Cyber Connections News Roundup: Sept. 25

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

New Document Lays Out Trump Administration Cyber Strategy

The new White House cybersecurity strategy, announced on Sept. 21, according to national security adviser John Bolton, suggests a more aggressive posture, including authorizing offensive cyber operations against foreign adversaries. The directive — called National Security Presidential Memorandum 13, or NSPM 13 – aims to deter malicious actors from launching digital attacks against the United States. However some argue that the 40-page document lacks new proposals, according to a recent Washington Post report. Read more.

Three “Out of the Box” Solutions for Closing the Cyber Skills Gap

Recently on http://www.wsj.com, Janaki Chadha reported on three proposals for closing the cybersecurity skills gap – a “Cybersecurity Peace Corps” (proposed by Scott Shackelford, chair of the cybersecurity program at Indiana University, Bloomington); a Cyber ROTC (proposed by Michèle Flournoy, a former senior official in the Defense Department); and financial incentives in the form of tax breaks for employers that develop training programs for cybersecurity jobs. Read more.

US House Introduces Cyber Workforce Bill

In other cybersecurity workforce news, http://www.zdnet.com reported that US lawmakers have introduced a bipartisan bill meant to address the current shortage of cybersecurity professionals. The bill, called the Cyber Ready Workforce Act (H.R.6791), would establish a grant program within the Department of Labor to support the creation, implementation, and expansion of apprenticeship programs in cybersecurity. Read more.

Many US Adults Lack Awareness of Cyber Careers According to New Survey

Meanwhile, a recent report on http://www.securityboulevard.com suggests that closing the cybersecurity skills gap may be difficult because many adults lack awareness of the opportunities in the field. A new national University of Phoenix survey found that 80 percent of U.S. adults have never considered a career in cybersecurity. These findings owe a lot to a greater lack of awareness and familiarity with cyber jobs and job titles, according to the report. Read more.

Healthcare Industry Must Keep Pace With Growing Number of Cyber Threats to Mobile Devices

A recent article on http://www.healthtechmagazine.net outlines what healthcare organizations must to do to keep pace with the inherent cybersecurity threats to the growing number of health mobility programs available to patients and medical staff. The article cited 2017 HIMSS Cybersecurity Survey data, which indicate that health industry users are generally aware of phishing or typical threats that affect a desktop computer, but less aware of threats that impact mobile devices such as smartphones or tablets. Read more.

Cyber Connections News Roundup: August 28

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

August 28, 2018

Are Supercomputers Ready to Combat Cyber Threats

Supercomputers may be evolving, but many believe they remain impractical for solving security challenges. In June 2018, a new winner was crowned as the world’s fastest supercomputer, with the US taking the honors back from China. Oak Ridge National Lab’s Summit supercomputer can process more than 122 petaflops –122 thousand trillion floating-point operations per second. Supercomputers can have application in cybersecurity as well, but, according to experts, the days when that’s a reality are far ahead. Read more.

12 TED Talks That Will Change the Way You Look at Business Cybersecurity

From http://www.varonis.com comes a list of its top 12 TED Talks on cybersecurity. These discussions touch on everything from how to create a strong password to the impact hackers have on world peace. Find out if your business is ready to face its next cyber threat. Read more.

Is New NIST Law Aimed at Helping Small Businesses with Cybersecurity Effective?

The president recently signed into law the NIST Small Business Cybersecurity Act, S.770, originally introduced as the Main Street Cybersecurity Act. This law mandates that NIST (National Institute of Standards and Technology) produce and disseminate educational materials to help small businesses improve their cybersecurity posture. The website http://www.seacoastonline.com offers a succinct overview of the measure plus some invaluable commentary on its effectiveness. Read more.

Google Parent Company Alphabet Closer to Going Public With New Cybersecurity Platform

According to a recent report on http://www.cnbc.com, Google’s parent company, Alphabet, has revealed additional details on its new cybersecurity company, called Chronicle. Last year, Alphabet announced the company, but held back on much of the details. Recently, though, Chronicle CEO Stephen Gillett sat down with CNBC to offer some new details about the company’s direction, including plans to deliver “planet-scale” security services to large corporations. Read more.

Steps Healthcare Organizations Must Take to Combat Growing Cyber Threats

A recent article in HealthTech Magazine offers an overview of the cyber threats faced by healthcare organizations, the latest breach trends and security best practices for providers. To help meet today’s cyber challenges, healthcare organizations should first and foremost view cybersecurity as a business risk rather than just a technical challenge. Read more.

