Public Policy Forum Hosted by UMUC Focuses on Personal Data and State Infrastructure

The University of Maryland University College (UMUC) recently hosted the Maryland Cybersecurity Council’s public policy forum on cybersecurity, which featured questions and answers from public and private sector experts on personal data collection and privacy protection, and infrastructure protection and incidence response.

The Dec. 6 event, organized by the Maryland Cybersecurity Council, featured opening remarks from Maryland Attorney General Brian Frosh and UMUC President Javier Miyares, followed by panel discussions with Allison Lefrak, senior attorney, Privacy and IP Protection, Federal Trade Commission (FTC); Claire Gartland, director, Consumer Privacy Project, Electronic Privacy Center; and Phyllis Schneck, chief cybersecurity official for the Department of Homeland Security (DHS). Maryland State Senator Susan Lee and Michael Greenberger, professor and director, Center for Health and Homeland Security, Carey School of Law, University of Maryland, Baltimore, moderated the panels.

What follows are some session highlights.

Reining in the “Three Vs”

High points of the panel discussion on personal data issues with Lee, Lefrak and Gartland focused on the collection and digitization of data, a top-of-mind concern to many citizens because the amount of data collected has increased due to the proliferation of pervasive communications networks.

The growth of big data, according to Lefrak, results from the “three Vs”—the volume of data that can now be collected; the velocity at which companies can collect, analyze, and harness the power of data; and the wide variety of data that companies can access and analyze.

For its part, the FTC focuses on a three-pronged approach to data protection. Enforcement is key. The agency sends a strong message to companies about the need to protect consumers. The FTC also addresses consumer privacy from a legislative standpoint through its policies. Finally, the agency educates the public to make sure that both businesses and consumers are apprised of the laws around data collection and protection.

Can federal and state governments ensure appropriate privacy protection? For starters, according to the panelists, privacy laws and courts need to reflect modern technologies. For example, video protection laws commonly use the phrase, “videotape service provider,” which is an antiquated term in today’s digital world.

The bottom line, from the FTC’s perspective, is that privacy protections are critical to maintain consumer trust. With the transition to a new administration, the state of balance among data collection, consumer privacy and consumer benefit remains to be seen.

Mitigating Large-Scale Cyber Attacks

In the panel discussion on infrastructure protection, Greenberger and Schneck discussed federal and state efforts to secure critical infrastructure and respond to incidents.

How do we bring cybersecurity together with infrastructure protection? Schneck discussed how federal sector-specific agencies work with owners and operators in each sector to develop plans to enhance their security and resiliency.

In light of federal efforts to secure the infrastructure and respond to significant incidents, what should states be doing and how can the federal government and states work in tandem?

“For the federal government, one challenge is that states constitutionally have a lot of power,” Schneck said. “The federal government has to be sensitive to this authority.”

The threat of our adversaries, whether it’s Russia, China, North Korea or Iran, is alive and well. “They are executing with an agility we have yet to enjoy,” Schneck said.

He added, “We can mitigate future attacks through data collection. If we don’t have enough data, then the cyber adversary wins because we lack the situational awareness.

“We can combat cyber attacks by arming our networks, by understanding that when a threat or computer instruction comes in, we know not to run it. It’s as simple as that.”

Cybersecurity Roadtrippers Stop in at UMUC During Their Cross Country Journey

UMUC's Antwan King and Roadtrip Nation

Fellow Roadtripper and current UMUC graduate student Antwan King meets his “cyber” superhero as the group made its way to the Washington, DC area before heading west.

On Friday, December 2, the three participants in Roadtrip Nation’s “Cybersecurity” trip, which kicked off on November 27 in New York City, made their way down to the Washington, D.C. region. During their stop in the D.C. area, a visit that included interviews with cyber leaders and a tour of the National Cryptologic Museum, roadtrippers Mansi Thakar, Emily Cox and UMUC’s own Antwan King rolled into the UMUC Academic Center at Largo to share with family members, supporters, and UMUC faculty and staff their first impressions of the trip, their career aspirations, some life lessons, and what it’s like traveling together in an RV with the cameras rolling. (Roadtrip Nation will produce a documentary about the cross-country journey that will air on public television in spring 2017.)

