Roadtrip Nation and UMUC Kick Off Cross Country Cybersecurity Adventure

Roadtrip Nation

UMUC teams up with Roadtrip Nation to shine a light on this century’s most exciting and challenging career field – cybersecurity.

Jobs in the cybersecurity sector have increased by 73 percent over the past five years, making it one of the hottest career fields for America’s students and young adults. Recent headlines about cyber warfare, cyber crime, and cyber espionage demonstrate the need for qualified professionals with the skills to succeed in cybersecurity—a field that is growing 12 times faster than the average American industry.

That’s why career exploration organization Roadtrip Nation and University of Maryland University College (UMUC) are teaming up to send three people interested in cybersecurity on a three-week road trip across the nation. The journey—termed the “Cybersecurity Roadtrip”—will be filmed and produced into a one-hour documentary, set to air on public television in 2017.

The Cybersecurity Roadtrip launched officially on November 27, 2016, in New York City. Next up is a celebratory kickoff event at UMUC and the National Cryptologic Museum in Maryland on December 2. Winding their way across the country with highlighted stops in New Orleans, Austin, and Los Angeles, the road-trippers will book and conduct a slate of in-depth interviews with leaders from different specializations within the cybersecurity field.

Candidates selected for the opportunity have unique backgrounds and challenges, but all possess a passion for cybersecurity. Mansi Thakar is pursuing a master’s degree in cybersecurity, Emily Cox recently discovered a love for the field after attending an immersive coding boot camp, and Antwan King is enrolled in a master’s program in digital forensics and cyber investigation. On the journey, they expect to find new mentors and explore the diversity of career paths available within the field.

You can learn more about Roadtrip Nation, known for its New York Times best-selling career guide, award-winning documentary television series, and acclaimed classroom curriculum at roadtripnation.com and roadtripnation.org. To stay up to date on the journey, follow @RoadtripNation, @UMUC, and #CybersecurityRoadtrip on Twitter.

Cyber Awareness Month Recap and Launch of Guide to Cyber Experts

We’re kicking off November with a recap of our National Cyber Security Awareness Month postings and an announcement. On Nov. 4 we launched our Guide to Cyber Experts.

First, a little about the guide, which serves as the go-to resource for members of the media covering all facets of cybersecurity. It contains biographies of UMUC faculty experts and their specialized areas of interest. Guide users can find an expert on a wide array of cybersecurity-related topics, view more detailed information about each expert and schedule interviews.

UMUC experts featured in the guide focus on a range of areas, including:

  • Cybersecurity in healthcare and education
  • Legal and policy aspects of cybersecurity
  • Cybersecurity job landscape and careers
  • Cybersecurity and critical infrastructure
  • Computer hacking
  • Internet of Things (IoT)
  • Computer and network forensics
  • Secure software engineering
  • Current threatscape
  • Cybersecurity innovation, governance and digital strategy

And, in case you missed them, each week during the month of October we shared tips, best practices and information to help you protect your data and personal information and become more aware of cybersecurity issues in our daily lives.

  • Week 1: We launched the month with “Hack” to School, a series of tips for middle and high school students―and parents―to help them protect their identity when using smart phones, computers and social media. Check out our top-8 list of security tips and best practices from University of Maryland University College (UMUC) cybersecurity faculty.
  • Week 2: We shared our Five Proverbs to Live By. Remember those sayings you learned growing up? Valorie King, UMUC’s program chair and collegiate associate professor for cybersecurity management and policy (CSIA) advised us that those same proverbs apply to staying safe in cyberspace as well. Find out how the sayings we use to guide our children in the real world also can be applied to helping us steer away from trouble on the Internet.
  • Week 3: We shifted our focus to the professional world by offering 5 Action Items to Secure the Workplace. Cyber threats are increasing in number and sophistication. Balakrishnan Dasarathy, UMUC professor and program chair, cybersecurity and information assurance, discusses the five specific areas where organizations can minimize their vulnerabilities and exposure to threats.
  • Week 4: Finally, as a run-up to the 2016 Presidential Election, Balakrishnan Dasarathy returned to address the question: “Can Our Elections Systems Be Hacked?” What you’ll discover is that a closer examination of our election system gives us a more complete picture of the prospect of a hack and any related trust issues.

