Skip to main content
  • Home
  • About
  • Faculty Experts
  • For The Media
  • ’Cuse Conversations Podcast
  • Topics
    • Alumni
    • Events
    • Faculty
    • Students
    • All Topics
  • Contact
  • Submit
Media Tip Sheets
  • All News
  • Arts & Culture
  • Business & Economy
  • Campus & Community
  • Health & Society
  • Media, Law & Policy
  • STEM
  • Veterans
  • University Statements
  • Syracuse University Impact
  • |
  • The Peel
  • Athletics
Sections
  • All News
  • Arts & Culture
  • Business & Economy
  • Campus & Community
  • Health & Society
  • Media, Law & Policy
  • STEM
  • Veterans
  • University Statements
  • Syracuse University Impact
  • |
  • The Peel
  • Athletics
  • Home
  • About
  • Faculty Experts
  • For The Media
  • ’Cuse Conversations Podcast
  • Topics
    • Alumni
    • Events
    • Faculty
    • Students
    • All Topics
  • Contact
  • Submit
Media Tip Sheets

Improving Cybersecurity at the National Level – Expert Weighs in on New Strategy

Monday, March 6, 2023, By Christopher Munoz
Share
Cybersecurity

Shiu-Kai Chin

The Biden-Harris administration recently unveiled a new national cybersecurity strategy aimed at protecting America’s digital infrastructure. It comes as high-profile attacks continue to target both government agencies and private companies.

Shiu-Kai Chin is a professor of electrical engineering and computer science at Syracuse University. He is affiliated with the university’s Institute for Security Policy and Law and is an expert in computer security.

Here, Chin helps break down the new strategy and looks at the roles government and corporations will play in securing critical infrastructure.

Just how big of a problem is cybersecurity, and why is it important to tackle it at the federal level?

Safety and security in cyberspace is a global wicked problem.  That is, a problem that cannot be solved once and for all because of the myriad of stakeholders with differing views of what is adequate safety and security. Each stakeholder views the problem differently. The root causes evolve and are interconnected.  This is very similar to other wicked problems such as climate change.

The federal government plays an important role in convening stakeholders nationally and internationally to gain consensus and international agreements on standards and acceptable behavior and minimum safety levels.  Think about air travel and commerce. Think about arms control.

Safety and security in cyberspace is a global wicked problem. That is, a problem that cannot be solved once and for all because of the myriad of stakeholders with differing views of what is adequate safety and security.

Shiu-Kai Chin

What do you see as some of the key components of the administration’s strategy?

Important elements of the strategy include coordinating regulations, procurement, economic incentives, and R&D with the specific goal of making cyber-systems and cyberspace safe and secure as a realm of operations for people, business, and governments. For example, tech companies such as software and semiconductor manufacturers often focus on minimizing “time to dollars.” This type of thinking rewards companies who rush products to market with new and exciting features without worrying about cybersecurity. This effectively transfers risk to users while setting up de-facto standards for new products without much thought to security. “Leveling the field” means finding ways to reward companies and innovators who think about security from the start so that products with cybersecurity built-in from the start (much like safety is built-into to all our electrical appliances with UL certification) become the norm not the exception.

Do you feel the current strategy will have a measurable impact on future cyberattacks?

Yes, but it will take time.  We didn’t arrive in this place a minute ago.  Our problems started when, for understandable reasons, personal computers and the chips that powered them had all the security we used to have on mainframes stripped out of them (personal means only the owner has access, right?) and we networked PCs with the Internet. This invalidated an important design assumption in the development of PCs.

The emphasis on “zero trust,” i.e., all access and actions must be authenticated and authorized by enforcing appropriate policies, has “security by design” as a goal, as opposed to “bolt-on security” after a product is built with inherent security flaws that cannot be fixed. There are a lot of so-called legacy systems with poor security in operation.  Things will get better to the extent that these systems are phased out of critical infrastructure and replaced by systems where security is part of the conceptual design of the system from the start.

What are some of the biggest challenges you foresee with implementing the strategy?

The emphasis on R&D leading to better authentication (identifying the source of requests and integrity of information) is good start to the problem of attribution in cyber attacks.

