Cyber Connections News Roundup: August 28

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

August 28, 2018

Are Supercomputers Ready to Combat Cyber Threats

Supercomputers may be evolving, but many believe they remain impractical for solving security challenges. In June 2018, a new winner was crowned as the world’s fastest supercomputer, with the US taking the honors back from China. Oak Ridge National Lab’s Summit supercomputer can process more than 122 petaflops –122 thousand trillion floating-point operations per second. Supercomputers can have application in cybersecurity as well, but, according to experts, the days when that’s a reality are far ahead. Read more.

12 TED Talks That Will Change the Way You Look at Business Cybersecurity

From http://www.varonis.com comes a list of its top 12 TED Talks on cybersecurity. These discussions touch on everything from how to create a strong password to the impact hackers have on world peace. Find out if your business is ready to face its next cyber threat. Read more.

Is New NIST Law Aimed at Helping Small Businesses with Cybersecurity Effective?

The president recently signed into law the NIST Small Business Cybersecurity Act, S.770, originally introduced as the Main Street Cybersecurity Act. This law mandates that NIST (National Institute of Standards and Technology) produce and disseminate educational materials to help small businesses improve their cybersecurity posture. The website http://www.seacoastonline.com offers a succinct overview of the measure plus some invaluable commentary on its effectiveness. Read more.

Google Parent Company Alphabet Closer to Going Public With New Cybersecurity Platform

According to a recent report on http://www.cnbc.com, Google’s parent company, Alphabet, has revealed additional details on its new cybersecurity company, called Chronicle. Last year, Alphabet announced the company, but held back on much of the details. Recently, though, Chronicle CEO Stephen Gillett sat down with CNBC to offer some new details about the company’s direction, including plans to deliver “planet-scale” security services to large corporations. Read more.

Steps Healthcare Organizations Must Take to Combat Growing Cyber Threats

A recent article in HealthTech Magazine offers an overview of the cyber threats faced by healthcare organizations, the latest breach trends and security best practices for providers. To help meet today’s cyber challenges, healthcare organizations should first and foremost view cybersecurity as a business risk rather than just a technical challenge. Read more.

Cyber Connections News Roundup: August 14

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

August 14, 2018

This week in Las Vegas, some of the most talented cybersecurity minds have gathered to take part in two of the year’s biggest hacker conferences, Blackhat and Defcon.

The highlights of these conferences are often what can best be described as cyber magic tricks, where technicians show off their skills by proving how they can break into various devices, such as computers inside cars, voting machines and medical instruments.

News From Black Hat and Defcon: Recent Reports Offer Insights into Current Cyber Threat Vulnerabilities

Two of the largest hacker conferences on the calendar wrapped up in Las Vegas last week. Blackhat USA 2018 (August 4-8) and Defcon (August 9-12). Check out http://www.cnet.com for day-by-day highlights from both events, including news about election vulnerabilities, smart cities, cryptocurrencies, and Google’s current view on cybersecurity. Read more.

Meanwhile, as part of its report on the two cybersecurity events, http://www.crn.com asked 10 security executives and technical leaders attending Black Hat 2018 what election-related threats should be most worrisome to the government and general public. Read more.

Also reporting from Black Hat, Martin Giles, in an August 11 MIT Technology Review report, lays out the pros and cons of relying on machine learning and artificial intelligence to help guard against cyberattacks. Read more.

Is the Healthcare Industry More Vulnerable to Cyber Threats than Others?

According to a recent article on http://www.techcrunch.com, healthcare organizations on average spend only half as much on cybersecurity as other industries. Hospitals especially, with their massive amounts of personal records, are attracting an unusually high number of hackers. Read more.

TVA Invests in Cybersecurity Operations Center

Recognizing the increasingly high stakes of cyber threats on power grids and public utilities, the Tennessee Valley Authority (TVA), according to a recent report from The News Courier, has invested in state-of-the-art monitoring systems and equipment for a new cybersecurity operations center designed to combat the thousands of daily hacking attempts on the nation’s largest public power utility. Read more.

Are Employees an Organization’s Greatest Cybersecurity Risk?

