Kathleen Fisher, professor of computer science and chair of the computer science department, introduced Chronis, who she said has 15 years of experience working with information security operations and using technology to manage risk in telecommunications. Fischer noted that Chronis has also invented private proprietary security technology that has been used to defend against 750 billion attacks worth about 100 million dollars. He has also invented private proprietary security technology that has been used to defend against 750 billion attacks worth about 100 million dollars, according to Fischer. Chronis said he currently works at Turner, an American media conglomerate that manages a collection of cable television networks, including CNN, Cartoon Network and TruTV.The talk was conducted in an interview format with Ming Chow, senior lecturer of computer science, guiding the conversation. Chronis first discussed the some of the challenges that Turner faces today as audiences transition away from watching television, toward online platforms and applications like Netflix.
“In order to stay relevant, we have to change and evolve,” Chronis said. “We’re trying to connect [with consumers] through apps like Hulu, through the Cartoon Network app … because folks in your generation aren’t consuming our content generally through TV, the traditional broadcast mechanism. So, it has been a huge technical transformation in order to deliver content that way.”
This transition to online platforms introduces new issues, such as the potential for cyber attacks and with these threats comes the need for information security operations, Chronis explained. Chronis said Turner has made a huge financial investment into technology security and is currently working on delivering these new technologies at an unprecedented scale.
“There’s no footprints on the path that we’re taking,” Chronis said.
Chronis went on to describe the most important lesson he learned from his experiences, which he referred to as "war stories," working in cybersecurity. He said a critical part of information security is “tech hygiene" thinking about how it could potentially be abused while building code.
“How is this code going to be broken? How can someone hack this system?" he said. "My challenge to you as engineering and policy folks is to think through, as you're creating systems, as you're creating stuff, how is somebody going to break in? How could somebody abuse this? I think we need more of that.”
Many systems today, such as Facebook, were not built with potential hacking in mind, according to Chronis.
“The reality is that Facebook is an incredible platform; 2 billion people use it. [There is] nothing like it in human history," Chronis said. "However, it wasn’t built with those principles we talked about, where people thought about how could this be abused and how can we put controls in place to stop it … It’s something we need to address if we really want to make progress in cybersecurity.”
Ming and Chronis discussed how the biggest vulnerabilities in cybersecurity 15 years ago are still the biggest vulnerabilities now. Chronis believes that to make meaningful progress, there has to be what he calls a cybersecurity “moonshot" — a revolutionary advancement in technology akin to the eradication of polio, the defeat of the Axis powers in WWII and the first human journey to the moon.
"You needed enlightened leadership; you needed a national cohesive strategy; you needed a groundswell or a popular support that got things moving," Chronis said.
Further in the talk, Ming questioned Chronis as to what engineers and techonologists need to start thinking about now.
“The challenges I see in cybersecurity … are IT hygiene challenges [and] engineering challenges, many of which can be solved," Chronis said. "Thinking through and building engineering best practices and principles are key … That is one of the huge behavioral shifts that has to be made.”
Chronis concluded the lecture with suggestions for legislation and policies that could effectively address the United States’ cybersecurity issues.
The talk was followed by a brief question-and-answer session.
Students said they attended the talk because they were interested in learning more about cybersecurity.
“Personally, I couldn’t even begin to define what [the cyber conundrum] is, so that sort of unknown is scary to me," Aidan Demsky, a first-year, explained. "It’s important to begin to define that and understand that.”
Maggie Van Scoy, also a first-year, shared Demsky's sentiment.
“With the talk specifically put on by the Fletcher School, it’s really a great resource for Tufts students because [it covers] these complex issues of ... computer science," Van Scoy said. "It’s really illuminating to just get a little glimpse into that world.”