Kick Off the New Year With a Comprehensive Cybersecurity Reading List

When you assemble your 2018 cybersecurity reading list, there may be no better place to start than with BookAuthority, a website based on thousands of recommendations made by hundreds of industry leaders. Hone your skills and increase your knowledge base by adding the following top entries from BookAuthority’s “100 Best Cyber Security Books of All Time” to your 2018 reading list.

“Blue Team Field Manual,” by Alan J. White, is a cybersecurity incident response guide aligning with the NIST Cybersecurity Framework consisting of the five core functions—identify, protect, detect, respond, and recover—by providing the steps to follow and commands to use when encountering a cybersecurity incident.

“Cyber Security Handbook: Protect Yourself Against Cyber Crime,” by W. Muse Greenwood, is an information resource to help business owners, leaders and team members develop policies and procedures.

“Future Crimes: Everything Is Connected, Everyone Is Vulnerable and What We Can Do About It,” by Marc Goodman, offers a journey into the digital underground to expose the ways in which criminals, corporations, and even countries are using new and emerging technologies.

“Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon,” by Kim Zetter, recounts the story behind the virus that sabotaged Iran’s nuclear efforts. Zetter’s book describes how a digital attack can have the same destructive capability as the most destructive bomb.

“The Plot to Hack America: How Putin’s Cyberspies and WikiLeaks Tried to Steal the 2016 Election,” by Malcolm Nance, is must reading for anyone concerned with the way in which cyber thieves hacked the Democratic National Committee and stole sensitive documents, emails, donor information, and voice mails with the singular goal of getting Donald Trump elected president.

Finally, you will want to add “Cybersecurity Leadership: Powering the Modern Organization,” by University of Maryland University College’s own Mansur Hasib, widely acclaimed as the definitive book on cybersecurity leadership and governance. It defines cybersecurity and expands upon its three key tenets—people, policy and technology.

7 Cybersecurity Predictions for 2018 – UMUC Experts Weigh in on the Future of Workforce, Skills, Disruptive Technologies and More

Cybersecurity remains a top global priority and affects just about every aspect of our lives, including politics and voting systems, national defense, artificial intelligence, social media, mobile devices, the Internet of Things (IoT), financial systems and more. As 2017 comes to a close, Cybersecurity faculty experts at the University of Maryland University College offer their industry predictions—and calls to action—for 2018 and beyond.

1. It’s the Status Quo for 2018 and a Call to Action for the Future.

Ajay Gupta, program chair of Computer Networks and Cybersecurity and faculty sponsor of the UMUC Cyber Padawans Hacking Competition team said he sees no change in the current state of the cybersecurity industry.

We’ve known for a while that we are not graduating or training enough professionals; that has not changed. We’ve also known for a while that systems in every industry are at risk, and that has not changed. Moreover, organizations across industries have not made significant improvements to their security posture even after a digital “Pearl Harbor” with the Equifax breach.

I predict that until we make measurable advances in training professionals who are equipped to mitigate risk across the digital enterprise, we will see no change.

2. There Will Be a Refocus on Developing the Cyber Workforce of the Future.

Loyce Pailen, director of UMUC’s Center for Security Studies, said that during 2018 and over the next few years, cybersecurity and cyber terrorism will continue to impact the organizational, personal, U.S. governmental and political landscapes—and that will force larger segments of society to refocus on developing the cyber workforce of the future.

I predict that the dearth of cyber-trained professionals evident in the early 2010s will reach a critical point by 2020, which will force higher education and secondary-school educators to create cybersecurity programs. Parents, community leaders and others will also begin to include—and require—cybersecurity literacy in pre-schools and primary schools.

My long-term prediction and wish is that media socialization through ad campaigns, films, books, music, gaming and other sources will make “cyber speak” so common that students will grow up to be more readily capable of appreciating and seeking cybersecurity careers.