7 Cybersecurity Predictions for 2018 – UMUC Experts Weigh in on the Future of Workforce, Skills, Disruptive Technologies and More

Cybersecurity remains a top global priority and affects just about every aspect of our lives, including politics and voting systems, national defense, artificial intelligence, social media, mobile devices, the Internet of Things (IoT), financial systems and more. As 2017 comes to a close, Cybersecurity faculty experts at the University of Maryland University College offer their industry predictions—and calls to action—for 2018 and beyond.

1. It’s the Status Quo for 2018 and a Call to Action for the Future.

Ajay Gupta, program chair of Computer Networks and Cybersecurity and faculty sponsor of the UMUC Cyber Padawans Hacking Competition team said he sees no change in the current state of the cybersecurity industry.

We’ve known for a while that we are not graduating or training enough professionals; that has not changed. We’ve also known for a while that systems in every industry are at risk, and that has not changed. Moreover, organizations across industries have not made significant improvements to their security posture even after a digital “Pearl Harbor” with the Equifax breach.

I predict that until we make measurable advances in training professionals who are equipped to mitigate risk across the digital enterprise, we will see no change.

2. There Will Be a Refocus on Developing the Cyber Workforce of the Future.

Loyce Pailen, director of UMUC’s Center for Security Studies, said that during 2018 and over the next few years, cybersecurity and cyber terrorism will continue to impact the organizational, personal, U.S. governmental and political landscapes—and that will force larger segments of society to refocus on developing the cyber workforce of the future.

I predict that the dearth of cyber-trained professionals evident in the early 2010s will reach a critical point by 2020, which will force higher education and secondary-school educators to create cybersecurity programs. Parents, community leaders and others will also begin to include—and require—cybersecurity literacy in pre-schools and primary schools.

My long-term prediction and wish is that media socialization through ad campaigns, films, books, music, gaming and other sources will make “cyber speak” so common that students will grow up to be more readily capable of appreciating and seeking cybersecurity careers.

3. The Cycle Time to Credential Qualified Cybersecurity Professionals Will Be Compressed.

Valorie King, program chair of Cybersecurity Management and Policy at UMUC predicts that workforce demands will dictate a further compression of the cycle times for educating, training, and credentialing cybersecurity professionals. Employers will seek out qualified individuals regardless of bachelor’s- or master’s-degree status and will rely on learning experiences from outside of academia. Badging and alternative forms of credentialing also will gain traction as ways of “qualifying” for entry into the career field or for advancement on a career ladder, King said.

4. Expect a Rise in Skills-Based Hacking Competitions.

Jesse Varsalone, collegiate associate professor of Computer Networks and Cybersecurity as well as head instructor for the UMUC Cyber Padawans Hacking Competition team, piggy-backs on King’s projection with his prediction that, an increasing number of businesses will come to value and support skills-based hacking competitions as a way to provide students and professionals with the critical-thinking and decision-making abilities they need to succeed in a cybersecurity career.

More organizations will come to realize that students who are actively engaged in competitions have a better opportunity to learn and demonstrate their skills. On the flip side, Varsalone said, employers will come to see that watching a student perform technical tasks in a high-pressure team environment provides a great deal more confidence for hiring.

5. The Adoption of Blockchain Technology Will Impact Cybersecurity.

Balakrishnan Dasarathy, collegiate professor and program chair for Information Assurance in UMUC’s Graduate School predicts that one area in the application space—blockchain—is going to explode in 2018 and beyond. Blockchain is the technology that supports the use of vast distributed ledgers to record any transaction and track the movement of any asset, whether tangible, intangible, or digital and open to anyone.

Blockchain technology’s disruptive aspect is its potential to eliminate intermediaries, such as government agencies, banks, clearing houses and companies like Uber, Airbnb and eBay. Blockchain provides these and other companies a measure of speed and cost savings when executing transactions. The blockchain shared, distributed and replicated ledger allows transacting parties to directly update the shared ledger for every transaction. Since parties interact directly through the shared ledger, they have to trust each other, and the transaction records in the shared ledgers should be visible only to the right parties. As such, cybersecurity technologies, specifically cryptography and access control, are critical enabling technologies for blockchain.