To contribute to Cyber Connections, please contact Alex Kasten at alex.kasten@umuc.edu.

Inaugural Maryland Cybersecurity Council Meeting

On Tuesday, November 10, UMUC hosted the inaugural meeting of the Maryland Cybersecurity Council, which was created by Governor Larry Hogan and is chaired by Attorney General Brian Frosh. The mission of the council is to assist and advise the state on strengthening its critical cyber infrastructure. UMUC is proud to have hosted the first meeting and to be designated to staff and support the council as it conducts its work. It was also a great privilege to welcome the council on behalf of President Miyares and to discuss UMUC’s efforts in building the critical cyber talent needed to protect our state and national information infrastructure.

As the council begins its important work, I believe it is important that the Council not only take into consideration the technical aspects but also consider equally important human, legal, policy and ethical aspects associated with cybersecurity. UMUC is also playing an important role in this effort. In response to the critical shortage of cybersecurity professionals that our state and nation face, UMUC has developed seven different cybersecurity related programs—including policy and technical-related programs—at the undergraduate and graduate levels. And since 2010, more than 4,000 new cyber professionals have graduated from UMUC and more than 8,000 students are currently enrolled.

We are proud of our efforts in this critical area and look forward to producing graduates with the skills to handle the latest and most complex cybersecurity issues facing Maryland and threatening our regional, national and global economy, as well as our national security.

Staying Protected While Connected to Social Communities

This week’s theme for National Cyber Security Awareness Month is about connected communities. Social media sites such as Facebook, LinkedIn, Twitter and Instagram allow users to communicate and share information and events with friends, family, co-workers and others. As you connect to these types of sites it is critical to be aware of the potential privacy and security issues that could surface without proper safeguards and knowledge of application privacy settings, encryption, strong passwords, two-factor authentication, and phishing schemes.

Most popular social media sites provide the ability for a user to modify their privacy settings. These privacy settings are the key to who is allowed to see the information, pictures and events posted on the site. For example, in Facebook, the privacy settings are found in the upper right corner of the interface by selecting “settings” and then privacy. Here you can determine who will see your posts along with the timeline for viewing those posts. You can also control photos that may have been tagged by someone. Before you start posting and using the social media sites, be sure you understand and set the privacy settings appropriately.

Don’t share private information on social media sites. Many hackers use social engineering techniques to gather information from you from multiple social media sites. Private information such as birth dates, social security numbers, children’s names, banking locations, and even pet names can be used to guess passwords and other information to gain access to financial or other sensitive accounts.

When logging on to any account, be sure you are using strong passwords or two-factor authentication. Strong passwords consist of numbers, symbols and mix of upper and lower case letters. Longer passwords are also more difficult to guess than shorter passwords. Two-factor authentication adds an additional layer of security by requiring two-forms of identification to access the system. For example, if you participate in Google’s two-step verification process you will be asked for your password and then for an additional piece information such as a code sent to you via text. Also, be sure the data being sent between your computer or mobile device and the web site or server is secure. HTTPS should be the default connection when accessing any accounts on remote machines.

Finally, be sure you carefully review hyperlinks provided to you in an email before you click on the link. Phishing schemes attempt to steal your account information by pretending to be your bank or another vendor and request you to login or reset a password. These emails can be quite convincing so have your IT or security expert review the email before you provide any information. These schemes have been around for quite some time and some people still fall victim to this scam.

In summary, use computer security best practices when connecting to any sites. Hackers love easy targets who share all of their private information on social web sites and use simple passwords. Don’t make their job easy. Always work to protect yourself while you are connected.

jrphoto2 Dr. James Robertson is a collegiate professor and Chair for Computer Science and the Software Development and Security programs in the undergraduate school at UMUC. Prior to joining UMUC, he worked as a Principle consultant for the Oracle corporation. Dr. Robertson has more than 20 years of technical, engineering, and information systems experience with progressively increasing responsibilities in the areas of education administration, software development, application security testing, database design and development, modeling and simulation, and data mining. He has designed and developed secure software, algorithms, and techniques for image and signal processing in federal, health and commercial industries within all phases of software life cycle.

