Cyber Connections News Roundup: December 31

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

December 31, 2019

UMGC Cyber Faculty Members’ Predictions for 2020

Cybersecurity faculty members of University of Maryland Global Campus offer their top five trends and predictions for the New Year. As we head into a new decade in the 21st century, one prediction is almost certain. The sophistication and number of cyber attacks perpetrated globally most likely will rise, but some questions remain. Will attackers focus on emerging technologies like artificial intelligence and cloud computing? Will new attack vectors proliferate, replacing the tried and true methods? Read more.

Heading into 2020, Women Still Face Roadblocks in Cybersecurity

A recent podcast on examines the challenges and opportunities that women face in the cybersecurity landscape. As the tech industry faces challenges around diversity in general, women are still particularly underrepresented. Threat Post recently sat down with Jessica LaBouve, a pen tester with A-LIGN, to discuss the personal challenges she’s faced in the cybersecurity industry and the opportunities in the space that she sees for improvement. Read more.

U.S. Navy Bans TikTok for Fear of Cybersecurity Threats

According to a recent article on, The United States Navy has issued a blanket ban on the Chinese-owned social media app, TikTok, saying the app may present a cybersecurity threat to service members. A bulletin issued by the Navy said government-issued mobile devices with TikTok installed would be blocked from the Navy Marine Corps Intranet. However, the bulletin did not describe what threat the app may represent. The app is currently part of an ongoing U.S. investigation, despite being popular among teenagers. Read more.

Cino Launches Cybersecurity Program for Hotel Guests

The Marriott International data breach of 2018 highlighted just how vulnerable hotels are to cyber attacks. In response, Cino, a full-service risk management, cybersecurity and training company, has launched a new product designed to protect hotel guests’ personal data from cyber criminals, according to an article on The product, Cyber Safe Travel, is powered by StrikeForce Technology’s military-grade technology. It provides protection for hotel guests’ mobile devices using keystroke encryption, advanced login breach protection and sophisticated screen scraper technologies. In addition, Cyber Safe Travel has a click-jacking attack-warning feature to help mitigate cyber threats. The product was first introduced at the October meeting of the Hotel Financial and Technology Professionals, New York Chapter. Read more.

Cybersecurity for Rural Communities Is Often Neglected

An article on points out that while attacks on large U.S. cities have had significant financial and operational impact, these same kinds of attacks, on a much smaller scale, can have a much more significant impact on smaller, more rural communities.  The August 2019 malware attack on 22 Texas communities is a recent example of this. Rural communities often lack the proactive planning and infrastructure to mitigate the damage caused by these threats. In the case of the Texas attacks, many business and financial functions of the communities affected were paralyzed. The article takes an in-depth look at how these communities responded and what must be done in the future to prevent these attacks. Read more.


Five Cybersecurity Trends to Watch Out for in 2020

Cybersecurity faculty members of University of Maryland Global Campus offer their top five trends and predictions for the New Year.

As we head into a new decade in the 21st century, one prediction is almost certain. The sophistication and number of cyber attacks perpetrated globally most likely will rise, but some questions remain. Will attackers focus on emerging technologies like artificial intelligence and cloud computing? Will new attack vectors proliferate, replacing the tried and true methods?

Arguably, the greatest challenge in the cybersecurity space for 2020 and beyond will be closing the workforce gap and maintaining a pipeline of skilled cybersecurity experts who are equipped with the tools, skills and leadership experience necessary to combat an ever-changing threat landscape. According to CyberSeek, the US faced a shortfall of almost 314,000 cybersecurity professionals as of January 2019. A recent Frost & Sullivan report predicts that by 2022 the global cybersecurity workforce shortage will reach upwards of 1.8 million unfilled positions.

Two significant developments in 2019 foresee a big year for us UMGC, too. First, effective July 1, 2019, we changed our name from University of Maryland University College to University of Maryland Global Campus to better communicate our status as a respected state university that brings higher education to working adults no matter where life takes them. Second, with an eye on the future, University of Maryland Global Campus has, through a recent realignment, created a School of Cybersecurity and Information Technology, which will further solidify our leadership role in addressing a rapidly changing menu of competencies and skills needed to work in cybersecurity.