As reported on http://www.holmesreport.com, a new Finn Partners study confirms what many organizations already suspect – employees are their biggest cybersecurity risk. The study, based on a survey of 500 US employees, found that breaches are largely due to the use of personal devices for work. The survey revealed, for example, that nearly two in five workers have clicked on a link or opened an attachment from a sender they did not recognize. Read more.

 

 

Cyber Connections News Roundup: July 24

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

July 24, 2018

What Is the Biggest Risk Cybersecurity Today?

According to a new survey from DataSolutions, it’s human error. A recent article on http://www.siliconrepublic.com dives deeper into the survey results, explaining that companies must invest more money in educating employees against carelessness with respect to phishing attacks and other threats that could be avoided through increased awareness and training. Read more.

[Lack of] Cybersecurity Awareness in the C Suite

A recent http://www.securityboulevard.com report examines the disconnect between c-suite executives and cybersecurity. Specifically, the article cites a variety of surveys that establish a failure among business executives to understand that cybersecurity strategy starts at the top. For example, a recent CSO Online report found that “six out of 10 boards still see cyber risk as primarily an IT issue.” Read more.

These sentiments were echoed in a recent article on http://www.freightwaves.com where cybersecurity in the trucking industry has emerged as a major issue for carriers. However, it is largely overlooked at the executive level and, when addressed, is only dealt with from a defensive posture. Read more.

Who Is Responsible for Cybersecurity? The CTO or the CISO?

In a recent http://www.informationage.com article, Nick Ismael agrees that today’s boards have historically overlooked cybersecurity, instead leaving the issue to the experts in within the organization. Now, however, many boards are finally taking on the issue, but struggling to decide who has ultimate responsibility – the Chief Technology Officer (CTO) or the Chief Information Security Officer (CISO). Read more.

US Army Commissions First Civilian Cyber Officers

James Gusman and Timothy Hennessy have become the first civilians commissioned as officers in US Army Cyber. As reported on http://www.wjbf.com, their commission is the result of the US Army’s Cyber Direct Commissioning Program’s initiative to begin commissioning civilians as cyber operations officers, something that only happened in the medical and legal fields as well as seminary. The pilot program kicked off in October 2017. Read more.

AT&T Acquires Start-up AlienVault to Boost Cybersecurity Offerings for Businesses

AT&T announced that it would acquire AlienVault, a cybersecurity start-up based in San Mateo, California. AlienVault offers tools that detect and respond to threats through its Unified Security Management platform as well as its online platform called Open Threat Exchange. As reported on http://www.fortune.com, the acquisition will serve to strengthen AT&T’s security portfolio for small- and medium-sized businesses. Read more.

 

The NIST Framework and its Implications on Cybersecurity and the Internet of Things

Felix Uribe, University of Maryland University College (UMUC) adjunct associate professor of Cybersecurity Management and Policy, provides an overview of NIST and its implications on cybersecurity and IoT at recent Dominican Republic Cyber Event.

At the II Digital Forensic and Cybersecurity Conference, held at the Ocean Blue and Sand Resort in Punta Cana, Dominican Republic from May 17-20, 2018, Uribe joined an international roster of speakers from Spain, Colombia, Chile, Mexico and the United States to discuss a host of topics related to digital forensics, cybersecurity and cybercrime, as well as the Dominican Republic’s “digital government” initiative and its cybersecurity and privacy challenges and solutions.

For his part, Uribe presented an overview of the NIST Risk Management Framework (RMF) and the NIST Cybersecurity Framework and its implications on the Internet of Things (IoT). He kicked off his talk with a brief history of NIST and an explanation of what it is.

Established in 1901 as the National Bureau of Standards, the National Institute of Standards and Technology (NIST), as the agency has been known since 1988, is a measurement standards laboratory that is a non-regulatory agency of the US Department of Commerce. The institute’s official mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life.

Today, NIST measurements support the smallest of technologies to the largest and most complex of human-made creations, from nanoscale devices to earthquake-resistant skyscrapers and global communication networks.

The Computer Security Resource Center (CSRC) provides access to NIST’s cybersecurity and information security related projects, one of which is the Risk Management Framework (RMF), six steps (Categorize, Select, Implement, Assess, Authorize and Monitor) to ensure that organizations integrate security, privacy and risk management activities into the system development life cycle.

