Sunday, July 15, 2018

Q&A: Gregory B. White, UTSA Center for Infrastructure Assurance and Security

Q&A: Gregory B. White, UTSA Center for Infrastructure Assurance and Security

CIAS Associate Director Dwayne Williams, CIAS Director Gregory White and United States Senator John Cornyn at a CIAS event.

(Jan. 9, 2018) -- Gregory B. White is the director of the UTSA Center for Infrastructure Assurance and Security. His career has spanned more than three decades in computer and network security, including 30 years in the Air Force and Air Force Reserves. He helped build the nation’s first undergraduate information warfare laboratory at the U.S. Air Force Academy.

At UTSA, White continues to develop and teach courses on computer and network security. His leadership of the CIAS has seen the university’s selection by the Department of Homeland Security (DHS) to develop national cybersecurity information sharing standards and a $3 million DHS grant to develop and deliver cybersecurity training to support the National Preparedness Goal of a secure and resilient nation. In 2016, he was inducted into the San Antonio Cyber Hall of Honor.

We sat down with Dr. White to learn about new developments in cybersecurity.

What is the most important thing happening in your field that no one is talking about but should be?

There are a lot of discussions going on concerning various aspects of security. The field is constantly changing. Things such as the security of the Internet of Things (IoT) is going to be crucial in the near future and not enough time has been spent on it.

Additionally, the security of our critical infrastructures has been discussed for years, but more needs to be done to secure them and to examine how the impact on one will affect the others. We have also heard a lot about the need to increase the number of security professionals and while this also is receiving attention, we are far from filling the pipeline to provide the number of needed professionals.

One thing that very few are talking about is the need to establish a culture of security. It is not enough to produce security professionals; we need every citizen to know that they have a duty and responsibility in “putting out cyber fires” and “taking a bite out of cyber crime”. This needs to start in the elementary schools, just like programs with Smokey and McGruff.

How does interdisciplinary work help research efforts in your field?

For many years, especially in the early years of cybersecurity, most viewed the solution to the problem of securing our computer systems and networks as a technology problem. If I can build a provably secure computer system then I will have solved the problem.

What we learned over the years is that this is not enough. We will put that computer in front of a human who will invariably not do what we expected and will find a way to either deliberately or inadvertently compromise security. Looking at the issue of cybersecurity as a multi-disciplinary problem with both behavioral, procedural and technical aspects allows us to better address the security needs of our computer systems and networks.

Have you had any mentors? How does their guidance inform what you do now?

I really haven’t had a security mentor. Many of the things that the CIAS is doing today were innovative and often “firsts” in the field. I have, however, been very fortunate to have a number of colleagues who I have been able to work with and to brainstorm solutions to problems. These colleagues have helped us create the often innovative approaches we have taken to security problems.

What advice do you have for this generation of students?

Cybersecurity is everybody’s business. We each have a responsibility for protecting our own information contained on computer systems and networks and have a responsibility to our employers to do the same for them. Just like it is our responsibility to lock our office doors when we leave and to pay attention to physical security, we have a responsibility to “lock” our computers and to pay attention to cybersecurity as well.

What guidance would you give a student interested in cybersecurity?

Be flexible. Do not get stuck believing that the approach you learned today to address a security issue is going to work tomorrow. The field is constantly changing in terms of both the vulnerabilities known and new technology that is introduced. If you look back a decade, when you purchased a laptop it generally included a telephone modem and this was a security concern that needed to be addressed. Today, you’d be hard pressed to find a laptop with a telephone modem. Instead, wireless connections are the way we go today, which was not the norm back then, and this has its own security concerns.

What makes the CIAS unique?

The CIAS is focused primarily on operational aspects of cybersecurity. Unlike most research centers at academic institutions, the CIAS is involved in helping to address security solutions useable today. Our efforts for over a decade have been aimed at “real-world, right-now” initiatives and also have a strong state and local perspective.

We were the first to introduce cybersecurity exercises for communities, the first to conduct a high school cybersecurity competition, and the first to develop a maturity model focused on helping states and communities develop viable and sustainable cybersecurity programs.

- Joanna Carver


Learn more about cybersecurity at UTSA.

Learn more about the UTSA Center for Infrastructure Assurance and Security.

Connect with UTSA online at Facebook, Twitter, YouTube, Instagram and LinkedIn.



UTSA Today is produced by University Communications and Marketing, the official news source of The University of Texas at San Antonio. Send your feedback to news@utsa.edu. Keep up-to-date on UTSA news by visiting UTSA Today. Connect with UTSA online at Facebook, Twitter, Youtube and Instagram.


Events