Deven Desai, associate professor of Law and Ethics at the Georgia Tech Scheller College of Business, and his co-author Christos A. Makridis, were recently awarded the Loevinger Prize for their published Jurimetrics article that seeks to re-define and quantify critical infrastructure for cybersecurity risk.
Deven Desai at Mt. Rainier
Named in honor of Lee Loevinger, Esq., a founder of Jurimetrics, the Loevinger Prize is awarded quarterly for the article that makes the best contribution to the fields of law, science, and technology. Desai and Makridis’ article, “Identifying Critical Infrastructure in a World with Supply Chain and Cross-Sectoral Cybersecurity Risk,” struck a chord with a research community already primed with worry over Covid-era supply chain issues.
It was this idea of an increasingly networked world that caused Desai and Makridis to identify cross-sectoral risk, a much bigger cybersecurity and supply chain risk that proved to redefine current critical cybersecurity infrastructure law and policy. Perhaps most importantly, their research also offered ways to quantify and assess those risks.
Thanks to movies like the "Italian Job" and "Sneakers," many are familiar with how a bad actor can exploit a vulnerability in a business’s enterprise software. “People have heard of the way a DVR, a city payment system, and even a fish tank might be exploited,” said Desai. “But these examples give the impression that the threats are specific to certain pieces of hardware or affect only one business that is being ripped off.”
In an age where software enables more and more people to work from home, threats are increasing as business requires an unheralded cross-connectedness. Desai and Makridis point to the May 2021 ransomware attacks on the Colonial Pipeline to illustrate how a failure of one business can have a ripple effect across a large sector. The fact made clear then—and that has since been underscored in an ever-increasing list of data breaches, DDOS, and ransomware—is that identifying and safeguarding cross-sectoral cybersecurity vulnerabilities matters a great deal.
The Power of Collaborative Research
Connecting Desai’s expertise in law and ethics to the world of cybersecurity and privacy was exciting interdisciplinary work. The opportunity for collaborative work of this nature was a main draw for Desai when he decided to join Georgia Tech Scheller in 2014. “I love being at Georgia Tech because going beyond reading a great paper, I can kick around new ideas with the folks who wrote that great paper,” Desai shared.
Throughout the writing process, Desai came to know Paul Pearce, assistant professor of Computer Security at Georgia Tech’s College of Computing, and Michael Bailey, the chair of Georgia Tech’s School of Cybersecurity and Privacy. With the help of Pearce and Bailey, Desai and Makridis’ research went in the right direction.
“This is a great example of how Georgia Tech folks help each other improve their access to other ways of thinking and new areas of research,” Desai said. “Law and ethics have their deep areas of knowledge, but they don’t exist in a vacuum. They need facts and insights from the research and knowledge of experts in business, cybersecurity, and computer science.”