NIST developed the RMF to provide a more flexible, dynamic, approach for effective management of information system-related security and privacy risk in highly diverse environments and throughout the system development life cycle.

In short, the RMF addresses risk management by:

  • Building security and privacy capabilities into information systems throughout the System Development Life Cycle.
  • Maintaining awareness of the security and privacy posture of information systems on an ongoing basis through continuous monitoring processes.
  • Providing information to senior leaders and executives to facilitate decisions regarding the acceptance of risk to organizational operations and assets, individuals, other organizations, and the Nation arising from the operation and use of systems.

The voluntary NIST Cybersecurity Framework consists of standards, guidelines, and best practices to manage cybersecurity-related risk. The Framework’s goal is promote the protection and resilience of critical infrastructure and other sectors important to the economy and national security.

Cybersecurity and Privacy Challenges in the Internet of Things (IoT)

Uribe also discussed IoT cybersecurity and privacy challenges. He defines IoT as the network of devices (things) capable of interacting with other devices and/or living things via the Internet or through a private local or global network not connected to the Internet. He explained that the components of an IoT device can be microcontrollers, sensors, actuators, memory, storage, and other components that is embedded or connected to the device and that forms part of its operation.

IoT projections suggest that by the year 2020 the number of connected devices worldwide will reach approximately 20 billion (The Gartner Group 2017, retrieved from https://www.gartner.com/newsroom/id/3598917). As such, the number of IoT devices compromised by cybercriminal is also expected to intensify. Both the NIST RMF and the Cybersecurity Framework strive to provide organizations security and privacy safeguards to protect information and information systems and the future of complex interconnected IoT environments.

NIST Special Publication (SP) 800-53, Security and Privacy Controls for Information Systems and Organizations was developed to addresses the selection of security controls (“Select” step in the RMF). It provides guidelines for selecting the security controls for organization and information systems.

The latest version of SP 800-37 (Revision 5) provides a comprehensive set of safeguarding regarding Internet of Things (IoT) devices. As stated by NIST, “privacy is now fully integrated throughout the new draft. For example, one privacy control addresses the data captured by sensors such as those used in traffic-monitoring cameras in smart cities. The control advises configuring such sensors in a way that minimizes their capturing data about individuals that’s not necessary for the traffic-monitoring system to carry out its function.” In addition, “…an IT system may employ cameras. Security experts determine security controls for the camera sensor, while privacy professionals decide on privacy controls such as a control to preserve a passerby’s privacy.”

The exponential growth of IoT devices and their everyday applications calls for the use of the NIST RMF and the Cybersecurity framework in order to address today’s security and privacy concerns affecting the trustworthiness of the world’s current IoT domain. IoT device manufacturers should take into account the security and privacy controls provided by the RMF when designing and manufacturing IoT devices and its components to ensure that security and privacy is implemented by design and does not come up as an afterthought during the IoT device development life cycle.

About the Author

UribeFelix Uribe is an information technology (IT) security professional with extensive experience in the field of information security, cybersecurity, privacy, software development and teaching in the private and public sectors. He currently serves as an IT security analyst at the US Department of the Interior serving as associate privacy officer for the National Park Service. Prior to this, he served as an IT security auditor (Infosec) at the US Department of Justice Office of the Inspector General. As an academic, Uribe serves as adjunct associate professor at UMUC in the Cybersecurity Management and Policy program.

Uribe holds a Bachelor’s and Master’s degree in Computer Science from the Herbert H. Lehman College of the City University of New York.

Cyber Connections News Roundup: June 26

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

June 26, 2018

The Intersection of Cybersecurity and Domestic Abuse

Sadly, the latest pattern of behavior in domestic abuse cases, according to a recent New York Times report, involves smart home technology, whereby abusers are using apps on their smartphones to manipulate the Internet-connected locks, speakers, thermostats, lights and cameras that their victims use in their homes to harass, monitor and control. Read more.

SEC Outlines Changes After EDGAR Hack

The US Securities and Exchange Commission (SEC) is proposing reforms to its cybersecurity practices in light of the review of the 2016 breach of its EDGAR filing system. As reported on financial-planning.com, SEC Chairman Jay Clayton, in a testimony submitted to the House Financial Services Committee, outlined changes the commission is putting in place in response to the incident. Among other initiatives, Clayton has tasked a number of units within the commission to analyze the security gaps that had facilitated the breach. Read more.