UMUC's Antwan King

UMUC’s Antwan King kicks off his “cyber” journey.

For UMUC’s King, the visit to DC was especially meaningful because he was able to meet his “cyber superhero,” Michael Echols, CEO of the International Association of Certified ISAOs and former director of the Cyber Joint Programs Management Office at the Department of Homeland Security.

When asked about what this opportunity meant to him, King said, “You wake up every day, you try so hard, and sometimes people tell you “no,” but now I get to talk to the people who can help me define a path and discover what works.”

For the three participants, the trip thus far has been chock full of many unique experiences. However, they all agree that driving the RV stands out as one of the most thrilling. Said Cox, “I’ve never been to any of the cities on the trip, and I’ve never even been in an RV. Now I get to drive it across the country!”

Learn more about Roadtrip Nation at roadtripnation.com and roadtripnation.org. To stay up to date on the journey, follow @RoadtripNation, @UMUC, and #CybersecurityRoadtrip on Twitter.

Roadtrip Nation and UMUC Kick Off Cross Country Cybersecurity Adventure

Roadtrip Nation

UMUC teams up with Roadtrip Nation to shine a light on this century’s most exciting and challenging career field – cybersecurity.

Jobs in the cybersecurity sector have increased by 73 percent over the past five years, making it one of the hottest career fields for America’s students and young adults. Recent headlines about cyber warfare, cyber crime, and cyber espionage demonstrate the need for qualified professionals with the skills to succeed in cybersecurity—a field that is growing 12 times faster than the average American industry.

That’s why career exploration organization Roadtrip Nation and University of Maryland University College (UMUC) are teaming up to send three people interested in cybersecurity on a three-week road trip across the nation. The journey—termed the “Cybersecurity Roadtrip”—will be filmed and produced into a one-hour documentary, set to air on public television in 2017.

The Cybersecurity Roadtrip launched officially on November 27, 2016, in New York City. Next up is a celebratory kickoff event at UMUC and the National Cryptologic Museum in Maryland on December 2. Winding their way across the country with highlighted stops in New Orleans, Austin, and Los Angeles, the road-trippers will book and conduct a slate of in-depth interviews with leaders from different specializations within the cybersecurity field.

Candidates selected for the opportunity have unique backgrounds and challenges, but all possess a passion for cybersecurity. Mansi Thakar is pursuing a master’s degree in cybersecurity, Emily Cox recently discovered a love for the field after attending an immersive coding boot camp, and Antwan King is enrolled in a master’s program in digital forensics and cyber investigation. On the journey, they expect to find new mentors and explore the diversity of career paths available within the field.

You can learn more about Roadtrip Nation, known for its New York Times best-selling career guide, award-winning documentary television series, and acclaimed classroom curriculum at roadtripnation.com and roadtripnation.org. To stay up to date on the journey, follow @RoadtripNation, @UMUC, and #CybersecurityRoadtrip on Twitter.

Cyber Awareness Month Recap and Launch of Guide to Cyber Experts

We’re kicking off November with a recap of our National Cyber Security Awareness Month postings and an announcement. On Nov. 4 we launched our Guide to Cyber Experts.

First, a little about the guide, which serves as the go-to resource for members of the media covering all facets of cybersecurity. It contains biographies of UMUC faculty experts and their specialized areas of interest. Guide users can find an expert on a wide array of cybersecurity-related topics, view more detailed information about each expert and schedule interviews.