From the faculty of the School of Cybersecurtiy and Information Technology, here are our top five cybersecurity trends we think will impact businesses and consumers in 2020:

  1. Artificial Intelligence (AI) will continue to gain popularity.AI is being touted as a possible solution to many human-centric needs, including more accessible healthcare to national security in the form of military robots.  In 2020 AI will use object detection algorithms to improve neural networks so that they are robust and large scale. By improving the neural networks, AI will become more mainstream, applying algorithms to efficiently process large volumes of data to produce results that improve human lives and enterprise operations.
  2. AI tools will both benefit and hinder cybersecurity. Piggy backing on the gaining popularity of AT, as companies continue to launch easy-to-use artificial intelligence tools and technology, cybersecurity will reap the benefits of added automated protection, but also will suffer from smarter, more efficiently organized attacks.
  3. Blockchain technology will enhance data communication systems. Blockchain technology is projected to make a significant impact in security data communication systems. The issue is leakage of data during transit and at rest, and this solution combines key-value pairs with encrypted values, access control policies, and policy and attribute enforcement engines to mitigate data leakage. Integrating a blockchain platform, such as IBM Hyperledger Fabric, ensures integrity of source data, which is essential to investigate data leakage incidents, and allows verification of data transactions for future analysis.
  4. Standards and regulation for autonomous vehicles. Autonomous vehicles are under development or production at most carmakers, and with multiple manufacturers across the globe, regulations are needed to address potential issues with safety, ethics, and personal privacy.
  5. Cloud attacks will continue to rise. As companies continue to migrate to the cloud, rushed schedules combined with a shortage of highly skilled cloud security professionals will cause an increase in cloud attacks and vulnerabilities.



Cyber Connections News Roundup: October 22

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

October 22, 2019

It’s National Cybersecurity Awareness Month: UMGC Students, Alumni and Faculty Experts Share Their Tips for Staying Safe

Check out our University of Maryland Global Campus three-part video series offering tips and insights to help you understand and secure your digital profile at home and at work. Read more.

Making the Case for a Risk-Based Approach to Cybersecurity in the Financial Services Industry

We have no definable network perimeter to protect, according to a recent article on With thousands of mobile devices connecting to networks through cloud-based applications that access critical and sensitive data from a variety of hybrid cloud environments, the article supports the argument that it’s time to adopt a truly risk-based approach to cybersecurity to enable us to focus on protecting data itself, rather than on endpoints, networks, and identity. Read more.

Supply Chain Hacks Are On the Rise for Phishing Scams

According to Verizon’s latest Data Breach Investigations Report, email is the channel used in 94% of attacks where hackers target executives for phishing schemes. A recent article on describes how hackers are now employing creative approaches to what are known as “supply chain” attacks, which use an organization’s associates, like outsourcing companies, to spread their attacks across that entity’s network of partners and vendors. Read more.

Is Insurance a Viable Solution to Growing Cybersecurity Challenges?

A recent article on makes the case. Given the increasing frequency of cyber breaches, along with the presence of more varied and evolving threats, how do we address the perpetual uncertainty about whether the cybersecurity industry can protect us? The article argues that since cybersecurity providers can’t guarantee the effectiveness of a cyber solution, and since it is difficult to accurately quantify the cost/benefit of a cyber strategy, then cybersecurity insurance may provide the path toward a way to reduce risk and incentivize clients to take preventative measures. Read more.

Open Cybersecurity Alliance Aims to Unite a Fragmented Landscape with Common, Open Source Code and Practices

On October 8, 2019, the OASIS international consortium announced the Open Cybersecurity Alliance (OCA), an industry initiative to bring interoperability and data sharing across cybersecurity products. IBM and McAfee have contributed the initial open source content and code. Formed under the auspices of OASIS, OCA brings together organizations and individuals from around the world to develop open source security technologies, which can freely exchange information, insights, analytics, and orchestrated responses. Read more.

Cybersecurity Challenges Lie Ahead for Next Generation 9-1-1 in Maryland

By Balakrishnan Dasarathy

The state of Maryland, along with many other states, is in the process of evolving its current largely telephony based 9-1-1 emergency handling systems to the Next Generation 9-1-1 (NG9-1-1) systems, as described in the final report by the Commission to Advance NextGen 9-1-1 Across Maryland. Although the benefits to a digital emergency handling system are vast, the migration to a more open IP-based system also raises a number of security threats that must be addressed to ensure success.