3. The Cycle Time to Credential Qualified Cybersecurity Professionals Will Be Compressed.

Valorie King, program chair of Cybersecurity Management and Policy at UMUC predicts that workforce demands will dictate a further compression of the cycle times for educating, training, and credentialing cybersecurity professionals. Employers will seek out qualified individuals regardless of bachelor’s- or master’s-degree status and will rely on learning experiences from outside of academia. Badging and alternative forms of credentialing also will gain traction as ways of “qualifying” for entry into the career field or for advancement on a career ladder, King said.

4. Expect a Rise in Skills-Based Hacking Competitions.

Jesse Varsalone, collegiate associate professor of Computer Networks and Cybersecurity as well as head instructor for the UMUC Cyber Padawans Hacking Competition team, piggy-backs on King’s projection with his prediction that, an increasing number of businesses will come to value and support skills-based hacking competitions as a way to provide students and professionals with the critical-thinking and decision-making abilities they need to succeed in a cybersecurity career.

More organizations will come to realize that students who are actively engaged in competitions have a better opportunity to learn and demonstrate their skills. On the flip side, Varsalone said, employers will come to see that watching a student perform technical tasks in a high-pressure team environment provides a great deal more confidence for hiring.

5. The Adoption of Blockchain Technology Will Impact Cybersecurity.

Balakrishnan Dasarathy, collegiate professor and program chair for Information Assurance in UMUC’s Graduate School predicts that one area in the application space—blockchain—is going to explode in 2018 and beyond. Blockchain is the technology that supports the use of vast distributed ledgers to record any transaction and track the movement of any asset, whether tangible, intangible, or digital and open to anyone.

Blockchain technology’s disruptive aspect is its potential to eliminate intermediaries, such as government agencies, banks, clearing houses and companies like Uber, Airbnb and eBay. Blockchain provides these and other companies a measure of speed and cost savings when executing transactions. The blockchain shared, distributed and replicated ledger allows transacting parties to directly update the shared ledger for every transaction. Since parties interact directly through the shared ledger, they have to trust each other, and the transaction records in the shared ledgers should be visible only to the right parties. As such, cybersecurity technologies, specifically cryptography and access control, are critical enabling technologies for blockchain.

6. A Proliferation of Internet of Things (IoT) Will Drive Focus on Security.

Bruce deGrazia, program chair and collegiate professor of Cybersecurity said more and more devices will be connected in 2018, but security will be overlooked. We all know about IoT appliances such as refrigerators and washing machines, but unsecured children’s toys and other smaller devices will be the next frontier, deGrazia said.

7. Machine Learning Will Give Rise to Cybersecurity Challenges and Solutions.

Tamie Santiago, collegiate associate professor of Cybersecurity Policy predicts we’ll see the continued explosion of products in virtual reality, robotics, and the machine-learning space, in which artificial intelligence (AI) is a major component. Just this past year, Saudi Arabia welcomed Sophia, developed by Hanson Robotics, as the world’s first robot citizen, and UK-based AiX introduced a new AI platform for crypto trading that acts as your personal broker.

As AI spreads into every industry, new exploits and vulnerabilities will most likely arise. But, also, cybersecurity may benefit by relying on AI technology to identify attack vectors with more speed and precision.

Cybersecurity Awareness Month Wrap-up: UMUC Covered a Lot of Ground

The University of Maryland University College (UMUC) marked National Cyber Security Awareness Month this past October with a slate of events and activities that stressed the importance of leadership, workforce skills, and strategies to help businesses and the public stay safe online.

Through our Facebook Live Interview series, sponsorship of the Cyber at the Crossroads Symposium, and participation in CyberMaryland 2017, UMUC cybersecurity experts shared insights into the following:

