Ramping Up Cybersecurity
Alumni lead growth of next-gen defense.
A generation ago, MIT alumni broke new ground in computing by connecting the masses and their machines to one global grid. Today, many MIT alumni are earning renown for limiting, securing, or dismantling these connections. Thanks to an expanding cybercrime infrastructure, dozens of alumni now hold cybersecurity posts for major companies around the world. On LinkedIn, more than 400 alumni list cybersecurity as either a job title, specialty, or academic interest.
According to a 2013 Nilson Report, cybercriminals stole more than $3.5 billion in the United States in 2012, and the total has increased in each of the past six years. Criminals use a range of tactics from simple e-mail scams to social-media threats to sophisticated malware, but only 11 percent of U.S. businesses have adopted industry-standard cybersecurity measures, according to Verizon Enterprise Solutions.
Within this landscape of cybercrime, which dates to the very first days of the Internet, several MIT alumni have emerged as leaders in keeping individuals, corporations, and governments safe.
Ashar Aziz ’81 is among them. In the past decade, some 40 governments around the world—including the United States—have used his services to protect against attacks such as denial of service, Trojan viruses, worms, and other malware.
Aziz founded FireEye, a small Silicon Valley firm whose product detects and thwarts cyberattacks, in 2004. “Cyberattacks, and their ultimate evolution in the context of warfare, are one of the greatest dangers and risks of the 21st century,” he says.
Today, FireEye’s products protect 60 U.S. government agencies and guard against attacks on several of the largest search engines and social networks.
Aziz, who worked at Sun Microsystems and Terraspring before launching FireEye, has focused on machine virtualization as the best guard against viruses and other malware. By creating a small army of computers to act as dummies and absorb attacks, a company or government can quickly see where these attacks occur, study them, and guard their actual databases against them.
Aziz likens virtual machines to food testers in a royal court. Once the king saw that his food testers lived through dinner, he’d feel safe enough to eat.
At Microsoft, meanwhile, Steven Lipner ’65 has been spearheading the focus on cybersecurity that Bill Gates announced in 2002. Called the “father” of the security development life cycle at Microsoft, Lipner developed an approach that has ensured the integrity of the company’s data. In 2002, he halted the release of an early version of Windows XP until it satisfied new security standards.
“The threat landscape is worldwide,” Lipner says. “Our customers face intrusions from a variety of malicious activities worldwide, and of course, governments worldwide depend on our products and services. So we try to understand the entire threat landscape and protect, detect, and respond to it all.”
Lipner says that cybersecurity is fundamental to everything Microsoft does today, adding that security assurance practices are constantly updated to reflect new threats. (Microsoft is also a FireEye customer.)
“It has evolved from an interesting research problem to something that’s critical to individuals, organizations, and governments worldwide,” he says. “The threats that our products and services face are really a continuum. Threats may start out targeting highly sophisticated government agencies, but the techniques can flow to affect commercial enterprises and end users.”
At the consulting firm Booz Allen Hamilton (BAH), Natalie Givans ’84 is the senior vice president charged with leading cybersecurity and privacy strategies for clients. In nearly three decades at the firm, Givans has helped countless clients arm themselves against cyberthreats.
Still, she says, there’s a long way to go. “Much of the government and industry is still focused on perimeter defense and on remediation from attacks after the fact,” she says. “The speed and scope of attacks now has outpaced these focus areas because the perimeter cannot be fully protected.”
Givans’s domain now includes BAH’s health and energy business. She helps military, government, and private clients secure electronic health records against unauthorized intrusion. Givans also worries about the risks of connecting devices to the Internet: it sounds great to those who control their thermostats from smartphones but turns out to be not so great for those with pacemakers that can be hacked.
“There are also concerns about the types of networked devices within a hospital that can be accessed from beyond the hospital if someone breaks into the perimeter—imaging machines, printers, faxes, you name it,” she says.
Other MIT alumni contributing to the cybersecurity field include Lixia Zhang, PhD ’89, a UCLA professor who works on improving network protocol designs; MIT Energy Initiative research affiliate and consultant Jerrold Grochow ’68, SM ’68, PhD ’74, who researches better ways to secure the energy grid; Herb Lin ’73, ScD ’79, chief scientist at the Computer Science and Telecommunications Board of the National Research Council, who studies U.S.-initiated cyberattacks; and Marc Zissman ’85, ’86, SM ’86, PhD ’90, who leads cybersecurity research at Lincoln Laboratory.