main navigation
my pace

Dr. Jonathan Hill | PACE UNIVERSITY

News & Events

Sort/Filter

Filter Newsfeed

News Item

"Daily Voice Plus" featured Seidenberg Dean Jonathan Hill's piece "Keeping Pace: Cybersecurity horror stories must be taken seriously"

04/19/2019

"Daily Voice Plus" featured Seidenberg Dean Jonathan Hill's piece "Keeping Pace: Cybersecurity horror stories must be taken seriously"

Computer science is a hot field. Our scientific and business communities depend on it.

Every day we read stories about innovation in the mainstream and business press on topics like artificial intelligence, deep learning and machine learning. We read about giant companies coming to set up business in town, bringing with them thousands of tech-related jobs. We read about canceled deals and angry politicians.

The constant flurry of information is exciting, but it can also produce anxiety. As computing technologies advance, so do the opportunities for your business — including the very real opportunities to be left behind by competitors who adopt and adapt faster or better than you.

Even more alarming are the constant cybersecurity horror stories of attacks on businesses of every size, stories that are rapidly multiplying. We hear all about the growing sophistication and relentless nature of the hackers who perpetrate these attacks. And Amazon’s pullout from New York City has had a deflating effect on many people in the industry, whether they agreed with the subsidies or not, because losing 25,000 white-collar jobs is a loss that will be felt from Long Island City to New Rochelle.

Media coverage can fuel the fear of being left behind by new technologies, as well as increase our sense of vulnerability to threats like hackers. When our neighbors are appearing in the news from one day to the next, it’s a very real concern to have.

Articles like the recent ones about the lack of seats available in computer science classes, on foreign powers surpassing the U.S. in powerful technologies like AI and The New York Times piece on how women became so undervalued in a software development industry that they did so much to build are forwarded myriad times by well-intentioned colleagues whenever they run. I receive these with a note that is usually a variation on the question: what are you going to do about it?

So what I am going to do about it is this: my colleagues and I will continue to educate and train the technology workforce of 2025 and the executive tech workforce of 2040. Along the way, we also educate the founders who will drive the emerging Westchester start-up scene, who will conduct the research at the proposed Westchester Biotech hub and who will take the burgeoning number of technology jobs in this area that have been difficult to fill.

While seats at some of the country’s large public universities may be tough to come by, we have seats in our computer science classes at Pace University. Some of these classes are for career changers or those looking to brush up on their skills in order to keep up with the constantly developing tech environment in which they work.

Many topics like AI, machine learning, cybersecurity, bioinformatics, robotics and data analytics are increasingly foundation knowledge in every industry and are going to be needed for executives, managers and line workers as well. If that sounds far-fetched, New York Presbyterian Hospital recently created an introductory course on artificial intelligence for its employees. It ran out of spaces.

Building awareness among the workforce is key to maintaining Westchester’s reputation as a center for science-driven business. The Regenerons of our area and the next generation of life science businesses that will move and be founded here will need a technologically sophisticated workforce.

To attract and keep these new businesses here, we need to fill our computer science (and other STEM disciplines) classrooms with smart, ambitious people who will not only be aware, but will want to own these technology processes and take them to the next level. White Plains Hospital is developing a new innovation and accelerator initiative to develop the technologies they need to best serve their patients — while identifying and developing entrepreneurial talent in the health care technology space.

Read the article.

News & Events

Sort/Filter

Filter Newsfeed

News Item

"Westchester County Business Journal" featured Dean Jonathan Hill's piece "Keeping Pace: Cybersecurity horror stories must be taken seriously"

04/15/2019

"Westchester County Business Journal" featured Dean Jonathan Hill's piece "Keeping Pace: Cybersecurity horror stories must be taken seriously"

Computer science is a hot field. Our scientific and business communities depend on it.

Every day we read stories about innovation in the mainstream and business press on topics like artificial intelligence, deep learning and machine learning. We read about giant companies coming to set up business in town, bringing with them thousands of tech-related jobs. We read about canceled deals and angry politicians.

The constant flurry of information is exciting, but it can also produce anxiety. As computing technologies advance, so do the opportunities for your business — including the very real opportunities to be left behind by competitors who adopt and adapt faster or better than you.

Even more alarming are the constant cybersecurity horror stories of attacks on businesses of every size, stories that are rapidly multiplying. We hear all about the growing sophistication and relentless nature of the hackers who perpetrate these attacks. And Amazon’s pullout from New York City has had a deflating effect on many people in the industry, whether they agreed with the subsidies or not, because losing 25,000 white-collar jobs is a loss that will be felt from Long Island City to New Rochelle.

Media coverage can fuel the fear of being left behind by new technologies, as well as increase our sense of vulnerability to threats like hackers. When our neighbors are appearing in the news from one day to the next, it’s a very real concern to have.