  • How Skills-based Hacking Competitions Build Critical Thinking Skills. Ajay Gupta, chair of the Computer Networks and Cybersecurity program at UMUC, opened our Facebook Live series by discussing how these competitions build essential real-world, hands-on technical skills in data forensics, network defense, ethical hacking and other areas. Gupta suggested they also foster collaboration and develop the critical—and quick—thinking skills needed to complete complex, often unfamiliar tasks.
  • What Managers and Leaders Need to Understand About Cybersecurity. Valorie King, chair of UMUC’s Cybersecurity Management and Policy program, followed Ajay’s session with a discussion about how business leaders need to understand cybersecurity at a level that makes it possible for them to effectively lead those entrusted with safeguarding their organization’s people, processes, and technologies.
  • What’s the Difference Between Security and Cybersecurity? Finally, we concluded our Facebook Live series with Mansur Hasib, chair of UMUC’s Cybersecurity Technology program, who explained the critical distinctions between these two concepts and the role cybersecurity plays in the upper management and the healthcare space.
  • Lessons Learned from Eligible Receiver 97. On Oct. 10, UMUC hosted the daylong “Cyber at the Crossroads” symposium, co-sponsored by the National Security Agency’s Cyber Center for Education and Innovation–Home of the National Cryptologic Museum. During the event, national cybersecurity leaders from government, military, industry and academia, explored in-depth the wide-ranging implications of the secret exercise—Eligible Receiver 97—that the Pentagon conducted 20 years ago to assess the vulnerabilities of Department of Defense computer networks.
  • How to Prepare the Cyber Leaders of Tomorrow. UMUC sponsored the education track at the Cyber Maryland 2017 conference that convened on Oct. 11 at the Baltimore Convention Center. Emma Garrison-Alexander, vice dean of UMUC’s Cybersecurity & Information Assurance program, moderated the session, “Cybersecurity Leadership: Preparing the Cyber Warriors of the Future,” which highlighted best practices for achieving effective cybersecurity leadership across public and private organizations and industries, as well as local, state and federal government agencies.

To learn more about all of our activities during the month of October, read our complete coverage in the UMUC Global Media Center.

Combating Ransomware Attacks: The Reasons for Their Rise and the Ways We Can Prevent Them

As has been widely reported, a new wave of cyberattacks has hit Europe, possibly a reprise of the widespread ransomware assault in May that affected 150 countries.

Ransomware, typically delivered via malicious email or infected third-party websites, is a family of malware that either blocks access to a PC, server, or mobile device or encrypts all the data stored on that machine. Similar to a kidnapping or hijacking with a ransom demanded in return for release, the perpetrator of a ransomware attack takes possession of valuable data or files belonging to individuals or businesses and then demands payment in the form of electronic currency called “Bitcoin” for their return.

According to a report earlier this year by NBC News writer Herb Weisbaum, citing the FBI, ransomware payments for 2016 are expected to hit a billion dollars compared to the $24 million paid in 2015. And that figure is expected to rise, with more victims and more money lost. Why the dramatic rise?

  1. Easier access to technology. Criminals have increased access to sophisticated technology to conduct these attacks. Even highly sophisticated tools developed by NSA and other similar advanced tools are now in the hands of criminals. Also, criminals are making continuous improvements to such technology, and have banded together to turn this type of crime into an organized business.
  2. Increased profitability. The business of ransomware has become highly profitable. Therefore, highly talented programmers are choosing to make this their profession— and they are making a lot of money in this way.
  3. Organizations are lagging in innovation. Arguably, the most important reason is that individuals and organizations are not paying attention to continuous improvement or innovation in the technology they use or the protection systems they have in place. Without innovation, such individuals become sitting ducks. Without innovation, regardless of how good your technology is, hackers will eventually get in. Because the probability of a higher payout with organizations is greater, criminals are targeting organizations at a higher rate. However, everyday computer users are also being targeted.

Shegoftah Nasreen Queen (SNQ), Bangla Service, Voice of America, recently interviewed Dr. Mansur Hasib, program chair, Cybersecurity Technology, The Graduate School at the University of Maryland University College, to learn more about the reasons for the rise and solutions for combating this pervasive cyber threat. Read the full interview.

The Internet of Things Is Changing the Way We Live—Should We Be Worried?

