Northeastern security expert testifies at congressional hearing

The cybersecurity threat represents one of the nation’s most serious economic and national security challenges, said Stephen Flynn, the founding co-director of Northeastern’s George J. Kostas Research Institute for Homeland Security, in a hearing on Tuesday afternoon in Washington, D.C.

“Our position as the world’s dominant economic power can be attributed in no small part to the speed at which Americans have developed and embraced information technology systems and applications,” he explained. “But while we have been leading and benefiting from the information age, there has been too little consideration to the security implications of our growing reliance on information technologies.”

Flynn addressed members of the Homeland Security’s Subcommittee on Oversight, Investigations, and Management in a hearing entitled “America is Under Cyber Attack: Why Urgent Action is Needed.” The hearing dovetailed with Northeastern’s focus on use-inspired research that solves global challenges in health, security and sustainability.

Later this week, the U.S. House of Representatives is slated to vote on four cybersecurity bills, which, if enacted into law, would facilitate the sharing of information on online threats between government and industry. Congressman Bill Keating (D-MA), who invited Flynn to testify, has been trying to include language in one of the cybersecurity bills that would enhance the role of universities in researching and preparing for attacks.

Other witnesses who spoke at the hearing included Shawn Henry, the former executive assistant director of the criminal, cyber, response and services branch of the FBI; James Lewis, the director of the technology and public-policy program for the Center for Strategic and International Studies; Stuart McClure, the chief technology officer for McAfee; and Gregory Wilshusen, the director of information security issues for the Government Accountability Office.

Rep. Michael McCaul (R-TX), chairman of the subcommittee, outlined the threat posed by potential cyber attacks, which, he said, could result in pipeline explosions, train derailments and nationwide blackouts.

“Unfortunately, this is not a science fiction scenario, “he said. “There are no shells exploding or foreign militaries on our shores, but make no mistake, America is under attack by digital bomb.”

Flynn called on American universities and academic institutions to become full-fledged cybersecurity partners with both the public and private sectors. He noted that the federal government has yet to fully utilize both the cybersecurity resources and expertise universities like Northeastern offer, adding that universities can also serve as an honest broker between public and private entities in tackling cyber threats and challenges.

Northeastern is developing innovative national cyber-defense research and solutions through work at the Kostas Research Institute, the ALERT (Awareness and Localization of Explosives-​​Related Threats) Center —a multi​university Department of Homeland Security Center of Excellence — and its Institute for Information Assurance.

“Universities can provide the public sector with expertise that government policy makers and officials need to keep up with the rapid pace and growing complexity of information technologies and applications,” Flynn said.

In March, a team of Northeastern experts led a congressional briefing in Washington on the evolving cybersecurity threat to consumers, industry and government. The contingent included Flynn; Mel Bernstein, senior vice provost for research and graduate education; William Robertson, assistant professor in the College of Computer and Information Science and the Department of Electrical Engineering; and Engin Kirda, the Sy and Laurie Sternberg Associate Professor of Information Assurance in the College of Computer and Information Science and the Department of Electrical and Computer Engineering.

“The Internet itself has become a critical infrastructure,” Kirda said at the briefing. “Research can play a big role in developing automated approaches to detect and mitigate attacks.”