Facebook fails to clearly tell users the extent of their data collection.
Savvides recognized at Immigrant Entrepreneur Celebration
CyLab/ECE’s Marios Savvides was one of eight people recognized at GlobalPittsburgh’s 3rd Annual Immigrant Entrepreneur Celebration and Award Ceremony. Savvides, who hails from Cyprus, won the Technological Innovation category for his work as the founder and director of the CyLab Biometrics Center.
CyLab/EPP’s Lorrie Cranor recently commented for CNET in the wake of troubling emails that have emerged regarding data privacy practices at Facebook. While public concern has repeatedly been raised after multiple data privacy incidents at the company over the last couple years, the emails appear to cast doubt on Facebook’s claims that it does not sell user data. “This email certainly doesn’t express any value of privacy or protecting users,” says Cranor. “This is expressing that data is a corporate asset, and that we don’t want to give it away.”