Embracing Cybersecurity Awareness

We’re about halfway through National Cyber Security Awareness Month. I wanted to talk about the importance of securing your perimeter of online and network usage. Users tend to assume that security is an on-off switch that can be controlled or activated when and as often as needed. Experts in the cybersecurity industry are aware of this misconception. It is not sufficient to activate anti-malware and anti-virus software updates; it is also eminent to update the underlying operating system — especially when working with cloud and big data-based enterprises, both private and public.

Additional awareness should be embraced and adopted not only on wired but also wireless infrastructure. It is not as easy, but care must be exercised when accessing sites which do not begin with “https” on their URL.

The most important element is self-discipline and caution when browsing sites, downloading files, and accessing unknown or unsure sources of email. Also, training and education should be routinely and continuously conducted to educate users, managers, and IT and system administrators to follow certain password guidelines and schemes.

System recovery, backup, and updates must be routinely performed. Also, additional security algorithms must be used and devised always to combat, lessen, or deter attacks. Users must be aware of pop ups, ads, adware, malware, spyware, social engineering, and shoulder surfing, a way in which people can look over a user’s shoulder to obtain passwords or information they are inputting on their devices.

Always be leery of where you are sending and downloading your private data, especially when using the cloud. As a cloud security expert, I promote awareness of using the cloud as a convenience– but always exercise care and be alert. It is the price we pay for technological civilization. A byproduct of technological civilization and advancement is cybercrime. As we advance our technologies, we must also be prepared to secure these technologies. As such, we must also be prepared to sacrifice convenience. This is a fact.

unnamedDr. Ihssan Alkadi is an adjunct professor at UMUC and is on the faculty at Southeastern Louisiana University in the Computer Science Department. Dr. Alkadi received his B.S. in Computer Science at SLU and went on to earn his M.S. in Systems Science and his Doctoral degree in Computer Science from Louisiana State University (LSU). His areas of expertise include software engineering, and Internet, HTML, and operating systems testing. His research interests include testing in object oriented systems, systems validation, and system verification. His current research is in cloud computing security and cybersecurity.

Creating a Culture of Cybersecurity at Work

With it being National Cyber Security Awareness Month, one of the most important things to think about is whether or not you are practicing good cybersecurity habits at work. Here’s a top ten list of ideas that can help foster a culture of cybersecurity in the workplace:

  1. Institute quality cybersecurity training. Teach employees cybersecurity policies, procedures and best practices such as managing passwords, how to recognize a breach or attack and respond accordingly, and proper web browsing procedures. If there is a breach, they should know what actions to be taken such as who to contact. Training should be provided for new employees and refresher training should be conducted at least annually for regular employees. Include self-assessment security quizzes to test their knowledge of cybersecurity threats, vulnerabilities and countermeasures.
  2. Create a dynamic cybersecurity awareness program. These could include cybersecurity posters, newsletters, email reminders, token gifts with security reminders and computer log-on displays. Messages should change at least monthly to keep the information fresh. Include fun and informative events such as cybersecurity fairs, guest speakers and brown bag lunches.
  3. Gain managerial support. The CEO, other executives and managers need to announce their support and full commitment toward cybersecurity. They should also participate in cybersecurity activities. Employees will recognize that they mean business when it comes to cybersecurity.
  4. Establish sound cybersecurity policies, procedures, controls and practices. This is a basic requirement for any organization that wants to establish a culture of cybersecurity. If these policies, procedures and controls are weak, outdated and/or impractical, employees will not see the importance of cybersecurity.
  5. Ensure cybersecurity employee performance. Due to its criticality, the need for cybersecurity should be considered for inclusion in the employee’s performance appraisal to ensure that it will be addressed.
  6. Certify employee accountability. Require employees sign “acceptable use policy” statements that address requirements for cybersecurity and outline penalties for not complying with these requirements.
  7. Relate to the employee. Employees often think that they will never be victims of a breach. Share recent cybersecurity breaches that occurred in similar environments so employees can relate to possible attacks. This information can be conveyed through email or newsletters.
  8. Tie cybersecurity to every business process. Every new and existing standard operating procedure for each business process should be reviewed for possible security breaches and appropriate adjustments be made in a timely manner.
  9. Establish a cybersecurity community of interest. Have a team of employees who are well versed and/or interested in cybersecurity share information and experiences with each other and the rest of the organization. This can be accomplished through social media if there are adequate security measures.
  10. Conduct informal security checks on employees. For example, have an outside third party perform social engineering attacks to see how many employees give up their passwords.   These will certainly grab the attention of your employees. Of course, employees should not be disciplined for these actions since the security check is meant as an educational experience.