Senate Wants Tougher Action on Russian Hacking

As reported by Derek Hawkins on washingtonpost.com, the massive defense policy bill the Senate approved on June 18 calls on Trump to curb Russian aggression in cyberspace, giving him the green light to direct the US Cyber Command to “disrupt, defeat and deter” cyber attacks by the Russian government, conduct surveillance on Kremlin-backed hackers and partner with social media organizations to crack down on disinformation campaigns such as the ones that disrupted the 2016 election. Read more.

China Cyber Group May Be Targeting US Satellites

According to a recent report on newsweek.com, a cyber-espionage group operating from computers inside China is currently targeting US satellite communications and defense sectors. As party of a wide-ranging operation, they may soon seek to disrupt critical systems, according to cybersecurity firm Symantec’s Security Response Attack Investigation Team. The hacking collective, codenamed “Thrip,” has been using powerful malware against targets in the U.S. and Southeast Asia. Read more.

Human Error Main Cause of Data Breaches According to New Report

According to a new report by information security company Shred-it, employee negligence is the main cause of data breaches. As reported recently on cnbc.com, the study found that 47 percent of business leaders said human error such as accidental loss of a device or document by an employee had caused a data breach at their organization. More than 1,000 small business owners and C-suite executives in the US were surveyed online in April for the report. Read more.

Cyber Connections News Roundup: June 12

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

June 12, 2018

Has Brexit Put European Cybersecurity at Risk?

Sylvia Thompson of the Irish Times writes about the cybersecurity implications of Britain’s exit from the European Union. Britain, after all, historically has been the link between the intelligence network of the US, Canada, Australia and New Zealand and the European Union. So, the question remains: If Britain goes, does the link break? Read more.

New Study Outlines Recommendations for Preventing Identify Theft

The National Cybersecurity Society (NCSS), a national non-profit created to address small business cybersecurity, recently released a study focuses on business identity theft, how it is perpetrated and how we can prevent it. Titled “Business Identify Theft in the US,” the study was funded through a grant provided by the Identity Theft Resource Center and the Department of Justice, Office for Victims of Crime. Read more.

New Ridge Institute to Focus on Global Resiliency Against Cyber Threats

The Washington Business Journal reports that Tom Ridge, the first secretary of the Department of Homeland Security, has launched the Ridge Global Cybersecurity Institute. The organization’s mission is to advise and educate business leaders on navigating cybersecurity threats. Read more.

States and Counties Ramp Up Security Prior to Key Elections

As we get closer to key election dates, state and county governments across the country are intensifying their efforts to mitigate cyber threats in light of Russian attempts to meddle with the 2016 presidential election.

As reported on wnyt.com, for example, officials in New York are conducting cybersecurity drills in an effort to determine how vulnerable their state’s election system is to hacking. The exercises will simulate scenarios in which a hostile group seeks to tamper with voting systems, change election tallies or otherwise undermine voter confidence. Read more.

Meanwhile, in Collier County, Florida, Trish Robertson of the elections staff reports on www.hellowfl.com that the county has been ramping up preparations to prevent threats for the past few weeks, notably by installing a security networking monitoring system called “Albert.” Read more.

[Cyber] Securing the 2018 World Cup

On www.securityintelligence.com, Camille Singleton writes that security at the 2018 World Cup must move beyond the physical, which normally includes increased local police, physical barriers and identification checks. The widespread use of digital devices and social media warrant enhanced awareness and preventative measures to protect fans, foreign dignitaries and celebrities from malicious actors. Read more.

Five Misconceptions About Cybercrime

Take a look inside the new book by cyber expert and University of Maryland University College (UMUC) adjunct professor Richard A. White, PhD.

Reading “Cybercrime: The Madness Behind the Methods” by Richard White, adjunct professor, cybersecurity information assurance at UMUC, is like going on a wild ride-along with a seasoned police officer.

The book exposes the true nature of cybercrimes and takes the reader into the psychology and motivations of the criminal. Through in-depth interviews with real-life hackers, cyber-bullies and a former FBI special agent, White delivers a holistic view of perpetrator and victim behaviors, and the steps we need to take to reduce the menace presented by hacking.