Articles like the recent ones about the lack of seats available in computer science classes, on foreign powers surpassing the U.S. in powerful technologies like AI and The New York Times piece on how women became so undervalued in a software development industry that they did so much to build are forwarded myriad times by well-intentioned colleagues whenever they run. I receive these with a note that is usually a variation on the question: what are you going to do about it?

So what I am going to do about it is this: my colleagues and I will continue to educate and train the technology workforce of 2025 and the executive tech workforce of 2040. Along the way, we also educate the founders who will drive the emerging Westchester start-up scene, who will conduct the research at the proposed Westchester Biotech hub and who will take the burgeoning number of technology jobs in this area that have been difficult to fill.

While seats at some of the country’s large public universities may be tough to come by, we have seats in our computer science classes at Pace University. Some of these classes are for career changers or those looking to brush up on their skills in order to keep up with the constantly developing tech environment in which they work.

Many topics like AI, machine learning, cybersecurity, bioinformatics, robotics and data analytics are increasingly foundation knowledge in every industry and are going to be needed for executives, managers and line workers as well. If that sounds far-fetched, New York Presbyterian Hospital recently created an introductory course on artificial intelligence for its employees. It ran out of spaces.

Building awareness among the workforce is key to maintaining Westchester’s reputation as a center for science-driven business. The Regenerons of our area and the next generation of life science businesses that will move and be founded here will need a technologically sophisticated workforce.
To attract and keep these new businesses here, we need to fill our computer science (and other STEM disciplines) classrooms with smart, ambitious people who will not only be aware, but will want to own these technology processes and take them to the next level. White Plains Hospital is developing a new innovation and accelerator initiative to develop the technologies they need to best serve their patients — while identifying and developing entrepreneurial talent in the health care technology space.

Read the article.

News & Events

Sort/Filter

Filter Newsfeed

News Item

"The Guardian" featured Pace University's dean of computer science and information systems Dr. Jonathan Hill in "A 'black eye; for Apple: FaceTime bug shakes faith in iPhone security"

01/30/2019

"The Guardian" featured Pace University's dean of computer science and information systems Dr. Jonathan Hill in "A 'black eye; for Apple: FaceTime bug shakes faith in iPhone security"

Cybersecurity expert sees ‘nightmare scenario’ for company as app allows third parties to eavesdrop

It was a tin-foil hatted conspiracy theorist’s wildest prognostication come true: the trusty and beloved iPhones that accompany users to work, to bed and even to the toilet suddenly transformed into an all-purpose spying device, transmitting audio and video to anyone with your phone number or email.

“This is the nightmare scenario,” said Marcus Carey, a cybersecurity expert and author of Tribe of Hackers. “It does incite privacy fears because this is the same scenario that most people fear from the US government and other regimes.”

The bug, which was publicized Monday, transmitted audio (and, under certain circumstances, video) to a caller despite the recipient not having accepted the call. It was triggered when the initial caller added a third person to a FaceTime call. Though Apple has yet to issue a software patch, the company has disabled group chatting on FaceTime, preventing users from further exploiting the bug.

Advertisement

But the major flaw in FaceTime has raised concerns about Apple’s security practices just as the company reports disappointing financial results. And reports that a teenager and his mother spent days attempting to alert Apple to the problem have also raised questions about the company’s procedures for receiving reports of vulnerabilities.

Michele Thompson, an Arizona attorney whose identity was confirmed by the Wall Street Journal, began posting about her son’s discovery of the bug on Facebook and Twitter on 20 January – eight days before Apple took action.

“My son just found a major flaw in Apple’s new iOS, that allows you to hear another person in the vicinity of their iPhone or iPad,” Thompson wrote on Facebook. “We just submitted the bug report to Apple and are waiting to hear back. We won’t provide the details since it’s a major security risk, but it’s unbelievable that my 14-year-old figured this out.”

Thompson made numerous attempts to alert Apple to the problem, first through social media and later through the company’s customer service system, according to the Journal. She eventually went so far as to register as a developer in order to submit a report through Apple’s bug bounty program.

Katie Moussouris, the founder of Microsoft’s bug bounty program and CEO of Luta Security, said that the problem for Apple was not that it failed to act quickly enough to patch the bug, but that it failed to manage Thompson’s expectations of how quickly a bug can be patched.

“It’s best not to rush,” Moussouris said. “You have to do in-depth investigations or else you can have unintended consequences. You don’t want people issuing patches that no one trusts or that break other things.”

For Apple, the best case scenario would have been to keep the existence of the vulnerability secret until the patch was tested and ready, Moussouris explained, a process that could reasonably take 30 to 60 days.

“You have to do this balance between thoroughness and timing, and in this circumstance there were misunderstandings that are understandable, and a missed opportunity for level-setting expectations,” she said.

That a phone call should start transmitting audio before the recipient picks up is counterintuitive to the lay person, but FaceTime was probably designed that way on purpose, according to someone who has built a similar system.

Luke Ma, the director of product management at video conferencing company BlueJeans Network, explained that software like FaceTime will initiate audio and video connections as soon as the call is made, and then mute them until the call is accepted.