6. A Proliferation of Internet of Things (IoT) Will Drive Focus on Security.

Bruce deGrazia, program chair and collegiate professor of Cybersecurity said more and more devices will be connected in 2018, but security will be overlooked. We all know about IoT appliances such as refrigerators and washing machines, but unsecured children’s toys and other smaller devices will be the next frontier, deGrazia said.

7. Machine Learning Will Give Rise to Cybersecurity Challenges and Solutions.

Tamie Santiago, collegiate associate professor of Cybersecurity Policy predicts we’ll see the continued explosion of products in virtual reality, robotics, and the machine-learning space, in which artificial intelligence (AI) is a major component. Just this past year, Saudi Arabia welcomed Sophia, developed by Hanson Robotics, as the world’s first robot citizen, and UK-based AiX introduced a new AI platform for crypto trading that acts as your personal broker.

As AI spreads into every industry, new exploits and vulnerabilities will most likely arise. But, also, cybersecurity may benefit by relying on AI technology to identify attack vectors with more speed and precision.

Combating Ransomware Attacks: The Reasons for Their Rise and the Ways We Can Prevent Them

As has been widely reported, a new wave of cyberattacks has hit Europe, possibly a reprise of the widespread ransomware assault in May that affected 150 countries.

Ransomware, typically delivered via malicious email or infected third-party websites, is a family of malware that either blocks access to a PC, server, or mobile device or encrypts all the data stored on that machine. Similar to a kidnapping or hijacking with a ransom demanded in return for release, the perpetrator of a ransomware attack takes possession of valuable data or files belonging to individuals or businesses and then demands payment in the form of electronic currency called “Bitcoin” for their return.

According to a report earlier this year by NBC News writer Herb Weisbaum, citing the FBI, ransomware payments for 2016 are expected to hit a billion dollars compared to the $24 million paid in 2015. And that figure is expected to rise, with more victims and more money lost. Why the dramatic rise?

  1. Easier access to technology. Criminals have increased access to sophisticated technology to conduct these attacks. Even highly sophisticated tools developed by NSA and other similar advanced tools are now in the hands of criminals. Also, criminals are making continuous improvements to such technology, and have banded together to turn this type of crime into an organized business.
  2. Increased profitability. The business of ransomware has become highly profitable. Therefore, highly talented programmers are choosing to make this their profession— and they are making a lot of money in this way.
  3. Organizations are lagging in innovation. Arguably, the most important reason is that individuals and organizations are not paying attention to continuous improvement or innovation in the technology they use or the protection systems they have in place. Without innovation, such individuals become sitting ducks. Without innovation, regardless of how good your technology is, hackers will eventually get in. Because the probability of a higher payout with organizations is greater, criminals are targeting organizations at a higher rate. However, everyday computer users are also being targeted.

Shegoftah Nasreen Queen (SNQ), Bangla Service, Voice of America, recently interviewed Dr. Mansur Hasib, program chair, Cybersecurity Technology, The Graduate School at the University of Maryland University College, to learn more about the reasons for the rise and solutions for combating this pervasive cyber threat. Read the full interview.

The Internet of Things Is Changing the Way We Live—Should We Be Worried?

The Internet of Things (IoT) is on the rise, and so are the threats associated with the interconnectedness of our devices. Eighty four percent of organizations that have adopted IoT report experiencing at least one IoT-related security breach—and 93 percent of executives expect IoT security breaches to occur in the future—according to a February 2017 Aruba Networks study. Malware, spyware, and human error are the most common problems the study also reported.

It’s widely accepted that the number of IoT security breaches will only grow in the near future. To quote a 2016 Forrester Research report: “When smart thermostats alone exceed one million devices, it’s not hard to imagine a vulnerability that can easily exceed the scale of other common web vulnerabilities, especially if multiple IoT solutions include the same open source component.”

IoT affects everyone, not just large corporations with industrial equipment. From smart thermostats to smart refrigerators, dishwashers, and washers and dryers, we’re all part of the landscape and vulnerable to threats.

What are we to make of the proliferation of the IoT and how concerned should we be?

For answers, read the white paper by Balakrishnan Dasarathy, UMUC collegiate professor and program chair for information assurance, The Graduate School.

Cyber Awareness Month Recap and Launch of Guide to Cyber Experts

We’re kicking off November with a recap of our National Cyber Security Awareness Month postings and an announcement. On Nov. 4 we launched our Guide to Cyber Experts.