The bottom line is that cybercrime not going away and many people beyond the intended victim are affected. Technology alone is neither the sole cause nor the solution.

To help better understand cybercrime, White offers these five common misconceptions:

  1. Cybercrime originates from disadvantaged or “third-world” countries.

Cybercrime is one of the most highly organized crime syndicates ever to exist. In reality, the majority of the world’s hacks originate in developed countries such as China, Russia, the U.S., Taiwan, Romania and Hungary. Many players fulfill many roles, each for a profit exacted from victims. Tools are sold and methods are discussed on the Internet. Often programmers sell their tools with a money-back guarantee. Money has no conscience and does not care who earns it or how it is earned. No matter the country of origin, cyber criminals will always put their top-earning talents to work.

  1. Cybercrime is victimless because it is nonviolent.

Cybercrime may be perceived as victimless because it fits into the category of white-collar crime. White-collar crime is not trivial or victimless, as most white-collar criminals would have you believe. A single cybercrime effort can result in multiple victims. The original victim may have something stolen, data held for ransom or their identity used to fleece other organizations. One event can leave a single person dealing with an issue for years, but that event can also impact a person’s family, friends and co-workers who must deal with the issue and, of course, the taxpayers often take a hit.

  1. Cybercrime is committed by highly skilled and computer savvy people.

People with only basic computer skills commit most cybercrime. These criminals use simple and proven methods, many of which have been around for a long time, and seek the easiest way into a computer system. The software and methods used are readily available on the Internet for free or at a minimum cost. Phishing attacks are an example of how easy it really is. Too many people, even if they are suspicious of an email, will open it to see what is inside and, worse yet, will click a link to see where it goes.

  1. Cybercrime requires a technically complex and sophisticated solution.

As noted earlier, actual cyberattacks are not technically complex and sophisticated. But the organized crime aspects of the criminal network itself are, by their very nature, complex and sophisticated because they are designed to avoid detection and prosecution while exploiting the fruits of the actual cybercrime. Think of cybercrime as akin to a business where the actual thief is just one of many along a seemingly traditional hierarchy. With the sky being the limit and very little risk required to start, many potential hackers experiment at entry-level just to test their moxie and give it a try.

  1. Victims of cybercrimes are usually made whole again.

The sad fact is that victims often spend years trying to resolve issues created by cybercrime and rarely see the return of stolen funds. The onus is on the victim to prove that they did not apply for that credit card or transfer funds from their accounts. Imagine discovering one day that your house has a second mortgage loan on it for tens of thousands of dollars that you did not take out? And now the bank is foreclosing on your property because you did not make your loan payments. Cybercrime creates real victims dealing with long-lasting issues. But cybercrime is not always about money. Consider the fear and psychological trauma associated with cyber-stalking and cyber bullying.

“Cybercrime: The Madness Behind the Method,” published in late 2017, is available on Amazon.

Kick Off the New Year With a Comprehensive Cybersecurity Reading List

When you assemble your 2018 cybersecurity reading list, there may be no better place to start than with BookAuthority, a website based on thousands of recommendations made by hundreds of industry leaders. Hone your skills and increase your knowledge base by adding the following top entries from BookAuthority’s “100 Best Cyber Security Books of All Time” to your 2018 reading list.

“Blue Team Field Manual,” by Alan J. White, is a cybersecurity incident response guide aligning with the NIST Cybersecurity Framework consisting of the five core functions—identify, protect, detect, respond, and recover—by providing the steps to follow and commands to use when encountering a cybersecurity incident.

“Cyber Security Handbook: Protect Yourself Against Cyber Crime,” by W. Muse Greenwood, is an information resource to help business owners, leaders and team members develop policies and procedures.

“Future Crimes: Everything Is Connected, Everyone Is Vulnerable and What We Can Do About It,” by Marc Goodman, offers a journey into the digital underground to expose the ways in which criminals, corporations, and even countries are using new and emerging technologies.

“Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon,” by Kim Zetter, recounts the story behind the virus that sabotaged Iran’s nuclear efforts. Zetter’s book describes how a digital attack can have the same destructive capability as the most destructive bomb.

