Congressman James Langevin took a break from campaigning last Thursday to spend some time talking to CCRI students about cyber security, an issue he’s made a nation concern. Langevin was joined by his colleague, Congressman Sheldon Whitehouse, as they were the keynote speakers at the Community College of Rhode Island’s second annual Security Awareness Day in recognition of October as National Cyber Security Awareness Month.

In his remarks introducing both speakers, CCRI President Ray Di Pasquale said cyber attacks have increased in frequency and strength.

Whitehouse said the scale of cyber threats raises the question of an adequate response.

“There’s a lack of appropriate public awareness of the scope and severity of cyber threats,” he said. “Information about the risk of cyber threats is often withheld due to national security [reasons] and private industry withholds information because it’s not conducive to competitive goals.”

Whitehouse said Langevin wrote the first piece of comprehensive cyber security legislation to pass the U.S. House of Representatives.

“He recognized the need for government agencies and private companies to share information regarding protecting themselves,” he said.

Whitehouse said he was proud to partner with Langevin, “who is leading the way,” on these issues.

“I believe we should do everything we can to update our laws and increase enforcement on cyber crime,” said Whitehouse, one of the lead negotiators on the Cyber Security Public Awareness Act.

“We hope to get it passed with bi-partisan support,” he said of the Act. “Too many have no clue or are unaware of the risks we face.”

Whitehouse said one of the major cyber threats that exist is intellectual property theft, which he said China plans to use as a means of building its economy.

“We need to pursue overseas hackers that target business professionals,” he said. “Congress must keep working on a bi-partisan basis to strengthen our laws on cyber security.”

Whitehouse said there’s a large range of cyber security expertise here in Rhode Island, which he believes can be harnessed.

“We have a growing cyber workforce here and leading academic institutions and military assets,” he said. “The Rhode Island Emergency Management Agency is developing a cyber security infrastructure and our colleges and universities house an array of programs and centers for cyber security.”

Whitehouse concluded his remarks saying, “It’s important that we not be bypassed in our effort to meet the nation’s security needs. We can be leaders, but we won’t be if we don’t define and secure our role.”

“I started on this issue seven years ago,” Langevin said. “Technology is constantly evolving and doubling every 18 months – that’s the technology that we can see. The technology we can’t see, such as water, sewer, gas, transportation … all relies on technology on a massive scale.”

Langevin said whether logging into your bank account half a world away or logging in to your Netflix account sitting on your couch, it’s all part of a system that never had security in mind.

“Without inherent security in the system, we need to rely on the people that design the software to be secure,” he said. “It only takes one vulnerability to break into a program.”

Listing examples of data breaches, such as Target, Home Depot, Michael’s craft stores, and P.F. Chang’s, Langevin said such threats are not going away any time soon.

“As long as smart people want to create mayhem on the other side of the law, we can’t stop them but we can limit them,” he said. “Our challenge is about managing and closing the gap of vulnerability.”

Langvein said information sharing offers the potential for reducing vulnerabilities in cyber space.

“We don’t have the ability to provide the private sector with information on cyber threats,” he said. “Information sharing allows us to give them the knowledge they need to protect themselves as well as to share that knowledge with other companies.”

Langevin said there are significant legal barriers to sharing such information with the private sector.

“The information sharing bill passed with strong bi-partisan support on the House floor and now we’re waiting for Senate approval,” he said.

Langevin said the country is in desperate need of cyber experts to operate at the highest levels.

“We only have 1,000 in the country and we need 30,000 to 40,000,” he said. “Cyber security is a relatively new domain and colleges and universities are still ramping up programs on it.”

Langevin said there are currently some cyber programs at the high school level here in Rhode Island and he wants to encourage a generation of kids that have grown up with computers to continue on that path.

“There are a number of people with the skills but they’re on the wrong side of the law,” he said. “How do we make cyber crime less attractive?”

Langevin said hackers could operate with near impunity in countries like Russia and China.

“It’s as easy to attack many as it is to attack just one person, as well as to attack from a world away versus across the room,” he said. “We need to be more aggressive in this area and make countries that harbor cyber criminals realize they need to cease and desist – it’s to their benefit.”

Langevin said cutting down on the theft of intellectual property could be “a tough nut to crack.”

“Theft of intellectual property is far different than spy versus spy espionage from years ago,” he said. “Hundreds of billions of dollars of intellectual property is stolen each year. It’s a form of economic warfare that needs to be addressed and stopped.”

Langevin said he hopes to have an international treaty on the “rules of the road” in cyber space.

Langevin said while we will never solve the cyber security problem, we have to manage it as best we can.

“Use complex and differing passwords and ensure your programs are up to date,” he said. “Use best practices to protect yourself in cyber space, as you would wear a seatbelt to protect yourself in a car.”

Sen. Whitehouse and Rep. Langevin were joined by a number of other speakers, including: Dr. Xinwen Fu, associate professor of computer science at UMass Lowell, who gave a talk entitled, “All Mobile Devices are Watching You!”; David Sherry, chief information security officer at Brown University, who talked about “Privacy’s Evolution and Why it Matters to Security”; and Patrick Laverty, security response engineer at Aakamai, talked about “How a Hacker Sees Your Site.”

“As a defender, you have to be right 100 percent of the time, but an attacker only needs to be right once,” Laverty said.

Laverty used pictures to show how people view their sites compared to how a hacker views it.

“We see our site as fortified,” he said, showing a picture of a castle before changing it to a picture of a rundown shack. “This is how a hacker sees it.”

Next, Laverty showed a picture of someone climbing a mountain, saying this is how we hard people feel it is for a hacker to attack their site.

“This is how a hacker sees it,” he said, changing the picture to an open gate, “walking in the front door.”

Sherry said there’s a great deal of privacy in computer networks, which is dictated by laws and regulations.

“If you’ve ever used a credit card or applied for a mortgage, your data is out there,” Sherry said. “It’s impossible to stop identity theft 100 percent. If someone is after you, they can get your data.”

Sherry continued, “If you cut someone off in traffic, they’re calling your cell phone within 10 minutes.”

Sherry said when it comes to privacy and security, he believes in the government and military and recognizes they need access to our data.

“What I’m against is collecting data just for the sake of it,” he said.

Sherry was asked how he feels regarding Internet censorship and specifically with regard to how social media was used to help capture the Boston Marathon bombing suspects and should that be allowed.

“I believe in the U.S. Constitution and the freedom of speech. I believe the Internet should be free and open to everyone,” he said. “If people want to put things out there for the betterment of the U.S. and keep us safe, I’m all for it. If people are putting things out there about how to make bombs, I would hope that people come down on that. It should be self-policed.”