Cyber Connections News Roundup: May 22

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

May 22, 2018

Will Cybersecurity Be on the Table at the June Summit With North Korea?

As reported recently on http://www.newsmax.com, some members of Congress are lobbying to add cybersecurity to President Trump’s agenda for the June 12 North Korea summit in Singapore. Senator Cory Gardner (R-Colo.), who chairs the Senate subcommittee overseeing global cybersecurity and East Asia, and Senate Foreign Relations Chairman Bob Corker (R-Tenn.), believe the issue is something both parties need to talk about. Read more.

Department of Homeland Security Unveils New Strategy to Address Cyber Threats

The U.S. Department of Homeland Security on May 15 unveiled a new strategy to address the evolving threats to the nation’s cyber and critical infrastructure security. The announcement comes amid concerns about the security of the 2018 US midterm elections and numerous high-profile hacking incidents at US companies. The holistic approach to security calls for collaboration across the cybersecurity community, including partners in the federal government, state and local governments, industry, and the international community. Read more.

White House Eliminates Cybersecurity Coordinator Position

Meanwhile, the New York Times reports that the White House has eliminated the cybersecurity coordinator on the National Security Council. A memorandum circulated by an aide to the new national security adviser, John R. Bolton, said the post was no longer considered necessary because lower-level officials had already made cybersecurity issues a “core function” of the president’s national security team. Read more.

The State of Cybersecurity in Southeast Asia: Challenges Ahead

According to a survey conducted by Limelight Networks’s State of Cyber Security 2017 – Southeast Asia report, nearly 50 percent of businesses in Southeast Asia have suffered a cyber attack and more than 70 percent of businesses said they suffer financial losses as a result of hacking or data theft. A recent Techwireasia.com analysis of the Limelight Networks report suggests that the APAC region is particularly vulnerable to hackers given the speed and scope of digital transformation in that part of the world. Read more.

 

Cyber Connections News Roundup

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.


May 8, 2018


Iowa to Focus on Voting Cybersecurity

As reported on wcfcourier.com, the State of Iowa announced plans to form a multi-disciplinary group to the security of voting systems. The new Iowa Election Cybersecurity Working Group will include representatives from the U.S. and Iowa Departments of Homeland Security, the U.S. Elections Assistance Commission, the Iowa National Guard, Iowa’s Office of the Chief Information Officer, and others. Read more.

Cybersecurity to Become Ubiquitous In California

Statescoop.com reports that cybersecurity will become one of the key components of California’s Department of Technology’s vision moving forward. According to Peter Liebert, California’s chief information security officer, the state’s “Vision 2020” plan focuses on a goal of ensuring that all business conducted by the state will be delivered securely. Read more.

Leading Tech Companies Agree to Defend Customers Against Cyber Attacks

Microsoft, Facebook, Dell, LinkedIn, GitHub, among other leading tech firms, have signed the Cybersecurity Tech Accord, an agreement to defend their customers from cybercriminal and state-sponsored attacks. As reported on associationsnow.com, the group of 33 tech companies, led by Microsoft, who dubbed the effort a digital Geneva Convention. Read more.

The State of Colorado Turns to Military Veterans to Fill Cyber Jobs

As reported on forbes.com, the State of Colorado’s Governor’s Office of Information Technology is bridging the cyber skills gap by implementing a Veterans Transition Program in which veterans who are transitioning out of active duty can apply for a paid internship at the Governor’s Office of Information Technology where they can gain experience with the tools used in the public and private sectors, notably blockchain technology. Read more.

Global Telcos Establish Partnership to Combat Cyber Threats

Singtel, SoftBank, Etisalat, and Telefónica have formed a cybersecurity group to share data on threats. As reported on zdnet.com, the group, called the Global Telco Security Alliance, will offer a managed security services platform that supports customers across 60 countries in Asia-Pacific, Europe, the Middle East, and the Americas. Read more.

 

Full STEAM Ahead: UMUC Cyber Faculty Members Help Girls Fuel Futures in Tech

University of Maryland University College (UMUC) cybersecurity professors Loyce Pailen and Tamie Santiago were among panelists who shared advice with girls of all ages interested in STEAM careers.