Have anything to add? Post it in the comments and keep the conversation going!

 

pangDr. Les Pang, CISSP, is a Program Chair and Associate Vice Dean in the UMUC Graduate School.  Besides several technical classes, he teaches Cyberspace and Cybersecurity (CSEC 610), the first course in the Master of Science in Cybersecurity Degree Program.  He is a former professor at the National Defense University where he taught both information security and technology courses. He was the 2004 recipient of the Drazek Teaching Excellence Award, the 2011 United States Distance Learning (USDLA) Faculty Teaching Excellence Award – Platinum, and the 2012 University System of Maryland (USM) Board of Regents Teaching Award.

Cyber Catch Up 10/5/15

Here’s what you missed last week…

It’s bad enough to have to worry about your data getting stolen. Now officials are concerned about the next front in malicious cyber activity: efforts to deliberately manipulate data. As data theft continues, banks are now looking to retailers to bear the losses. News of the VW scandal continues, and one story indicates that “the faster we upgrade our roads and autos with better capabilities to detect and analyze what’s going on in the transportation system, the better we’ll be able to find hackers, cheaters and others looking to create havoc on the highways.”

Microsoft reported that the highly suspicious Windows update that was “delivered to customers around the world was the result of a test that wasn’t correctly implemented”– but this isn’t the first time a Windows update has been compromised. As cybercriminals move from online banking to the industrial supply chain, they find the Dyreza computer trojan a useful tool. On Thursday, T-Mobile announced that about 15 million of its U.S. customers may have been exposed in a data breach at one of its vendors. Also on Thursday, it was reported that newly discovered vulnerabilities in Android’s media file processing may lead attackers to compromise devices by tricking users into visiting maliciously crafted Web pages.

Apple’s new privacy policy was announced and has been given kudos in its design and simplicity, promising personalization without sacrificing privacy. In the meantime, privacy advocates increase efforts to beat back cybersecurity information-sharing legislation. Recently, Edward Snowden and a number of his supporters put forward a proposal to curb mass state surveillance. Could this be doomed?

With National Cyber Security Awareness Month in full swing, it’s time for millennials to step up their slacking security habits— according to a recent survey, they are least likely to protect their data, despite being the most concerned with cybersecurity. According to another survey, even though IT professionals often warn their superiors about pending IT security disasters, almost half of respondents report that executive management fails to take action.

Researchers have created an AI system to detect malware in shortened Twitter links, exposing a security flaw in Twitter’s site. Speaking of malware, are you searching for celebs in your spare time? Be careful who you search for– a study shows that celebrity searches are loaded with malware. Steer clear of getting the scoop on Kelly Brook, Nick Grimshaw, Kate Middleton, Idris Elba, Frank Lampard, Jeremy Clarkson and Tom Hardy, among others.

Screen Shot 2015-09-30 at 12.36.23 PMRebecca Foss is the Director of Social Media at the University of Maryland University College (UMUC). In her current role, she is working with stakeholders across the university to develop the overall strategic approach in using social media platforms and tools globally for UMUC. She has over 15 years of marketing and communications experience and has been involved with championing social media initiatives since the early stages of the medium’s existence in 2007. Rebecca specializes in content management, creation, and curation and serves as co-editor of the Cyber Connections blog.