“The Plot to Hack America: How Putin’s Cyberspies and WikiLeaks Tried to Steal the 2016 Election,” by Malcolm Nance, is must reading for anyone concerned with the way in which cyber thieves hacked the Democratic National Committee and stole sensitive documents, emails, donor information, and voice mails with the singular goal of getting Donald Trump elected president.

Finally, you will want to add “Cybersecurity Leadership: Powering the Modern Organization,” by University of Maryland University College’s own Mansur Hasib, widely acclaimed as the definitive book on cybersecurity leadership and governance. It defines cybersecurity and expands upon its three key tenets—people, policy and technology.

7 Cybersecurity Predictions for 2018 – UMUC Experts Weigh in on the Future of Workforce, Skills, Disruptive Technologies and More

Cybersecurity remains a top global priority and affects just about every aspect of our lives, including politics and voting systems, national defense, artificial intelligence, social media, mobile devices, the Internet of Things (IoT), financial systems and more. As 2017 comes to a close, Cybersecurity faculty experts at the University of Maryland University College offer their industry predictions—and calls to action—for 2018 and beyond.

1. It’s the Status Quo for 2018 and a Call to Action for the Future.

Ajay Gupta, program chair of Computer Networks and Cybersecurity and faculty sponsor of the UMUC Cyber Padawans Hacking Competition team said he sees no change in the current state of the cybersecurity industry.

We’ve known for a while that we are not graduating or training enough professionals; that has not changed. We’ve also known for a while that systems in every industry are at risk, and that has not changed. Moreover, organizations across industries have not made significant improvements to their security posture even after a digital “Pearl Harbor” with the Equifax breach.

I predict that until we make measurable advances in training professionals who are equipped to mitigate risk across the digital enterprise, we will see no change.

2. There Will Be a Refocus on Developing the Cyber Workforce of the Future.

Loyce Pailen, director of UMUC’s Center for Security Studies, said that during 2018 and over the next few years, cybersecurity and cyber terrorism will continue to impact the organizational, personal, U.S. governmental and political landscapes—and that will force larger segments of society to refocus on developing the cyber workforce of the future.

I predict that the dearth of cyber-trained professionals evident in the early 2010s will reach a critical point by 2020, which will force higher education and secondary-school educators to create cybersecurity programs. Parents, community leaders and others will also begin to include—and require—cybersecurity literacy in pre-schools and primary schools.

My long-term prediction and wish is that media socialization through ad campaigns, films, books, music, gaming and other sources will make “cyber speak” so common that students will grow up to be more readily capable of appreciating and seeking cybersecurity careers.

3. The Cycle Time to Credential Qualified Cybersecurity Professionals Will Be Compressed.

Valorie King, program chair of Cybersecurity Management and Policy at UMUC predicts that workforce demands will dictate a further compression of the cycle times for educating, training, and credentialing cybersecurity professionals. Employers will seek out qualified individuals regardless of bachelor’s- or master’s-degree status and will rely on learning experiences from outside of academia. Badging and alternative forms of credentialing also will gain traction as ways of “qualifying” for entry into the career field or for advancement on a career ladder, King said.

4. Expect a Rise in Skills-Based Hacking Competitions.

Jesse Varsalone, collegiate associate professor of Computer Networks and Cybersecurity as well as head instructor for the UMUC Cyber Padawans Hacking Competition team, piggy-backs on King’s projection with his prediction that, an increasing number of businesses will come to value and support skills-based hacking competitions as a way to provide students and professionals with the critical-thinking and decision-making abilities they need to succeed in a cybersecurity career.

More organizations will come to realize that students who are actively engaged in competitions have a better opportunity to learn and demonstrate their skills. On the flip side, Varsalone said, employers will come to see that watching a student perform technical tasks in a high-pressure team environment provides a great deal more confidence for hiring.

5. The Adoption of Blockchain Technology Will Impact Cybersecurity.

Balakrishnan Dasarathy, collegiate professor and program chair for Information Assurance in UMUC’s Graduate School predicts that one area in the application space—blockchain—is going to explode in 2018 and beyond. Blockchain is the technology that supports the use of vast distributed ledgers to record any transaction and track the movement of any asset, whether tangible, intangible, or digital and open to anyone.