The Internet of Things (IoT) is on the rise, and so are the threats associated with the interconnectedness of our devices. Eighty four percent of organizations that have adopted IoT report experiencing at least one IoT-related security breach—and 93 percent of executives expect IoT security breaches to occur in the future—according to a February 2017 Aruba Networks study. Malware, spyware, and human error are the most common problems the study also reported.

It’s widely accepted that the number of IoT security breaches will only grow in the near future. To quote a 2016 Forrester Research report: “When smart thermostats alone exceed one million devices, it’s not hard to imagine a vulnerability that can easily exceed the scale of other common web vulnerabilities, especially if multiple IoT solutions include the same open source component.”

IoT affects everyone, not just large corporations with industrial equipment. From smart thermostats to smart refrigerators, dishwashers, and washers and dryers, we’re all part of the landscape and vulnerable to threats.

What are we to make of the proliferation of the IoT and how concerned should we be?

For answers, read the white paper by Balakrishnan Dasarathy, UMUC collegiate professor and program chair for information assurance, The Graduate School.

UMUC’s Mansur Hasib Gets Serious About Cyber Education

MansurMansur Hasib, program chair for Cybersecurity Technology, University of Maryland University College (UMUC) Graduate School, and a well-known thought leader in health care technology and cybersecurity, recently won the Cybersecurity Association of Maryland’s (CAMI) People’s Choice Award for lifetime achievement.

Before a sold-out crowd of 250 attendees at the American Visionary Art Museum in Baltimore on March 22, CAMI presented 13 awards to Maryland companies, organizations and individuals judged to have outstanding cybersecurity products, services or programs, or to have made a substantial contribution to Maryland’s cybersecurity industry.

Hasib, who holds a doctorate in cybersecurity and is a former chief information officer with 30 years of public and private sector experience in health care, biotechnology, education, and energy, has always maintained that cybersecurity has three core elements — people, policy and technology. People make the decisions on what technology to use and how to support it. People determine the strategy, they configure the technology, and they use it. Leadership is critical because we need to engage people toward a business purpose and a mission.

Hasib recently spoke to HealthManagement.org and shared his thoughts on cybersecurity governance and offered his insights into how critical cybersecurity education is to Health Information Technology students.

Read the full interview.

Bridging the Gap for Women in Cybersecurity : Five Questions for Loyce Pailen, Director of the University of Maryland University College Center for Security Studies

Women hold 56 percent of all professional jobs in the U.S. workforce, but only 25 percent of IT jobs, according to the National Center for Women and Information Technology. And among women in IT, only 11 percent work in information security, reports the Women’s Society of Cyberjutsu (WSC).

Earlier this month, on March 8, we celebrated International Women’s Day, so there is no better time to explore why this deficit exists and, perhaps, offer some solutions to help expand the pipeline of women in the cybersecurity field.

LoyceUMUC’s Cyber Connections caught up with Dr. Loyce Pailen, director of the Center for Security Studies and a cybersecurity pioneer with more than 35 years of wide-ranging experience in software development, project management, telecommunications, risk management, and network and systems security and administration. She shares her thoughts on the future of women in cybersecurity.

CC: For starters, what keeps you up at night in the cybersecurity space? What should we be focusing on?

LP: During the 2016 presidential election, there was considerable discussion regarding cybersecurity issues that related to email servers, election hacking and nation-state cyber intrusions. As a cyber-professional, I was concerned that the media and politicians tossed around cybersecurity-related stories, terminologies and notions to a general populace that did not understand cybersecurity concepts well enough to make sense of what they were hearing and make intelligent decisions.

For those girls and women inclined toward technology, do not let any imaginary barrier stop you from entering the field. For those women in non-technical fields, embrace cybersecurity and make your positions more valuable to your organization or agency.

Nonetheless, this dilemma was a call-to-action for my second issue of concern, the dearth of skilled individuals to fill current and future cybersecurity workforce needs. Experts say that more than 300,000 jobs exist today—jobs that are vacant because, nationwide, we do not have people with the cybersecurity skills to fill them.

