TSA-CAOE Symposium 2022 – Understanding Risk in the Cybersecurity Landscape
The Center for Accelerating Operational Efficiency (CAOE) was pleased to host the seventh annual Transportation Security Administration (TSA) Symposium in June 2022. The two-day, hybrid event featured keynote speakers and distinguished expert panelists representing thought leaders and senior executives from across TSA, academia and industry.
TSA Administrator, David Pekoske was the opening keynote for the event and gave an overview of the current objectives for TSA including stressing the importance of collaboration and open communication with the research community and the private sector. “It's very important to us that we have trusting relationships with all the stakeholders in the transportation [sector],” states Pekoske. “I want all the stakeholders in the transportation sector to feel like they can tell me things that they expect that I don't want to hear because that means that they trust that I’m going to react in a positive way.”
Other notable keynote speakers included: Matthew Hartman, Deputy Executive Director for Cybersecurity, CISA; Peng Liu, Professor Cybersecurity, Pennsylvania State University and Josephine Wolff, Associate Professor, Tufts University.
There was a wide range of panel speakers, including academic, industry and government professionals with expertise in cybersecurity, transportation policy, surface transportation, data privacy, artificial intelligence, economics and risk analysis. The main topics for the symposium included:
What does risk-based security mean for cybersecurity?
This session examined the balance between OT and IT environments and how agencies are building risk and monitoring plans.
Keynote: David Pekoske, Administrator, Transportation Security Administration
Panel Moderator: Chris Cummiskey, Chief Executive Officer, Cummiskey Strategic Solutions, LLC
Panel: Matthew Bohne, Vice President & Chief Product Cybersecurity Officer, Honeywell; Sasha Romanosky, Senior Policy Researcher, Rand Corporation; Timothy Weston, Director for Strategy & Performance; Strategy, Policy Coordination, and Innovation Office, TSA
Cybersecurity at the Intersection of Critical Infrastructure and Transportation Security
As cyberattacks on critical infrastructure have become more prevalent, there is a need to understand how to best protect key infrastructures. This session was kicked off by a keynote address from Matthew Hartman of the Cybersecurity and Infrastructure Security Agency, followed by a panel discussion reviewing lessons learned from recent cyberattacks and solutions to further improve operational efficiency while mitigating risks from cyberattacks.
Keynote: Matthew Hartman, Deputy Executive Assistant Director for Cybersecurity, Cybersecurity & Infrastructure Security Agency (CISA)
Panel Moderator: Sonya Proctor, Assistant Administrator for Surface Operations, TSAPanel: Scott Gorton, Executive Director, Surface Policy, TSA; Jim Linn, Chief Information Officer, American Gas Association; Cherilyn Pascoe, Senior Technology Policy Advisor, U.S. Department of Commerce, NIST; Jonathan Welburn, Operations Researcher, RAND Corporation
Truths and Myths of Cybersecurity
There are many common misconceptions about cybersecurity practices. Peng Liu started this session by examining 12 of them including the misconception cybersecurity is an "all or nothing" proposition. According to Lui, “effectively mitigating cybersecurity risk is about allocation. It is reasonable to allocate most resources to high-risk data and systems.” Following Liu’s talk, a panel examined low-hanging fruit for best practices and discuss current gaps where further research is needed.
Keynote: Peng Liu, Professor of Cybersecurity; Director, Center for Cyber-Security, Information, Privacy, and Trust, School of Information Sciences and Technology, The Pennsylvania State University
Panel Moderator: Carissa VanderMey, Senior Liaison Officer to CISA, Security Operations, TSA
Panel: Perri Adams, Program Manager, DARPA; Tiffany Bao, Assistant Professor, School of Computing and Augmented Intelligence, ASU; Chris Duvall, Senior Director Cybersecurity, The Chertoff Group
The symposium concluded with Josephine Wolff, Professor of Cybersecurity, Tufts University giving a talk on “Financially Motivated Cybercrime from TJX to Evil Corp.” Wolff said, “a prevalent myth that emerges in the aftermath of a lot of these incidents is that there was one important control and we missed it and it would have saved us.” She went on to explain that it is not as simple as one factor. “I look at specific breaches trying to understand what went wrong. What lessons can we learn and did we actually learn those lessons, or perhaps put a different way, what lessons were taken from this incident that were the right ones?”
The 2022 TSA-CAOE symposium represents a tradition initiated in 2015 by CREATE, now a DHS Center of Excellence Emeritus, at University of Southern California (USC). Subsequent symposiums are being planned. To receive updates on the 2023 planning, please click visit caoe.edu.asu to be added to our symposium mailing list.