Current 9-1-1 services typically operate over standard telephone networks and, as such, mainly support requests through a voice call. The NG9-1-1 systems will all operate on a nation-wide digital network using the Internet Protocol (IP) technology, enabling interconnection with a wide range of public and private networks supporting emergency assistance from regular phone networks, wireless networks and the Internet.

One of the main benefits of the migration to NG9-1-1 systems is that they will allow Public Safety Answering Point (PSAPs) staff to accept and process a range of information from the public and responders, including text, images, video and voice. Moreover, non-humans such as collision detection systems in automobiles and home health monitoring IoT devices will be able to initiate requests not in the too distant future.

Overall, NG9-1-1 will be able to enable more situational awareness for dispatchers and responders. Because of the connectedness of the Internet, PSAPs can be consolidated and backups for a PSAP can be dynamically called upon nationally (not just regionally) to handle large-scale emergency situations, as encountered during the attacks of September 11, 2001. PSAP IT resources such as logging and recording and location look up services can be shared. In short, emergency handling will be far more resilient and economical with NG9-1-1 than they are today.

Although cyber attacks such as Telephony Denial of Service (TDoS) and Radio Frequency (RF) jamming attacks have compromised current 9-1-1 systems, the migration to NG9-1-1 systems invites a host of additional threats. As NG9-1-1 networks and systems are more open and connected than today’s closed telephony-based 9-1-1 systems, their attack surfaces are much larger.

NG9-1-1 systems can be subject to several types cybersecurity attacks that would hamper their availability, and affect confidentiality and integrity of data critical to the handling of emergencies. These new threats include:

  • Telephone Denial of Service Attacks (TDOS): Calls jam a PSAP administrator line or 9-1-1 lines. This type of attack already happened in October 2016 via compromised cell phones.
  • Ransomware. Use of malware to prevent access to computer systems for the purpose of extorting a ransom. The City of Baltimore emergency 9-1-1 system dispatch and recording servers were subject to this attack in March 2018.
  • Malware attacks. More generally, a malware in the form of a worm spreading from systems in one PSAP to its neighboring ones compromising the ability to respond in a state or a region of the country.
  • Swatting. Swatting is essentially tricking an emergency dispatcher with false or misleading information; for example, through the manipulation of fields such as Caller ID and location information in IP packets in an emergency request to indicate the call is originating from a location at which a serious emergency is taking place, thus directing scarce law enforcement (and medical responders) to that location. This could be just a revenge, or the manipulator could be committing a serious crime somewhere else. This happened in 2017 in California and resulted in an innocent person shot by the police.

With well-known technical and policy controls in place in the IT and network infrastructure and in various emergency handling applications, as well as the support of a well-trained staff, these types attacks can be largely prevented and the damage contained.

The Department of Homeland Security (through its Office on Emergency Communications), the Federal Communications Commission (through its task force on Optimal PSAP Architecture), the National Emergency Number Association (NENA), and the Association of Public-Safety Communications Officials (APCO) are all involved in the rollout of NG9-1-1 and have produced guidelines to address cybersecurity issues among other directives (e.g., specification of functional components and their interfaces for procurement purposes, IP network based architecture, deployment alternatives, budget and cost sharing among various government entities).

A simplified IP network-based “three-tier” architecture is shown below. The key aspect of the architecture is the Emergency Services IP Networks (ESInets), to carry all types of traffic with intelligence to route to appropriate PSAPs and support functions such as location information and subscriber information services.


Source: Office of Emergency Communication: Cyber Risks to Next Generation 9-1-1, Nov. 2018

What’s Happening in Maryland?

In Maryland, a statewide task force known as the ENSB (Emergency Number System) Cybersecurity was formed during the summer of 2019 to address the cybersecurity issues related to NG9-1-1. The task force consists of public safety managers and IT professionals from various counties and vendors in the space. Emergency handling in Maryland is largely provided at the county level. I am representing University of Maryland Global Campus to provide cybersecurity expertise. The current focus areas of this committee are to:

  • Develop minimum standards and requirements to address cybersecurity concerns for products serving PSAPs and ESINet components, and
  • Cybersecurity best practices for PSAPs and IT organizations supporting the underlying infrastructure and applications

Standards and recommendations from several organizations and related industries are currently under review so as adopt them to hit the ground running, including:

  • NENA (National Emergency Number Association) Security for Next-Generation 9-1-1 standard
  • Next Generation 9-1-1 Security (NG-SEC) Audit Checklist
  • FCC Task Force on Optimal PSAP Architecture: Final Report
  • NIST SP 800-171 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations (and its compliance)
  • NENA Detailed Functional and Interface Standards for the NENA i3 Solution (for various vendor products)

Next Steps

We expect to issue standards and an auditing process to verify how well the standards are followed by the end of 2019, so that the various PSAP entities in the state can complete their gap analysis. Beginning on January 1, 2020, the ENSB will begin approving projects for improving their cybersecurity posture.