On Saturday, Feb. 24, 2018 UMUC Cybersecurity faculty members Loyce Pailen and Tamie Santiago joined Maryland elementary, middle, and high school students at the Indian Head Parks and Recreation Center for “Fuel Your Future with STEAM,” a day long event dedicated to empowering girls and young women toward careers in science, technology, engineering and math (STEM)—with a twist.

STEAM givIndian Heades STEM added dimension and relevance by integrating traditional STEM subjects with art plus design to drive 21st century innovation. The event featured industry leaders and experts in STEAM who offered a comprehensive overview of what STEAM is, how to get involved, and how these fields can be used for personal career development.

Pailen, director of UMUC’s Center for Security Studies, and Santiago, collegiate associate professor, Cybersecurity Policy, served on the panel, which represented women in medicine, nursing, veterinary science, science, and cybersecurity. The panelists shared advice and motivations for career advancement.

LoycePailen (right) advised audience members to develop an understanding of cybersecurity early, which then may lead to a career in the field. “Young people need to grow up with an understanding of what cybersecurity is all about, its nuances, and implications,” she said. “If we can get young people engaged in cybersecurity at an early age, then we can introduce them to careers in the field because if students are not aware of careers, they won’t seek them.”

Processed with VSCO with hb2 preset

Santiago (left) stressed the importance of following your own unique path. “It’s important to chart your own path, and don’t feel like you have to have a path that resembles your peer’s,” she said. “My passion for technology actually started with curiosity and a desire to question and investigate. This led me to career opportunities.”

Other panelists stressed the importance of an advanced degree as a critical step toward a successful career as well as hurdles they encountered during their career journey. Key themes for the students also included: perseverance; focusing on your dreams regardless of what others think; advancing your career through mentorships and networking; the importance of academic success; obtaining certifications and professional development; and simply striving to be the best you can be.

 

 

 

 

 

 

Discover All You Need to Know about Access Control

A recent CSO Online article featuring UMUC adjunct Ted Wagner offers a guide to what it is, why it’s important, and who needs it the most.

What is “access control” and why is it important? Simply put, access control is the security technique for regulating who has access to your physical environment to the data in a computing environment. From a cybersecurity perspective, the ability to control who gains access to your data is critically important to the security, safety, and digital hygiene of your organization.

Much has been written about the importance of access control and its governance, but an article titled “What is access control? 5 enforcement challenges security professionals need to know” by James A. Martin pulls all of the elements of the topic together into a comprehensive explanation of what access controls are, why we need them, and the critical policy challenges for enforcing them.

The article features insights from Ted Wagner, CISO at SAP National Security Services, Inc., and adjunct assistant professor in cybersecurity at University of Maryland University College.

Read the full article.

Kick Off the New Year With a Comprehensive Cybersecurity Reading List

When you assemble your 2018 cybersecurity reading list, there may be no better place to start than with BookAuthority, a website based on thousands of recommendations made by hundreds of industry leaders. Hone your skills and increase your knowledge base by adding the following top entries from BookAuthority’s “100 Best Cyber Security Books of All Time” to your 2018 reading list.

“Blue Team Field Manual,” by Alan J. White, is a cybersecurity incident response guide aligning with the NIST Cybersecurity Framework consisting of the five core functions—identify, protect, detect, respond, and recover—by providing the steps to follow and commands to use when encountering a cybersecurity incident.

“Cyber Security Handbook: Protect Yourself Against Cyber Crime,” by W. Muse Greenwood, is an information resource to help business owners, leaders and team members develop policies and procedures.

“Future Crimes: Everything Is Connected, Everyone Is Vulnerable and What We Can Do About It,” by Marc Goodman, offers a journey into the digital underground to expose the ways in which criminals, corporations, and even countries are using new and emerging technologies.

“Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon,” by Kim Zetter, recounts the story behind the virus that sabotaged Iran’s nuclear efforts. Zetter’s book describes how a digital attack can have the same destructive capability as the most destructive bomb.

