Key Takeaways
- The Indo‑Pacific Cybersecurity Innovation Forum brought together academia, industry, and government to strengthen digital security and critical‑infrastructure resilience across the region.
- Speakers highlighted emerging threats to critical infrastructure, supply‑chain security, and the dual‑use nature of artificial intelligence in both attacks and defenses.
- Discussions emphasized the need for proactive threat intelligence, secure cloud architectures, and rigorous resilience testing for systems such as transportation, power, water, and healthcare.
- Human behavior, economics, and system design were identified as pivotal factors influencing cybersecurity outcomes, underscoring the importance of interdisciplinary approaches.
- Public‑private partnerships, exemplified by collaborations between UH Mānoa, local fintech firms, and national agencies, are essential for building repeatable, compliant security solutions tailored to island communities.
- The forum reinforced the University of Hawaiʻi at Mānoa’s role as a hub for Indo‑Pacific cybersecurity, aiming to translate research into real‑world protection for Hawaiʻi’s residents and broader regional stakeholders.
Forum Overview and Objectives
The Indo‑Pacific Cybersecurity Innovation Forum, held on April 29 at the University of Hawaiʻi at Mānoa’s Campus Center, convened cybersecurity experts, researchers, and industry leaders for a day‑long exchange focused on bolstering digital security, enhancing critical‑infrastructure resilience, and promoting responsible artificial‑intelligence (AI) use. Organized by the Department of Information and Computer Sciences, the event featured technical talks, policy panels, and hands‑on workshops designed to expand regional cybersecurity capacity and foster stronger public‑private partnerships throughout the Indo‑Pacific. Professor Mehdi Tarrit Mirakhorli articulated the forum’s mission, stating that UH Mānoa aims to position Hawaiʻi as a regional hub by uniting academia, industry, and government to confront real‑world threats and fortify essential services.
Emerging Threat Landscape
Presenters examined a range of emerging threats that jeopardize critical infrastructure, including sophisticated attacks on supply chains, disruption of transportation networks, and the manipulation of AI systems for offensive purposes. David Carroll of GDIT and Josiah Dykstra of RTX BBN detailed how adversaries increasingly exploit software dependencies and compromise trusted vendors to gain footholds in essential services. The discussions underscored that threats are no longer isolated incidents but part of a complex, evolving ecosystem where nation‑state actors, cyber‑criminal syndicates, and insider threats intersect, demanding continuous vigilance and adaptive defenses.
AI’s Dual Role in Cybersecurity
A significant portion of the forum centered on AI’s paradoxical impact: while machine‑learning models can accelerate threat detection and automate response, they also empower adversaries to craft more evasive malware, deep‑fake social engineering, and adversarial inputs that subvert defensive systems. Mengran Xue of RTX BBN and Nick Tsamis of MITRE presented case studies showing how attackers poison training data or exploit model‑inversion techniques to evade detection. Conversely, speakers highlighted defensive AI applications such as anomaly‑driven network monitoring, predictive vulnerability scoring, and automated incident triage, stressing the need for robust model governance, transparency, and continual validation to ensure AI remains a net benefit to security posture.
Supply‑Chain and Software Security Strategies
Sessions dedicated to supply‑chain security explored methodologies for verifying the integrity of third‑party components, implementing zero‑trust architectures, and employing software bill of materials (SBOM) to enhance traceability. Robert Martin of MITRE advocated for integrating security checks throughout the DevOps lifecycle, from code commit to deployment, utilizing automated scanning, signature verification, and runtime protection. Participants emphasized that securing the software supply chain is not a one‑time effort but a continuous process requiring collaboration between developers, vendors, and end‑users to mitigate risks posed by compromised libraries or malicious updates.
Critical Infrastructure Resilience Testing
Afternoon workshops focused on resilience testing for vital services such as power grids, water treatment facilities, healthcare systems, and transportation networks. Craig Opie, co‑founder and CTO of Holocron Security, shared his perspective as an island resident, noting that failures in these services have immediate, tangible impacts on families and neighbors. He argued for repeatable, compliance‑driven delivery of secure technology that can withstand real‑world stresses. Demonstrations included red‑team/blue‑team exercises, chaos engineering, and tabletop simulations designed to expose weaknesses in incident‑response plans and validate recovery capabilities under adverse conditions.
Human Behavior, Economics, and System Design
Researchers highlighted that technical controls alone cannot guarantee security; human factors, economic incentives, and architectural decisions play decisive roles in determining outcomes. Studies presented showed how user fatigue, poor security culture, and misaligned budget priorities can undermine even the most sophisticated defenses. Conversely, designing systems with usability in mind—such as clear authentication flows, minimal privilege access, and intuitive incident‑reporting tools—can reduce error rates and improve adherence to security policies. The forum urged stakeholders to adopt a holistic view that integrates behavioral science, economic analysis, and human‑centered design into cybersecurity strategies.
Public‑Private Partnerships and Community Impact
The forum showcased several successful collaborations between UH Mānoa, local fintech firms, and national agencies such as GDIT, RTX BBN, and MITRE. These partnerships exemplified how shared threat intelligence, joint research projects, and coordinated response frameworks can amplify defensive capabilities beyond what any single entity could achieve. Leaders from First Hawaiian Bank and Bank of Hawaii discussed real‑world challenges in protecting sensitive financial data, emphasizing the importance of continuous monitoring, employee training, and adaptive policy updates. By aligning academic innovation with industry practicality, the forum aimed to create a sustainable ecosystem that safeguards Hawaiʻi’s critical assets while serving as a model for other Indo‑Pacific jurisdictions.
Conclusion and Future Directions
Indo‑Pacific Cybersecurity Innovation Forum succeeded in highlighting the multifaceted nature of modern cyber threats and the corresponding need for integrated, resilient solutions. Key takeaways included the recognition of AI’s dual‑use nature, the imperative of supply‑chain vigilance, the value of rigorous resilience testing, and the critical influence of human and economic factors on security outcomes. Moving forward, UH Mānoa intends to sustain momentum by expanding research initiatives, hosting regular forums, and deepening ties with governmental and private sector stakeholders. Through these efforts, the university aspires to cement Hawaiʻi’s role as a leading center for cybersecurity innovation, thereby enhancing the safety and stability of critical infrastructure across the Indo‑Pacific region.