About the Author

DasMarch2018v6Balakrishnan Dasarathy, Ph.D. is collegiate professor and program chair for Information Assurance at University of Maryland Global Campus.

Cyber Connections News Roundup: September 24

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

September 24, 2019

Microsoft to Offer Free Security Support for Windows 7 Ahead of 2020 Election

According to a recent report on, Microsoft Corp. will offer state and local election officials free security support for Windows 7 operating systems used in voting systems through 2020. Microsoft has long planned to stop providing security updates for Windows 7 users in general in January 2020, but was allowing users to pay for those updates through January 2023. The offer of free services through next year’s U.S. presidential election represents an additional effort to make it easier to update operating software used in voting systems, such as the election management systems that format ballots. Read more.

Are Recent Saudi Oil Attacks a Sign of More Cyber Warfare to Come?

The recent attack against Saudi Aramco, claimed by U.S intelligence and the Saudi government to be the work of Iran, is a continuation of a long-simmering cyber war between the two countries, according to an article on In recent years, Iran has deployed destructive computer viruses against Saudi Arabia, which has been slow to strengthen its defenses. The report warns that investors should expect long-term cyber espionage and flare-ups of malicious activity, including the potential for destructive attacks that hurt companies in the region beyond Aramco. Read more.

Los Angeles Becomes First City in Nation to Offer Public Threat-Sharing Platform

According to a recent article on, the city of Los Angeles has unveiled the Threat Intelligence Sharing Platform, as well as a free mobile app that will help people detect malicious email. This, according to Mayor Eric Garcetti, makes Los Angeles the first city in the nation to release a publicly available threat-sharing platform and cybersecurity app. The platform is the creation of the LA Cyber Lab, a nonprofit organization dedicated to protecting the public and businesses from cyber threats by facilitating and promoting innovation, education and information sharing between public and private sectors. Read more.

Citing Cybersecurity Concerns, Colorado Bans QR Codes on Ballots

Colorado has become the first state in the U.S. to ban the use of QR codes on ballots, according to a recent article on In announcing the change, Colorado Secretary of State Jena Griswold (D) said that cybersecurity experts have raised concerns around the security of using the QR codes on ballots. Griswold also cited findings by U.S. intelligence that Russian operatives attempted to interfere in the 2016 presidential election as a reason to enhance cybersecurity of elections. Colorado will now require that votes only be counted based on human-verifiable information, specifically the marked ovals on the printed ballot, and not based on the counting of votes embedded in QR codes. Read more.

Cyber Attacks Exploit People and Not Technology According to Proofpoint Report

According to the results of Proofpoint’s 2019 Annual Human Factor Report, virtually all successful email-based cyber attacks require the target to open files, click on links, or carry out some other action. Although a small fraction of attacks rely on exploit kits and known software vulnerabilities to compromise systems, the vast majority of campaigns, 99%, require some level of human input to execute. These interactions can also enable macros, so malicious code can be run. A recent article about the report on notes how increasingly difficult it is to distinguish a malicious email from a regular one, mainly because tailored attacks look as if they come from a trusted source, such as cloud service providers like Microsoft or Google, colleagues, or even the boss. Read more.

Cyber Connections News Roundup: July 30

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

July 30, 2019

New Orleans Governor Issues First Ever Statewide Cybersecurity Emergency

Governor John Bel Edwards has issued a statewide emergency declaration following a cybersecurity attack on several school systems in North Louisiana, according to a recent report on This is the first activation of Louisiana’s emergency support function relating to cybersecurity. Kenneth Donnelly, senior coordinating official for the Louisiana Cybersecurity Commission, said the state was first made aware of a malware attack on July 23. The New Orleans Office of Homeland Security and Emergency Preparedness, along with Information Technology and Innovation, is monitoring the situation and is in close contact with the Governor’s Office of Homeland Security and Emergency Preparedness and law enforcement partners at the local, state and federal level. Read more.