“In order to accelerate speed of connection, your call is fully connected as soon as it can and your ‘answering’ the call basically just un-mutes everything,” Ma said.

Or, as Dr Jonathan Hill, dean of computer science and information systems at Pace University, put it, the ability for your phone to send audio before you answer is “not a bug. It’s a feature.”

Read the full article.

News & Events

Sort/Filter

Filter Newsfeed

News Item

Chinese Media "New York Today" featured Seidenberg's Dean Jonathan Hill, School of Education's Professor Lauren Birney and Provost Vanya Quiñones speaking about the "Billion Oyster Project" and "STEM"

07/16/2018

Chinese Media "New York Today" featured Seidenberg's Dean Jonathan Hill, School of Education's Professor Lauren Birney and Provost Vanya Quiñones speaking about the "Billion Oyster Project" and "STEM"

Watch the news clip .

(interviews are in english)

News & Events

Sort/Filter

Filter Newsfeed

News Item

"Westchester County Business Journal" featured Dean Johathan Hill's piece "Jonathan H. Hill: A workable cybersecurity solution for Westchester"

05/01/2018

"Westchester County Business Journal" featured Dean Johathan Hill's piece "Jonathan H. Hill: A workable cybersecurity solution for Westchester"

Jonathan Hill is the dean of the Seidenberg School of Computer Science and Information Systems at Pace University.

It is hard not to feel helpless in the face of the latest news from the war on our digital privacy. Facebook, the place where we share our vacation photos and receive reminders about our best friends’ birthdays, has been “mined” for personal data on millions of individuals, some of which was used to send “fake news” to vulnerable users.

The list of attacks on major consumer sites and major businesses continues to grow unabated. 2018 is not even halfway through and we have already learned of major attacks on the likes of travel search site Orbitz. Attacks are not limited to corporate victims: hospitals, like St. Peter’s Surgery and Endoscopy Center in Albany, which was hit with a major malware attack, are also under threat. Even the Department of Homeland Security was breached by an insider who lifted Personally Identifiable Information (PII) on more than 240,000 staffers and contractors.

Westchester County, one of the nation’s wealthiest counties with its concentration of major corporate headquarters, is seen as a particularly rich target by cyber hackers around the world. The county was the target of a high-profile cyberattack on an industrial control system (ICS) — the Bowman Avenue Dam in Rye Brook — by Iranian hackers, and was also the scene of a sophisticated identity theft ring that allegedly defrauded ride-sharing drivers of millions of dollars.

New technologies, despite being developed in this era when the risk of cyber vulnerability is well known, are under just as much pressure and are, likewise, in danger of being overwhelmed by cyberattacks. Cryptocurrency platforms like Ethereum have suffered ongoing attacks and substantial financial losses. The threats to software-controlled technologies like driverless cars and drones is a significant concern. In addition, the emergence of a variety of “internet of things” devices like home security systems, many of which run on outdated and therefore more vulnerable, software, represents a new opportunity for cyberhackers to attack individuals directly. IBM predicts that more than 11 billion devices will be connected to the internet this year.

While the first generation of cyberhackers were often “script kiddies”’ whose motivations were often just the thrill of breaking in to a closed system, today we grapple with much more sophisticated professional hackers whose motivations are either financial, or destructive in the military offensive context. As such, they are either employed by organized crime rings, or are part of an official or quasi-official national security apparatus from a government that is competing with, or hostile to, the United States. These people are motivated and they are good technologists operating in a world where the stakes for the theft of personal information, the opportunity to take control of an industrial controlling device, or to influence the outcome of an election are the highest that they have ever been. We know that these attacks will continue and that they will increase in number and in sophistication.

Short of turning off our computers and leaving our cellphones in a basket by the door, what solutions do we have? The most powerful tool that we have at our disposal is education. We must teach people both the tools to defend their businesses and homes from cyberattacks, and the open sharing of information, because in that way we can learn from each other and be resilient in the face of ongoing attacks.

At Pace University’s Seidenberg School of Computer Science and Information Systems, a National Security Agency-certified Center of Academic Excellence in Cyber Defense Education, we bring government, law enforcement, industry and academic leaders together on a regular basis to share their tools, tactics, successes and failures to ensure that the community is fully aware of the current state of the cybersecurity threat. In this way, we also learn from one another and can build a substantial database of the techniques that have worked in cybersecurity, as well as those that have not worked.

It is unfortunate that, as with any crime, those who have been victimized are often reticent to share their experiences and to admit to their peers that they were attacked. The growing movement to hold corporate officers, including the board of directors and executives, liable for cybersecurity break-ins can make them even less willing to share. This needs to change: the need for open sharing of vulnerabilities, attacks, responses and successful recovery plans is a way to get actionable information into the hands of the chief information security officers, law enforcement professionals and technologists who can employ them as part of a broader national strategy to make the internet safe for business transactions — as well as safe place to wish your best friends an enthusiastic
happy birthday.

Read the article.