Public Policy Forum Hosted by UMUC Focuses on Personal Data and State Infrastructure

The University of Maryland University College (UMUC) recently hosted the Maryland Cybersecurity Council’s public policy forum on cybersecurity, which featured questions and answers from public and private sector experts on personal data collection and privacy protection, and infrastructure protection and incidence response.

The Dec. 6 event, organized by the Maryland Cybersecurity Council, featured opening remarks from Maryland Attorney General Brian Frosh and UMUC President Javier Miyares, followed by panel discussions with Allison Lefrak, senior attorney, Privacy and IP Protection, Federal Trade Commission (FTC); Claire Gartland, director, Consumer Privacy Project, Electronic Privacy Center; and Phyllis Schneck, chief cybersecurity official for the Department of Homeland Security (DHS). Maryland State Senator Susan Lee and Michael Greenberger, professor and director, Center for Health and Homeland Security, Carey School of Law, University of Maryland, Baltimore, moderated the panels.

What follows are some session highlights.

Reining in the “Three Vs”

High points of the panel discussion on personal data issues with Lee, Lefrak and Gartland focused on the collection and digitization of data, a top-of-mind concern to many citizens because the amount of data collected has increased due to the proliferation of pervasive communications networks.

The growth of big data, according to Lefrak, results from the “three Vs”—the volume of data that can now be collected; the velocity at which companies can collect, analyze, and harness the power of data; and the wide variety of data that companies can access and analyze.

For its part, the FTC focuses on a three-pronged approach to data protection. Enforcement is key. The agency sends a strong message to companies about the need to protect consumers. The FTC also addresses consumer privacy from a legislative standpoint through its policies. Finally, the agency educates the public to make sure that both businesses and consumers are apprised of the laws around data collection and protection.

Can federal and state governments ensure appropriate privacy protection? For starters, according to the panelists, privacy laws and courts need to reflect modern technologies. For example, video protection laws commonly use the phrase, “videotape service provider,” which is an antiquated term in today’s digital world.

The bottom line, from the FTC’s perspective, is that privacy protections are critical to maintain consumer trust. With the transition to a new administration, the state of balance among data collection, consumer privacy and consumer benefit remains to be seen.

Mitigating Large-Scale Cyber Attacks

In the panel discussion on infrastructure protection, Greenberger and Schneck discussed federal and state efforts to secure critical infrastructure and respond to incidents.

How do we bring cybersecurity together with infrastructure protection? Schneck discussed how federal sector-specific agencies work with owners and operators in each sector to develop plans to enhance their security and resiliency.

In light of federal efforts to secure the infrastructure and respond to significant incidents, what should states be doing and how can the federal government and states work in tandem?

“For the federal government, one challenge is that states constitutionally have a lot of power,” Schneck said. “The federal government has to be sensitive to this authority.”

The threat of our adversaries, whether it’s Russia, China, North Korea or Iran, is alive and well. “They are executing with an agility we have yet to enjoy,” Schneck said.

He added, “We can mitigate future attacks through data collection. If we don’t have enough data, then the cyber adversary wins because we lack the situational awareness.

“We can combat cyber attacks by arming our networks, by understanding that when a threat or computer instruction comes in, we know not to run it. It’s as simple as that.”

October is National Cyber Security Awareness Month

We live in a digital era and are more connected than ever before. The increased reliance on the use of Internet in our daily lives comes with increased cybersecurity risks. Today, no one is immune to the cyber risks. As a nation, we face rapidly evolving cyber threats against our cyberspace, a critical domain of our national security. As individuals, our finances, identity, and privacy can be threatened by online theft, fraud and abuse.

Recognizing the importance of cybersecurity to our nation, President Obama designated October as National Cyber Security Awareness Month. The purpose of National Cyber Security Awareness Month is to enhance cybsercurity awareness among organizations and individuals of all ages and segments of the community.

UMUC has joined with the Department of Homeland Security in the promotion of Stop.Think.Connect, a national public awareness effort aimed at enhancing cybersecurtiy awareness and empowering Americans to be safer and more secure online. As part of the Stop.Think.Connect Campaign, UMUC offers a variety of cybersecurity awareness and educational activities during the month of October to its community – students, alumni, faculty, staff and beyond. We encourage you to actively participate in these activities as cybersecurity is a shared responsibility and we each have a role to play in promoting and protecting the cyberspace.

Thank you for all your efforts in promoting cybersecurity awareness during October and beyond. Together we can meet the cybersecurity challenges of today and tomorrow.

Dr. Amjad Ali serves as associate vice president and cybersecurity advisor to the president of University of Maryland University College (UMUC). In addition, he is professor of cybersecurity at the Graduate School. He made significant contributions to the development and launch of UMUC’s cybersecurity programs and initiatives, and has served as director of the UMUC’s Center for Security Studies of the Cybersecurity. Before joining UMUC, Amjad worked as manager of Continuing Education at the American Council of Engineering Companies in Washington, DC.  He has also served as the Dean of Keller Graduate School of Management-New York Region. Amjad has presented at major conferences and seminars on cutting-edge topics in cybersecurity, and he has a strong portfolio of scholarly publications. He holds a doctorate in Engineering Management from the George Washington University. He is UMUC’s staff to the Maryland Cybersecurity Council and serves on the advisory board of the Center for Strategic Cyberspace & Security Science and AFCEA International Cyber Committee.


Cyber Catch Up

Here’s a recap of what you missed last week in cyber.

The charge that Beijing was behind the theft of the personal data of more than 20 million federal workers could become a primary topic for an important visit from China’s President Xi with hacking to shadow the China summit. At the start of President Xi’s visit, he sought to reassure American companies that his government was committed to protecting the interests of foreign companies and fighting cybercrime. But was it all double talk? Speaking of stolen personal data, it is reported that OPM underestimated the number of fingerprints stolen by approximately 4 million. The government now estimates this number to be 5.6 million.

Big news this week was Apple’s confirmation of the the discovery of malicious code in some App Store products. The Washington Post reported that the Obama administration has been exploring ways to bypass smartphone encryption to allow access to law enforcement. Also this week, a campaign was launched by a group of privacy advocates including former NSA whistleblower Edward Snowden for a new global treaty against government mass surveillance. Business advisory firm Grant Thornton International, released a report that indicates that global cybercrime has cost $315 billion over the past 12 months.

In policy news, cyber crime laws are showing their age and some are badly outdated, including the Computer Fraud and Abuse Act (CFAA) of 1986. Senator Ron Wyden of Oregon announced this week that the Section 603 provision on terrorist activity was removed from the 2016 Intelligence Authorization Act. Finally, a federal judge ruled this week that forcing suspects to give up their cell phone passwords is a violation of the constitutional right against self-incrimination.

Screen Shot 2015-09-30 at 12.36.23 PMRebecca Foss is the Director of Social Media at the University of Maryland University College (UMUC). In her current role, she is working with stakeholders across the university to develop the overall strategic approach in using social media platforms and tools globally for UMUC. She has over 15 years of marketing and communications experience and has been involved with championing social media initiatives since the early stages of the medium’s existence in 2007. Rebecca specializes in content management, creation, and curation and serves as co-editor of the Cyber Connections blog.