NSA Creates New Cybersecurity Arm to Combat Foreign Threats

According to a report on, the National Security Agency (NSA) will create a new cybersecurity “directorate” to unify NSA’s foreign intelligence and cyber defense missions, and prevent and eradicate threats to national security systems and the defense industrial base. Anne Neuberger, who has been leading the NSA’s Russia Small Group, has been tapped to lead the new directorate, which will become operational on Oct. 1. Neuberger led the NSA’s election security efforts for the 2018 midterms, having served as the NSA’s first chief risk officer. Read more.

IoT Cybersecurity Improvement Act Calls for Deployment Standards

The IoT Cybersecurity Improvement Act of 2019, co-sponsored by Reps. Robin Kelly (D-Ill.) and Will Hurd (R-Texas), would require the National Institute of Standards and Technology (NIST) to issue guidelines for the secure development, configuration and management of IoT devices, according to a recent article on It would also require the federal government to comply with these NIST standards. Balakrishnan Dasarathy, collegiate professor and program chair for Information Assurance at the Graduate School at the University of Maryland University College, was quoted in the article in support of the bill. “We need government intervention,” he said. Dasarathy said that the bill would provide appropriate IoT security guidance to chief information security officers (CISOs) and other organizational executives. “Right now many CISOs struggle to determine adequate security,” he said. Read more.

Industrial Cybersecurity Emerging as Frontline of Cyber Attacks

According to a report on, the number of cybersecurity-related incidents occurring around industrial systems and operational technology is on the rise. Industrial cybersecurity is therefore emerging as the frontline defense to address such threats. Urmez Daver, vice president and global head of Industrial Cybersecurity, TÜV Rheinland Group, speaking at the recent Secure Summit APAC 2019 in Hong Kong on July 11, said that emerging cybersecurity standards will provide the right level of guidance to enterprises to manage cyber risk, which is often best achieved when safety, security and privacy are engineered by design. Read more.

Israel to Provide Cybersecurity Training to Students with Autism

A first of its kind cybersecurity training course for people with disabilities has opened in Israel, led and financed by the National Cyber Directorate and the Welfare and Social Services Ministry, according to a report on In an effort to expand the pool of talent in the industry, Ram Levy, CEO of cybersecurity company Konfidas, initiated the training to enable people with disabilities to integrate into the cybersecurity field. The first cohort of the course will include 16 students on the autism spectrum, aged 21 and up. Read more.



Cyber Connections News Roundup: July 16

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

July 16, 2019

New ISA Cybersecurity Alliance Established to Accelerate Education, Readiness, and Knowledge Sharing

The International Society of Automation (ISA) has created an open, collaborative forum to advance cybersecurity awareness, readiness, and knowledge sharing. According to a recent report on Yahoo Finance, the ISA Global Cybersecurity Alliance will bring together a global group of stakeholders from end-user companies, control system vendors, IT and OT infrastructure providers, system integrators, and others affiliated with global industry to benefit everyone, especially the communities in which we operate and serve. Read more.

Artificial Intelligence in Cybersecurity Expected to Surpass $38 Billion

A recent report from Markets and Markets predicts that the artificial intelligence (AI) in cybersecurity market will reach USD 38.2 billion by 2026 from USD 8.8 billion in 2019, at the highest CAGR of 23.3%. Major drivers for the market’s growth include: the growing adoption of IoT and increasing number of connected devices; rising instances of cyber threats; growing concerns of data privacy; and an increasing vulnerability of Wi-Fi networks to security threats. Read more.

New Indiana University Cyber Clinic to Serve as Mid-West Hub for Training

According to an article on, Indiana University (IU) will establish the IU Cybersecurity Clinic to address cyber threats on the state and local level. IU said the clinic would serve as a Midwest hub for cyber training. Funding for the new clinic comes from a $340,000 grant from the William and Flora Hewlett Foundation and matching funds up to $225,000 from the Indiana Economic Development Corp. Read more.

U.S. Coast Responds to Recent Safety Alert With Cybersecurity Recommendations

On July 8, the U.S. Coast Guard issued a safety alert to report an incident in February whereby a deep draft vessel on an international voyage bound for the Port of New York and New Jersey reported that it was experiencing a significant cyber incident impacting its shipboard network, according to a recent report on The Coast Guard responded to the incident by establishing a set of recommendations for vessels and facility owners to improve cybersecurity. Read more.