First, a little about the guide, which serves as the go-to resource for members of the media covering all facets of cybersecurity. It contains biographies of UMUC faculty experts and their specialized areas of interest. Guide users can find an expert on a wide array of cybersecurity-related topics, view more detailed information about each expert and schedule interviews.

UMUC experts featured in the guide focus on a range of areas, including:

  • Cybersecurity in healthcare and education
  • Legal and policy aspects of cybersecurity
  • Cybersecurity job landscape and careers
  • Cybersecurity and critical infrastructure
  • Computer hacking
  • Internet of Things (IoT)
  • Computer and network forensics
  • Secure software engineering
  • Current threatscape
  • Cybersecurity innovation, governance and digital strategy

And, in case you missed them, each week during the month of October we shared tips, best practices and information to help you protect your data and personal information and become more aware of cybersecurity issues in our daily lives.

  • Week 1: We launched the month with “Hack” to School, a series of tips for middle and high school students―and parents―to help them protect their identity when using smart phones, computers and social media. Check out our top-8 list of security tips and best practices from University of Maryland University College (UMUC) cybersecurity faculty.
  • Week 2: We shared our Five Proverbs to Live By. Remember those sayings you learned growing up? Valorie King, UMUC’s program chair and collegiate associate professor for cybersecurity management and policy (CSIA) advised us that those same proverbs apply to staying safe in cyberspace as well. Find out how the sayings we use to guide our children in the real world also can be applied to helping us steer away from trouble on the Internet.
  • Week 3: We shifted our focus to the professional world by offering 5 Action Items to Secure the Workplace. Cyber threats are increasing in number and sophistication. Balakrishnan Dasarathy, UMUC professor and program chair, cybersecurity and information assurance, discusses the five specific areas where organizations can minimize their vulnerabilities and exposure to threats.
  • Week 4: Finally, as a run-up to the 2016 Presidential Election, Balakrishnan Dasarathy returned to address the question: “Can Our Elections Systems Be Hacked?” What you’ll discover is that a closer examination of our election system gives us a more complete picture of the prospect of a hack and any related trust issues.

To contribute to Cyber Connections, please contact Alex Kasten at alex.kasten@umuc.edu.

Embracing Cybersecurity Awareness

We’re about halfway through National Cyber Security Awareness Month. I wanted to talk about the importance of securing your perimeter of online and network usage. Users tend to assume that security is an on-off switch that can be controlled or activated when and as often as needed. Experts in the cybersecurity industry are aware of this misconception. It is not sufficient to activate anti-malware and anti-virus software updates; it is also eminent to update the underlying operating system — especially when working with cloud and big data-based enterprises, both private and public.

Additional awareness should be embraced and adopted not only on wired but also wireless infrastructure. It is not as easy, but care must be exercised when accessing sites which do not begin with “https” on their URL.

The most important element is self-discipline and caution when browsing sites, downloading files, and accessing unknown or unsure sources of email. Also, training and education should be routinely and continuously conducted to educate users, managers, and IT and system administrators to follow certain password guidelines and schemes.

System recovery, backup, and updates must be routinely performed. Also, additional security algorithms must be used and devised always to combat, lessen, or deter attacks. Users must be aware of pop ups, ads, adware, malware, spyware, social engineering, and shoulder surfing, a way in which people can look over a user’s shoulder to obtain passwords or information they are inputting on their devices.

Always be leery of where you are sending and downloading your private data, especially when using the cloud. As a cloud security expert, I promote awareness of using the cloud as a convenience– but always exercise care and be alert. It is the price we pay for technological civilization. A byproduct of technological civilization and advancement is cybercrime. As we advance our technologies, we must also be prepared to secure these technologies. As such, we must also be prepared to sacrifice convenience. This is a fact.

unnamedDr. Ihssan Alkadi is an adjunct professor at UMUC and is on the faculty at Southeastern Louisiana University in the Computer Science Department. Dr. Alkadi received his B.S. in Computer Science at SLU and went on to earn his M.S. in Systems Science and his Doctoral degree in Computer Science from Louisiana State University (LSU). His areas of expertise include software engineering, and Internet, HTML, and operating systems testing. His research interests include testing in object oriented systems, systems validation, and system verification. His current research is in cloud computing security and cybersecurity.