For the future, that number of openings will increase exponentially. For example, results of the eighth Global Information Security Workforce Study (GISWS) indicated that the projected workforce shortage would reach 1.8 million professionals by 2022 (ISC2). And forget about minimum wage jobs. Even at entry level, these are high-paying cybersecurity positions in the public and private sectors.

My concern is that we are not raising our children with the cybersecurity awareness and education required for the digital age in which we live. My call to action was to author a series of fun, illustrated children’s books on cybersecurity so that youngsters—and those who like to read to them—can grow familiar with cyber terms, technologies and careers. Just think where we would be today with cybersecurity workforce needs if Harry Potter were a cybersecurity person!

CC: Tell us a little bit about your career path, as a woman in the field, and the hurdles you’ve overcome?

LP: I’ve been out of the public and private sector for several years now, so some of the hurdles that I experienced in my career path to information technology and cybersecurity have faded. Only recently, I did reflect on the obstacles as I watched the movie “Hidden Figures” about African-American women at NASA entering the field of data processing.

It recalled the days of punched cards, Fortran programming, large mainframes, and the discrimination in the male-dominated field of information technology, and once again it became familiar. But the issues were never insurmountable. Dwelling on those problems tends to stifle one’s growth and productivity.

CC: What do you think canand shouldbe done to expand the cybersecurity pipeline for women and minorities?

LP: My entire career, both in information technology and in software development for a large media company’s circulation systems, has been male-dominated. My current concern after more than 30 years in the cybersecurity industry, it’s disheartening to see, is that the field’s male domination is still the same, and many of the issues that existed early on still occur.

The gender and racial imbalance was evident to me in workshop sessions I attended at a recent 2017 Black Women in Computing (BWIC) Conference at Howard University, where continuing racial concerns in the technology and cybersecurity fields dominated the conversations of up-and-coming female computer scientists.

I recently witnessed an amusing incident at the 2017 RSA Conference in San Francisco that underscored the male domination of cybersecurity. Possibly the largest conference in the cybersecurity arena with 40,000 attendees, the male domination was so overwhelming that the lines to the men’s restroom stretched down long hallways and, for once, women experienced no lines at all. I found this a refreshing turnaround from the traditional.

In its own way, the lines illustrated the male domination of the cyber field. More realistically though, I believe a quick analysis of each conference-speaker’s gender would also accentuate the imbalance.

CC: So, why do you think we are we still at this juncture?

LP: Unfortunately, outside of the fact that we have not done well educating our youth, I am not sure why, because it seems that when society wants to instill something in children’s minds and produce positive habits, we find a way.

Likewise, in the 1980s my daughter was influenced by the major campaigns directed at schoolchildren to “never smoke” or to “stop smoking.” She became part of a generation that never adopted the cigarette habit and that convinced their parents to stop smoking. I was a target of her campaign and it worked.

Connected with this behavior modification concept, the “CSI Effect” from the popular television show “CSI: Crime Scene Investigation” proved to have a profound impact on careers related to forensics science. So, why can’t we lobby for and create TV shows and campaigns that would be just as effective to support existing STEM, WIT, WIC, BWIC and other such efforts?

Rather than merely being consumers of tech products, we need to instill interest in their underlying technologies. And we need to fire-up the interest in cybersecurity for girls and other minorities.

CC: What advice and encouragement would you offer women entering the cybersecurity field?

LP: My advice for anyone entering the cybersecurity field is simply to embrace the multi-disciplinary and global nature of the careers in this arena. Of course, there is a need for highly technical workers who understand concepts like secure software development, secure systems, networking and cloud computing, access control, incident handling and cyber defense.

However, cybersecurity is part of everyone’s job nowadays. Individuals in the fields of human resources, accounting and finance, law, health care, marketing, management and the like all have an obligation to understand the impact of cybersecurity on their careers.

For those girls and women inclined toward technology, do not let any imaginary barrier stop you from entering the field. For those women in non-technical fields, embrace cybersecurity and make your positions more valuable to your organization or agency. I encourage them to seek education, training and certification opportunities to “bolt-on” cybersecurity knowledge and learning that will enhance their current careers.