Maryland Department of Labor Reports Cybersecurity Incident

A recent report on details efforts by the Maryland Department of Labor to notify roughly 78,000 customers about potential unauthorized activity in two of its database systems. On July 5, the department reported that some personal information might have been accessed without authorization, but that an investigation by the department has not found any misuse of data. Read more.



Get the Facts About 5G Network Security

Balakrishnan Dasarathy, Ph.D., collegiate professor and chair for Information Assurance and Cyber Operations programs at University of Maryland University College (UMUC), cuts through the hype about 5G networks and gets to the truth about potential security threats and the ways to mitigate them.

The promise of 5G networks is that they’ll provide an order of improvement in both data rates and latency over the current generation of cellular networks and, as such, will introduce a host of new applications that support industry and critical infrastructure. Telecom equipment supplier Ericsson predicts that the number of cellular IoT connections will reach 4.1 billion in 2024—increasing with an annual growth rate of 27%.

The upside of 5G is its support of an unprecedented number of connected devices. Its networks will rely on new architectural concepts and service delivery models that will improve functionality across numerous vertical markets and drive down costs.

The downside is that 5G will create a threat landscape that we have not experienced with previous networks. Ironically, the security challenges inherent in 5G will arise from the attributes that make it such an improvement.

Any security plan for 5G should focus on the following six threats:

  1. Loss of availability: flooding an interface and crashing a network element by sending malformed packets by poorly authenticated, malware-infested devices
  2. Loss of confidentiality and integrity: eavesdropping, data leakage and data modification due to lack of energy-efficient cryptographic techniques on low cost, low power connected devices
  3. Loss of control: an attacker taking control of the network or compromising the network
  4. Malicious insider threats: an attacker modifying the network elements as the network is opened up and services rely on out-sourced entities
  5. Code in network elements: spying such as Trojan horse, trap door and logic bomb

Minimizing Future Threats to the 5G Network

Managers of network security can mitigate these six 5G security threats with new service and trust models, and by keeping close watch on Huawei, the Chinese global provider of information and communications technology infrastructure and smart devices.

New service models, for example, must be expanded to include roaming agreements to support a specific business such as drones from Amazon and car fleets from GM, and not just cell phones. Trust models must address new data protection challenges across 5G networks that include more actors of different types. Today’s trust model addresses SIM cards issued by a few vendors for phones. Any future 5G trust model must address industry automation control devices, vehicles, sensors, drones and other IoT devices. Federal agencies, namely the National Institute of Standards and Technology (NIST), must accelerate advancements in lightweight cryptographic techniques that are designed to implement in constrained environments such as RFID tags, sensors and medical devices.

Finally, any 5G-network security framework must also identify and address potential malicious activity from Huawei, and the only way to do so is to review the underlying code of network equipment. Since an adversary like Huawei, with direct links to the Chinese government, will not supply anyone with the functional specifications for the malware they may plant, the U.S. must actively review the code in Huawei equipment much in the way that the U.K. is doing now through its Huawei Cyber Security Evaluation Centre (HCSEC).

About the Author

DasMarch2018v6Dr. Balakrishnan Dasarathy, collegiate professor and chair for Information Assurance and Cyber Operations programs at UMUC, brings more than 30 years of experience in research and development and management in the fields of information assurance, cyber security, and related areas of computer science. He has worked in the telecommunications and finance industries and currently teaches courses in network and software security and cyberlaw. Dasarathy received his PhD in computer and information science from Ohio State University.

Cyber Connections News Roundup: July 2

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

July 2, 2019

Hacking Risk to Medtronic Insulin Pumps Exposes Vulnerabilities IoT Medical Devices

According to a report on, the U.S. Food and Drug Administration (FDA) warned recently that a number of insulin pumps from Medtronic MiniMed might be at risk of a cybersecurity breach. According to the FDA, Medtronic is recalling affected MiniMed pump and providing alternative insulin pumps to patients. The Medtronic recall illustrates the increase in vulnerabilities of such medical devices as more and more go online and shift to IoT and wearables. Read more.

NIST Releases Guide to Managing Cybersecurity Risks Posed by IoT

Health IT Security reports that on June 25 the National Institute of Standards and Technology (NIST) released a guide to managing the privacy and cybersecurity risks posed by IoT, the first in a planned series on IoT designed to help both federal and private sector organizations shore up IoT vulnerabilities. In October 2018 NIST issued a draft IoT report, which laid out the top considerations that can impact the management of IoT devices across the enterprise. The guide released last week builds on the initial report and is designed to serve as a foundation for a planned series on more specific IoT assets. Read more.