UMUC experts featured in the guide focus on a range of areas, including:

  • Cybersecurity in healthcare and education
  • Legal and policy aspects of cybersecurity
  • Cybersecurity job landscape and careers
  • Cybersecurity and critical infrastructure
  • Computer hacking
  • Internet of Things (IoT)
  • Computer and network forensics
  • Secure software engineering
  • Current threatscape
  • Cybersecurity innovation, governance and digital strategy

And, in case you missed them, each week during the month of October we shared tips, best practices and information to help you protect your data and personal information and become more aware of cybersecurity issues in our daily lives.

  • Week 1: We launched the month with “Hack” to School, a series of tips for middle and high school students―and parents―to help them protect their identity when using smart phones, computers and social media. Check out our top-8 list of security tips and best practices from University of Maryland University College (UMUC) cybersecurity faculty.
  • Week 2: We shared our Five Proverbs to Live By. Remember those sayings you learned growing up? Valorie King, UMUC’s program chair and collegiate associate professor for cybersecurity management and policy (CSIA) advised us that those same proverbs apply to staying safe in cyberspace as well. Find out how the sayings we use to guide our children in the real world also can be applied to helping us steer away from trouble on the Internet.
  • Week 3: We shifted our focus to the professional world by offering 5 Action Items to Secure the Workplace. Cyber threats are increasing in number and sophistication. Balakrishnan Dasarathy, UMUC professor and program chair, cybersecurity and information assurance, discusses the five specific areas where organizations can minimize their vulnerabilities and exposure to threats.
  • Week 4: Finally, as a run-up to the 2016 Presidential Election, Balakrishnan Dasarathy returned to address the question: “Can Our Elections Systems Be Hacked?” What you’ll discover is that a closer examination of our election system gives us a more complete picture of the prospect of a hack and any related trust issues.

To contribute to Cyber Connections, please contact Alex Kasten at alex.kasten@umuc.edu.

Inaugural Maryland Cybersecurity Council Meeting

On Tuesday, November 10, UMUC hosted the inaugural meeting of the Maryland Cybersecurity Council, which was created by Governor Larry Hogan and is chaired by Attorney General Brian Frosh. The mission of the council is to assist and advise the state on strengthening its critical cyber infrastructure. UMUC is proud to have hosted the first meeting and to be designated to staff and support the council as it conducts its work. It was also a great privilege to welcome the council on behalf of President Miyares and to discuss UMUC’s efforts in building the critical cyber talent needed to protect our state and national information infrastructure.

As the council begins its important work, I believe it is important that the Council not only take into consideration the technical aspects but also consider equally important human, legal, policy and ethical aspects associated with cybersecurity. UMUC is also playing an important role in this effort. In response to the critical shortage of cybersecurity professionals that our state and nation face, UMUC has developed seven different cybersecurity related programs—including policy and technical-related programs—at the undergraduate and graduate levels. And since 2010, more than 4,000 new cyber professionals have graduated from UMUC and more than 8,000 students are currently enrolled.

We are proud of our efforts in this critical area and look forward to producing graduates with the skills to handle the latest and most complex cybersecurity issues facing Maryland and threatening our regional, national and global economy, as well as our national security.

Staying Protected While Connected to Social Communities

This week’s theme for National Cyber Security Awareness Month is about connected communities. Social media sites such as Facebook, LinkedIn, Twitter and Instagram allow users to communicate and share information and events with friends, family, co-workers and others. As you connect to these types of sites it is critical to be aware of the potential privacy and security issues that could surface without proper safeguards and knowledge of application privacy settings, encryption, strong passwords, two-factor authentication, and phishing schemes.

Most popular social media sites provide the ability for a user to modify their privacy settings. These privacy settings are the key to who is allowed to see the information, pictures and events posted on the site. For example, in Facebook, the privacy settings are found in the upper right corner of the interface by selecting “settings” and then privacy. Here you can determine who will see your posts along with the timeline for viewing those posts. You can also control photos that may have been tagged by someone. Before you start posting and using the social media sites, be sure you understand and set the privacy settings appropriately.