The harder issue is the balance of privacy and attribution.  This is inherently an authorization or policy problem where the appropriate “good enough” policy is a trade-off among stakeholders.  This where many difficult conversations will occur.  Do we want a total surveillance state or the wild west?  That’s a false dichotomy. We want something in-between where the trade-offs are made based on mission or situation.  Protecting access to a biolab with pathogens that can trigger the next pandemic probably won’t value privacy as much as a public library giving internet access to people who cannot afford their own computers.

What else can/should be done to prevent attacks and mitigate damage to critical infrastructure?

Engineering exists to support society. Our profession exists in large part to provide critical infrastructure that is safe, secure, and operates with integrity and equity in mind.  Our profession excels when we realize that “good enough” safety, security, integrity, and equity have no universally agreed-upon definitions for all cases, applications, and missions.  It involves precisely and accurately identifying unacceptable losses to stakeholders for each mission and/or purpose. Once that is done, so-called “adult conversations” can happen where “good enough” is defined through trade-offs.  Engineers, planners, folks in leadership know that it’s impossible to maximize all parameters simultaneously, e.g., you cannot simultaneously get the biggest, heaviest car with largest engine, while simultaneously maximizing fuel efficiency.

An adult conversation the US Government will have to have is the use of COTS – commercial off the shelf – products in mission critical systems and critical infrastructure.  COTS products are built for the commercial market, often for home users (e.g., PCs).  They are designed for benign operating environments, not military ones. Using COTS is like a SEAL team going to Best Buy and picking up someone from the Geek squad to deploy with them on a mission.  The question is for any critical infrastructure system is should we prioritize cost over safety and security?

 

  • Author
  • Faculty Experts

Christopher Munoz

  • Shiu-Kai Chin

  • Recent
  • Timur Hammond’s ‘Placing Islam’ Receives Journal’s Honorable Mention
    Tuesday, May 27, 2025, By News Staff
  • Syracuse University 2025-26 Budget to Include Significant Expansion of Student Financial Aid
    Wednesday, May 21, 2025, By News Staff
  • University’s Dynamic Sustainability Lab and Ireland’s BiOrbic Sign MOU to Advance Markets for the Biobased Economy
    Wednesday, May 21, 2025, By News Staff
  • Engaged Humanities Network Community Showcase Spotlights Collaborative Work
    Wednesday, May 21, 2025, By Dan Bernardi
  • Students Engaged in Research and Assessment
    Tuesday, May 20, 2025, By News Staff

More In Media Tip Sheets

Expert Available to Discuss DOD Acceptance of Qatari Jet

If you’re a reporter covering the U.S. Department of Defense’s acceptance of a luxury jet from Qatar, Alex Wagner, adjunct professor at Syracuse University’s Maxwell School of Citizenship and Public Affairs, is available for interviews. Please see his comments below….

Historian Offers Insight on Papal Transition and Legacy

As the Roman Catholic Church begins a new chapter under Pope Leo XIV, historians and scholars are helping the public interpret the significance of this moment. Among them is Margaret Susan Thompson, professor of history in the Maxwell School of…

From Policy to Practice: How AI is Shaping the Future of Education

President Trump recently signed an executive order focusing on educational opportunities surrounding artificial intelligence. Among other things, it establishes a task force to promote AI-related education and tools in the classroom. That is a major area of focus for Dr….

V-E Day: The End of WWII in Europe, 80 Years Later

This week marks the 80th anniversary of Victory in Europe (V-E) Day, when Nazi Germany formally surrendered to Allied forces on May 8, 1945, bringing an end to World War II in Europe. While it signaled the collapse of Hitler’s…

Hendricks Chapel Reflects on the Legacy of Pope Francis

If you need an expert to discuss the legacy of Pope Francis, you may want to consider Syracuse University Catholic Father Gerry Waterman, OFM Conv., or The Rev. Brian E. Konkol, Ph.D., vice president and dean of Hendricks Chapel. He…

Subscribe to SU Today

If you need help with your subscription, contact sunews@syr.edu.

Connect With Us

  • Facebook
  • @SyracuseUNews
  • Youtube
  • Facebook
  • Instagram
  • Youtube
  • LinkedIn
  • @SyracuseU
  • @SyracuseUNews
  • Social Media Directory
  • Accessibility
  • Privacy
  • Campus Status
  • Syracuse.edu
© 2025 Syracuse University News. All Rights Reserved.