“The Plot to Hack America: How Putin’s Cyberspies and WikiLeaks Tried to Steal the 2016 Election,” by Malcolm Nance, is must reading for anyone concerned with the way in which cyber thieves hacked the Democratic National Committee and stole sensitive documents, emails, donor information, and voice mails with the singular goal of getting Donald Trump elected president.

Finally, you will want to add “Cybersecurity Leadership: Powering the Modern Organization,” by University of Maryland University College’s own Mansur Hasib, widely acclaimed as the definitive book on cybersecurity leadership and governance. It defines cybersecurity and expands upon its three key tenets—people, policy and technology.

7 Cybersecurity Predictions for 2018 – UMUC Experts Weigh in on the Future of Workforce, Skills, Disruptive Technologies and More

Cybersecurity remains a top global priority and affects just about every aspect of our lives, including politics and voting systems, national defense, artificial intelligence, social media, mobile devices, the Internet of Things (IoT), financial systems and more. As 2017 comes to a close, Cybersecurity faculty experts at the University of Maryland University College offer their industry predictions—and calls to action—for 2018 and beyond.

1. It’s the Status Quo for 2018 and a Call to Action for the Future.

Ajay Gupta, program chair of Computer Networks and Cybersecurity and faculty sponsor of the UMUC Cyber Padawans Hacking Competition team said he sees no change in the current state of the cybersecurity industry.

We’ve known for a while that we are not graduating or training enough professionals; that has not changed. We’ve also known for a while that systems in every industry are at risk, and that has not changed. Moreover, organizations across industries have not made significant improvements to their security posture even after a digital “Pearl Harbor” with the Equifax breach.

I predict that until we make measurable advances in training professionals who are equipped to mitigate risk across the digital enterprise, we will see no change.

2. There Will Be a Refocus on Developing the Cyber Workforce of the Future.

Loyce Pailen, director of UMUC’s Center for Security Studies, said that during 2018 and over the next few years, cybersecurity and cyber terrorism will continue to impact the organizational, personal, U.S. governmental and political landscapes—and that will force larger segments of society to refocus on developing the cyber workforce of the future.

I predict that the dearth of cyber-trained professionals evident in the early 2010s will reach a critical point by 2020, which will force higher education and secondary-school educators to create cybersecurity programs. Parents, community leaders and others will also begin to include—and require—cybersecurity literacy in pre-schools and primary schools.

My long-term prediction and wish is that media socialization through ad campaigns, films, books, music, gaming and other sources will make “cyber speak” so common that students will grow up to be more readily capable of appreciating and seeking cybersecurity careers.

3. The Cycle Time to Credential Qualified Cybersecurity Professionals Will Be Compressed.

Valorie King, program chair of Cybersecurity Management and Policy at UMUC predicts that workforce demands will dictate a further compression of the cycle times for educating, training, and credentialing cybersecurity professionals. Employers will seek out qualified individuals regardless of bachelor’s- or master’s-degree status and will rely on learning experiences from outside of academia. Badging and alternative forms of credentialing also will gain traction as ways of “qualifying” for entry into the career field or for advancement on a career ladder, King said.

4. Expect a Rise in Skills-Based Hacking Competitions.

Jesse Varsalone, collegiate associate professor of Computer Networks and Cybersecurity as well as head instructor for the UMUC Cyber Padawans Hacking Competition team, piggy-backs on King’s projection with his prediction that, an increasing number of businesses will come to value and support skills-based hacking competitions as a way to provide students and professionals with the critical-thinking and decision-making abilities they need to succeed in a cybersecurity career.

More organizations will come to realize that students who are actively engaged in competitions have a better opportunity to learn and demonstrate their skills. On the flip side, Varsalone said, employers will come to see that watching a student perform technical tasks in a high-pressure team environment provides a great deal more confidence for hiring.

5. The Adoption of Blockchain Technology Will Impact Cybersecurity.

Balakrishnan Dasarathy, collegiate professor and program chair for Information Assurance in UMUC’s Graduate School predicts that one area in the application space—blockchain—is going to explode in 2018 and beyond. Blockchain is the technology that supports the use of vast distributed ledgers to record any transaction and track the movement of any asset, whether tangible, intangible, or digital and open to anyone.