Don’t share private information on social media sites. Many hackers use social engineering techniques to gather information from you from multiple social media sites. Private information such as birth dates, social security numbers, children’s names, banking locations, and even pet names can be used to guess passwords and other information to gain access to financial or other sensitive accounts.

When logging on to any account, be sure you are using strong passwords or two-factor authentication. Strong passwords consist of numbers, symbols and mix of upper and lower case letters. Longer passwords are also more difficult to guess than shorter passwords. Two-factor authentication adds an additional layer of security by requiring two-forms of identification to access the system. For example, if you participate in Google’s two-step verification process you will be asked for your password and then for an additional piece information such as a code sent to you via text. Also, be sure the data being sent between your computer or mobile device and the web site or server is secure. HTTPS should be the default connection when accessing any accounts on remote machines.

Finally, be sure you carefully review hyperlinks provided to you in an email before you click on the link. Phishing schemes attempt to steal your account information by pretending to be your bank or another vendor and request you to login or reset a password. These emails can be quite convincing so have your IT or security expert review the email before you provide any information. These schemes have been around for quite some time and some people still fall victim to this scam.

In summary, use computer security best practices when connecting to any sites. Hackers love easy targets who share all of their private information on social web sites and use simple passwords. Don’t make their job easy. Always work to protect yourself while you are connected.

jrphoto2 Dr. James Robertson is a collegiate professor and Chair for Computer Science and the Software Development and Security programs in the undergraduate school at UMUC. Prior to joining UMUC, he worked as a Principle consultant for the Oracle corporation. Dr. Robertson has more than 20 years of technical, engineering, and information systems experience with progressively increasing responsibilities in the areas of education administration, software development, application security testing, database design and development, modeling and simulation, and data mining. He has designed and developed secure software, algorithms, and techniques for image and signal processing in federal, health and commercial industries within all phases of software life cycle.

Embracing Cybersecurity Awareness

We’re about halfway through National Cyber Security Awareness Month. I wanted to talk about the importance of securing your perimeter of online and network usage. Users tend to assume that security is an on-off switch that can be controlled or activated when and as often as needed. Experts in the cybersecurity industry are aware of this misconception. It is not sufficient to activate anti-malware and anti-virus software updates; it is also eminent to update the underlying operating system — especially when working with cloud and big data-based enterprises, both private and public.

Additional awareness should be embraced and adopted not only on wired but also wireless infrastructure. It is not as easy, but care must be exercised when accessing sites which do not begin with “https” on their URL.

The most important element is self-discipline and caution when browsing sites, downloading files, and accessing unknown or unsure sources of email. Also, training and education should be routinely and continuously conducted to educate users, managers, and IT and system administrators to follow certain password guidelines and schemes.

System recovery, backup, and updates must be routinely performed. Also, additional security algorithms must be used and devised always to combat, lessen, or deter attacks. Users must be aware of pop ups, ads, adware, malware, spyware, social engineering, and shoulder surfing, a way in which people can look over a user’s shoulder to obtain passwords or information they are inputting on their devices.

Always be leery of where you are sending and downloading your private data, especially when using the cloud. As a cloud security expert, I promote awareness of using the cloud as a convenience– but always exercise care and be alert. It is the price we pay for technological civilization. A byproduct of technological civilization and advancement is cybercrime. As we advance our technologies, we must also be prepared to secure these technologies. As such, we must also be prepared to sacrifice convenience. This is a fact.

unnamedDr. Ihssan Alkadi is an adjunct professor at UMUC and is on the faculty at Southeastern Louisiana University in the Computer Science Department. Dr. Alkadi received his B.S. in Computer Science at SLU and went on to earn his M.S. in Systems Science and his Doctoral degree in Computer Science from Louisiana State University (LSU). His areas of expertise include software engineering, and Internet, HTML, and operating systems testing. His research interests include testing in object oriented systems, systems validation, and system verification. His current research is in cloud computing security and cybersecurity.