M&A Deals Hamstrung by Cybersecurity

According to a recent report by Forescout Technologies titled The Role of Cybersecurity in M&A Diligence, half of IT decision makers (53%) found critical cybersecurity issues that put mergers or acquisition deals in jeopardy during their initial assessments, according to Forescout Technologies’ survey of 2,700 executives. Furthermore, undisclosed data breaches represent an immediate deal-breaker for their company’s M&A strategy, according to 73% of surveyed decision makers. Acquiring a company, only to find critical cybersecurity issues down the line, made 65% of decision-makers feel buyer’s remorse once the deal closed. Read more.

Maryland Gov. Hogan Hires Cybersecurity Chief

Gov. Larry Hogan (R) has named Maryland’s first statewide chief information security officer, part of an effort to boost defenses against cybersecurity threats, according to a recent report on John Evans, who had served as the chief information security officer for the state Department of Information Technology since October, will lead the newly created Office of Security Management and chair the Maryland Cybersecurity Coordinating Council, a panel made up of nearly a dozen agency heads. The move comes just after a powerful ransomware attack nearly paralyzed the city government for the past month. Read more.

Iranian Hackers Ramp Up Cyber Campaigns Against U.S.

A recent article on details how Iran has increased its offensive cyber attacks against the U.S. government and critical infrastructure as tensions have grown between the two nations. The article describes how hackers believed to be working for the Iranian government have targeted U.S. government agencies, as well as sectors of the economy, including oil and gas via spear-phishing emails, according to cybersecurity tracking companies CrowdStrike and FireEye. The cyber offensive is the latest chapter in the U.S. and Iran’s ongoing cyber operations targeting the others. Read more.


Cyber Connections News Roundup: June 4

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

June 4, 2019

Startup BlueVoyant Raises $82.5 Million at a Valuation in Excess of $400 Million

According to a recent article on, New York based cybersecurity startup BlueVoyant, a provider of managed security, professional services and, threat intelligence, has raised $82.5 million in a Series B round of funding at a valuation in excess of $430 million. The funding is coming from a range of new and existing investors that includes fintech giant Fiserv. Read more.

Cybersecurity Stands to Benefit from Advancements in AI

An article on reports that cybersecurity may be one of the key beneficiaries of advancements in artificial intelligence (AI). AI, for example, can be used to detect imminent threats by collecting data from different logs and records and identifying new threats that are being spread by hackers. AI can also identify malware and spyware trends by analyzing data across multiple channels. AI lets users detect malware systems faster and before they can do damage on a large scale. Read more.

Middle East and Africa Cybersecurity Market Expect to Take Off

A new report featured on predicts that the Middle East and Africa cybersecurity markets will expand at a CAGR of 11.9 percent and is expected to be valued at USD 23.4 billion by 2023. Contributing to this rise is the digitization in verticals such as banking, financial services, government, and the oil and gas industries, which has triggered the risk of cyber attacks. The main reason for the cybersecurity market’s exponential growth rate is improved awareness, and the adoption of various cybersecurity services that are needed to safeguard smart grid devices, digitized businesses, and IoT-based smart cities. Read more.

New Cybersecurity Legislation Aims to Secure Nation’s Election

Sens. Amy Klobuchar, D-Minn., and Susan Collins, R-Maine, introduced legislation to secure the nation’s elections by providing training to state and local election officials, according to a report on The “Invest in Our Democracy Act of 2019” would direct the Election Assistance Commission to provide grants in support of continuing education in election administration or cybersecurity for election officials and employees. The Act would establish a grant program administered by the Election Assistance Commission to cover up to 75 percent of the cost of the yearly tuition of election officials and employees who are enrolled in an accredited certificate program for election administration or cybersecurity. The Act would also provide $1 million for fiscal year 2021 and such sums necessary for each fiscal year between 2022 and 2028. Read more.

Poor Cybersecurity Can Do Damage Beyond Your Bottom Line

A recent article on enumerates the ways poor cybersecurity measures could harm your business. For example, your initial impression may be that weak cybersecurity only affects your organization, but a lack in cybersecurity can also be problematic for an organization’s customers and wider markets. Companies can steer clear of this fault by taking a top-down approach to cybersecurity. Read more.