UCSB Chief of Cybersecurity on Protecting Digital Spaces and the Role of AI

Jackson Muhirwe, UC Santa Barbara’s Chief Information Security Officer and Chief Information Assurance Officer, is a seasoned higher education leader with more than two decades of experience in information technology (IT) and security.

For Cyber ​​Security Awareness Month, he reflects on his journey into the field, offers practical advice for safeguarding personal information online and discusses the challenges and evolving landscape of modern cyber security and the future of protecting digital spaces. From insights into massive data breaches to reflections on the role of artificial intelligence in security, these questions and answers offer valuable takeaways for the campus community and beyond.

How did you get started in the information security field?

I have worked in IT for about 25 years, with most of that time spent in higher education. About 20 years ago, I took my first security class as a graduate student. This class has opened my eyes and made me aware of cyber security.

Are there any particularly defining moments in your life that solidified your interest in researching and pursuing cybersecurity as a career?

After my graduate studies, I had the opportunity to be the Chief Information Officer of a major intergovernmental organization. This role presented many security challenges due to the confidential nature of the organization’s work. I collaborated with my leadership team, peers and service providers to establish a strong security program for the organization. This experience was a turning point in my professional life and marked the beginning of my security career.

Our personal and professional lives are more than ever intersected by cyber security. From online shopping to government services to our employers, it’s nearly impossible to live in the modern world without sharing personal or financial information on a website. What steps should everyone take to protect their information online?

Cybersecurity threats are becoming more sophisticated and prevalent, but there are critical steps everyone should take to protect their information online:

1. Strong passwords: Create strong passwords that are a combination of upper and lower case letters, numbers, and symbols. Avoid using easily guessable information such as birthdays or pet names.
2. Password Managers: Since we all have many passwords, it’s recommended to use a password manager to securely store and generate strong, unique passwords for each account.
3. Multi-Factor Authentication (MFA): Enable MFA for all online accounts that support it. This usually involves providing a second form of verification, such as a code sent to your phone or email.
4. Fishing attempts: Be wary of suspicious emails, especially those that ask for personal information or contain unexpected links. Always check the sender’s address and avoid clicking on links from unknown sources.

By following these steps, you can significantly reduce your risk of becoming a victim of cyber attacks and protect your personal information online.

We’ve gone from using the same simple password for all our accounts to requiring complex passwords, whole phrases, MFA, security questions, password managers, etc. What would you say to people who find all this too inconvenient and unnecessary?

If you lived in a neighborhood where your home was constantly attacked by criminals who want to hurt you and steal your valuables, you would probably consider increasing your home security to stop the criminals, right? UCSB systems and all of our accounts are under constant and relentless attack from cybercriminals who want to steal our information, disable our operations, and wreak havoc on our lives. The goal is to balance security with usability, making it possible for authorized users to access the information they need to access when they need it.

Massive organizations and businesses are experiencing data breaches by hackers, resulting in our personal information being leaked. Is this happening more often than before and if so why? What security measures should we expect from the organizations with which we are sharing our personal information?

In today’s online environment, it is no longer about yes you are a victim of rape, however when Data breaches have increased exponentially in recent years due to several factors. Outside, there continue to be more motivated and well-funded criminal organizations that are constantly analyzing and searching for organizations to breach.

Many organizations are struggling to keep up with this growing trend and still have unpatched systems and weak internal security controls. Improving an organization’s security posture requires a combination of strategies and tactics that include administrative, technical, and physical safeguards. One form of protection is never enough to provide solid security to an organization.

At the organizational level, the first step is to make security everyone’s responsibility. Each and every member of the UCSB community has a role to play. At some point, security measures can fail, and if they do, everyone in the organization has an obligation to detect and mitigate threats. People have less reason to worry if they act in ways that reduce the likelihood of being a victim of rape.

Over the past few years, campus management has invested in security technologies and resources to enable a comprehensive, centrally managed security program. At UCSB, we are currently implementing Secure UCSB, a cybersecurity investment program that addresses a new security mandate from the UC Office of the President. This initiative will help strengthen our overall security by enhancing protections for our campus network and university-owned devices.

What do you think the future of cyber security will look like in 20 years?

It’s hard to imagine what the future of cybersecurity will look like given how much technology has evolved over the past two decades. Organizations are using the most advanced technology available to implement solutions and solve problems that were considered impossible in the past, but cyber attacks continue to become more sophisticated as a result, so it’s hard to be optimistic. That’s why it’s critical that both individuals and organizations follow best practices and prioritize cybersecurity investments before it’s too late.

With the advancement of artificial intelligence (AI) technologies, organizations are scrambling to respond to the growing number of use cases for AI to replace humans and render some organizations and departments obsolete. These advances in AI present challenges in the higher education landscape, including bias, ethical use, abuse of intellectual property rights, uncontrolled sharing of sensitive institutional information, and more.

To address these challenges, state governments and large intergovernmental organizations are creating regulations to guide the development of AI models, data sharing, acceptable use cases, and the responsibilities of AI owners. At UCSB, we are working to develop and publicize our own set of guidelines for implementing AI, including establishing governance structures to support the responsible development and use of AI models.

What’s some of the most interesting research you’re seeing in the cybersecurity space recently?

Some of the most fascinating research in cybersecurity right now includes artificial intelligence (AI) and quantum computing, both of which present unique opportunities and challenges. In AI, advances in machine learning are improving automated threat detection, helping security teams to identify and respond to cyber threats more efficiently, this has direct implications for our work in the Operations Center of UCSB security. Generative adversarial networks (GANs) are also being used to create synthetic datasets and test security systems against realistic adversarial examples.

In terms of quantum computing, researchers are focusing on post-quantum cryptography, which aims to develop algorithms resistant to quantum attacks, and quantum key distribution, a secure method of sharing cryptographic keys that could transform secure communications.

Is there a movie, book, or pop culture reference with an interesting take on technology that you find memorable or thought-provoking?

I love movies and am always fascinated by how cyber security is portrayed in them. One of the most memorable and in my opinion one of the best cyber related movies of all time is “War Games” from 1983. It was the first cyber security related movie that I see many years ago and I have seen it again. many times since then and I still find it fascinating.

Recent global events have shown that there is a very fine line between cyber and physical warfare, a key concept depicted in this film. The film’s portrayal of how technology can inadvertently heighten tensions highlights the growing importance of cybersecurity in maintaining national and global stability, as today’s interconnected systems make it easier for cyber incidents to have large-scale physical consequences. reach