Blockchain technology’s disruptive aspect is its potential to eliminate intermediaries, such as government agencies, banks, clearing houses and companies like Uber, Airbnb and eBay. Blockchain provides these and other companies a measure of speed and cost savings when executing transactions. The blockchain shared, distributed and replicated ledger allows transacting parties to directly update the shared ledger for every transaction. Since parties interact directly through the shared ledger, they have to trust each other, and the transaction records in the shared ledgers should be visible only to the right parties. As such, cybersecurity technologies, specifically cryptography and access control, are critical enabling technologies for blockchain.

6. A Proliferation of Internet of Things (IoT) Will Drive Focus on Security.

Bruce deGrazia, program chair and collegiate professor of Cybersecurity said more and more devices will be connected in 2018, but security will be overlooked. We all know about IoT appliances such as refrigerators and washing machines, but unsecured children’s toys and other smaller devices will be the next frontier, deGrazia said.

7. Machine Learning Will Give Rise to Cybersecurity Challenges and Solutions.

Tamie Santiago, collegiate associate professor of Cybersecurity Policy predicts we’ll see the continued explosion of products in virtual reality, robotics, and the machine-learning space, in which artificial intelligence (AI) is a major component. Just this past year, Saudi Arabia welcomed Sophia, developed by Hanson Robotics, as the world’s first robot citizen, and UK-based AiX introduced a new AI platform for crypto trading that acts as your personal broker.

As AI spreads into every industry, new exploits and vulnerabilities will most likely arise. But, also, cybersecurity may benefit by relying on AI technology to identify attack vectors with more speed and precision.

Cybersecurity Awareness Month Wrap-up: UMUC Covered a Lot of Ground

The University of Maryland University College (UMUC) marked National Cyber Security Awareness Month this past October with a slate of events and activities that stressed the importance of leadership, workforce skills, and strategies to help businesses and the public stay safe online.

Through our Facebook Live Interview series, sponsorship of the Cyber at the Crossroads Symposium, and participation in CyberMaryland 2017, UMUC cybersecurity experts shared insights into the following:

  • How Skills-based Hacking Competitions Build Critical Thinking Skills. Ajay Gupta, chair of the Computer Networks and Cybersecurity program at UMUC, opened our Facebook Live series by discussing how these competitions build essential real-world, hands-on technical skills in data forensics, network defense, ethical hacking and other areas. Gupta suggested they also foster collaboration and develop the critical—and quick—thinking skills needed to complete complex, often unfamiliar tasks.
  • What Managers and Leaders Need to Understand About Cybersecurity. Valorie King, chair of UMUC’s Cybersecurity Management and Policy program, followed Ajay’s session with a discussion about how business leaders need to understand cybersecurity at a level that makes it possible for them to effectively lead those entrusted with safeguarding their organization’s people, processes, and technologies.
  • What’s the Difference Between Security and Cybersecurity? Finally, we concluded our Facebook Live series with Mansur Hasib, chair of UMUC’s Cybersecurity Technology program, who explained the critical distinctions between these two concepts and the role cybersecurity plays in the upper management and the healthcare space.
  • Lessons Learned from Eligible Receiver 97. On Oct. 10, UMUC hosted the daylong “Cyber at the Crossroads” symposium, co-sponsored by the National Security Agency’s Cyber Center for Education and Innovation–Home of the National Cryptologic Museum. During the event, national cybersecurity leaders from government, military, industry and academia, explored in-depth the wide-ranging implications of the secret exercise—Eligible Receiver 97—that the Pentagon conducted 20 years ago to assess the vulnerabilities of Department of Defense computer networks.
  • How to Prepare the Cyber Leaders of Tomorrow. UMUC sponsored the education track at the Cyber Maryland 2017 conference that convened on Oct. 11 at the Baltimore Convention Center. Emma Garrison-Alexander, vice dean of UMUC’s Cybersecurity & Information Assurance program, moderated the session, “Cybersecurity Leadership: Preparing the Cyber Warriors of the Future,” which highlighted best practices for achieving effective cybersecurity leadership across public and private organizations and industries, as well as local, state and federal government agencies.

To learn more about all of our activities during the month of October, read our complete coverage in the UMUC Global Media Center.