Blockchain technology’s disruptive aspect is its potential to eliminate intermediaries, such as government agencies, banks, clearing houses and companies like Uber, Airbnb and eBay. Blockchain provides these and other companies a measure of speed and cost savings when executing transactions. The blockchain shared, distributed and replicated ledger allows transacting parties to directly update the shared ledger for every transaction. Since parties interact directly through the shared ledger, they have to trust each other, and the transaction records in the shared ledgers should be visible only to the right parties. As such, cybersecurity technologies, specifically cryptography and access control, are critical enabling technologies for blockchain.

6. A Proliferation of Internet of Things (IoT) Will Drive Focus on Security.

Bruce deGrazia, program chair and collegiate professor of Cybersecurity said more and more devices will be connected in 2018, but security will be overlooked. We all know about IoT appliances such as refrigerators and washing machines, but unsecured children’s toys and other smaller devices will be the next frontier, deGrazia said.

7. Machine Learning Will Give Rise to Cybersecurity Challenges and Solutions.

Tamie Santiago, collegiate associate professor of Cybersecurity Policy predicts we’ll see the continued explosion of products in virtual reality, robotics, and the machine-learning space, in which artificial intelligence (AI) is a major component. Just this past year, Saudi Arabia welcomed Sophia, developed by Hanson Robotics, as the world’s first robot citizen, and UK-based AiX introduced a new AI platform for crypto trading that acts as your personal broker.

As AI spreads into every industry, new exploits and vulnerabilities will most likely arise. But, also, cybersecurity may benefit by relying on AI technology to identify attack vectors with more speed and precision.

Cybersecurity Awareness Month Wrap-up: UMUC Covered a Lot of Ground

The University of Maryland University College (UMUC) marked National Cyber Security Awareness Month this past October with a slate of events and activities that stressed the importance of leadership, workforce skills, and strategies to help businesses and the public stay safe online.

Through our Facebook Live Interview series, sponsorship of the Cyber at the Crossroads Symposium, and participation in CyberMaryland 2017, UMUC cybersecurity experts shared insights into the following:

  • How Skills-based Hacking Competitions Build Critical Thinking Skills. Ajay Gupta, chair of the Computer Networks and Cybersecurity program at UMUC, opened our Facebook Live series by discussing how these competitions build essential real-world, hands-on technical skills in data forensics, network defense, ethical hacking and other areas. Gupta suggested they also foster collaboration and develop the critical—and quick—thinking skills needed to complete complex, often unfamiliar tasks.
  • What Managers and Leaders Need to Understand About Cybersecurity. Valorie King, chair of UMUC’s Cybersecurity Management and Policy program, followed Ajay’s session with a discussion about how business leaders need to understand cybersecurity at a level that makes it possible for them to effectively lead those entrusted with safeguarding their organization’s people, processes, and technologies.
  • What’s the Difference Between Security and Cybersecurity? Finally, we concluded our Facebook Live series with Mansur Hasib, chair of UMUC’s Cybersecurity Technology program, who explained the critical distinctions between these two concepts and the role cybersecurity plays in the upper management and the healthcare space.
  • Lessons Learned from Eligible Receiver 97. On Oct. 10, UMUC hosted the daylong “Cyber at the Crossroads” symposium, co-sponsored by the National Security Agency’s Cyber Center for Education and Innovation–Home of the National Cryptologic Museum. During the event, national cybersecurity leaders from government, military, industry and academia, explored in-depth the wide-ranging implications of the secret exercise—Eligible Receiver 97—that the Pentagon conducted 20 years ago to assess the vulnerabilities of Department of Defense computer networks.
  • How to Prepare the Cyber Leaders of Tomorrow. UMUC sponsored the education track at the Cyber Maryland 2017 conference that convened on Oct. 11 at the Baltimore Convention Center. Emma Garrison-Alexander, vice dean of UMUC’s Cybersecurity & Information Assurance program, moderated the session, “Cybersecurity Leadership: Preparing the Cyber Warriors of the Future,” which highlighted best practices for achieving effective cybersecurity leadership across public and private organizations and industries, as well as local, state and federal government agencies.

To learn more about all of our activities during the month of October, read our complete coverage in the UMUC Global Media Center.