The Community College Cybersecurity Summit (3CS) Recap

Posted on by Excelsior Staff

The Community College Cybersecurity Summit (or 3CS) was held in Pittsburg in July. This conference, while targeted at community colleges offered several sessions that would appeal to university faculty, cybersecurity practitioners, and government. What differentiates this conference from most other cybersecurity conferences is the wealth of hands-on, innovative, and collaborative sessions. This is the place to be if you are an educator looking to introduce cybersecurity concepts into a course, build an entire curriculum around security, or revitalize material. Not an academic? That’s fine, too. By offering the sessions in such a collaborative way professionals may hone skills and learn new approaches and identify how business, academia, and government can support each other and cybersecurity for our country.

Prominent at this conference were several National Science Foundation (NSF) funded projects to help insert secure coding and other cybersecurity fundamentals into new and existing courses and information on how to improve our country’s cybersecurity academic offerings through the National Security Agency/Department of Homeland Security (NSA/DHS) Centers of Academic Excellence (CAE) programs. These programs showcased some of what was available through generous grants intended to disseminate information and empower educators to improve curriculum. The collaborative environment ensured that any attendee who needed assistance or wished to further the ideas presented would have a venue and contacts to accomplish that goal. The overall feeling was of a shared mission, understanding of the similar issues so many faced, and of empowerment.

The National Cyber Summit Recap

Posted on by Excelsior Staff

The National Cyber Summit (NCS) June 7-9, 2016 in Huntsville, Alabama was one of the best cybersecurity conferences I have attended. The conference included many sessions ranging from paper presentations, new technology overviews, and hands-on workshop sessions. The keynote speakers were knowledgeable, funny, and engaging, and included Lt. Gen. Edward Cardon, Commander US Army Cyber Command and Second Army, the Honorable Mike Rogers, former US House of Representatives from Michigan, and the closing keynote speaker was John Matherley, Founder and CEO of Shodan. Thought provoking ideas offered by the presented included questioning how the 2nd Amendment may or may not apply to cybersecurity and the actions of the US in retaliation against cybersecurity threats and exploits.

The sessions ranged from innovative new product ideas offered in proof-of-concept type sessions that were as vendor neutral as a company can get while still sharing new innovation to topic-specific ways to secure systems, networks, and industries. The applications ranged from kiosk solutions to small networks to world-wide-WANS and cloud services and all sizes in between. Several calls to action included the need for innovative solutions to cybersecurity problems, additional education, training, and certification to empower and equip cybersecurity professionals and those new to the field to meet, mitigate, and hopefully eliminate the threats. The problem with this conference was determining which of the concurrent sessions to attend during each period. The dates for next year have already been shared (June 6-8, 2017) and I plan to go next year!

R.I.S.E Webinar: Web Security

Posted on by Excelsior Staff

When we think of the impact of the Internet on our daily lives, we can’t help but be astonished at the breadth and depth of the effect it has on all aspects of our world. For the vast majority of us, the Web is our means of accessing Internet resources. The Web employs an innovative and unique method of incorporating text, graphics, audio, video, and links to other sites to allow us to transcend geographical and other barriers as we use it to communicate, search, share, and buy. During the webinar, attendees will learn about basic concepts of security while using the Internet. This webinar is the eighth in a series of eight webinars discussing the fundamentals of cybersecurity (Cybersecurity 101).

Presenter: Dr. Kevin Newmeyer, NCI Fellow

Currently the Chief of Staff for the DoD High Performance Computing Modernization Project, Dr. Newmeyer has successfully held a variety of positions in the military, academia, international civil service, and the private sector. His research focuses on international policy issues in cybersecurity.

Along with his Ph.D. in Public Policy from Walden University, Dr. Newmeyer’s educational career is highlighted by his selection as an Olmsted Scholar which enabled him to earn his MA in International Relations from the Instituto Universitario Ortega y Gasset in Madrid, Spain. He holds additional degrees from Escuela Diplomática of Spain (Diplomado de Estudios Internacionales), George Mason University (MBA), and the US Naval Academy (BS)

About R.I.S.E. Webinar Series

Through its partner relationship with the DC Deputy Mayor for Planning and Economic Development and St. Elizabeth’s East, Excelsior College and its National Cybersecurity Institute propose a series of free webinars to be offered at R.I.S.E. to the general public and government employees. The programs will be offered monthly and include live streaming Q and A with industry experts and NCI fellows.

What Is Your Business Cybersecurity Score?

Posted on by Excelsior Staff

What Moody’s and Standard & Poor’s are to credit ratings of companies, companies such as  FICO and Bitsight are becoming to cyber risk ratings for companies. Businesses have relied on credit ratings to determine investment risk levels and now companies are relying on rating companies to have a standard bench mark of cyber risk.  This growth industry of raters includes a number of providers and their customers use their services in a variety of ways.

Uses of Cybersecurity Scores

Insurance companies often use cybersecurity scores to help assign risk level for cyber insurance. Potential impact: Cost for cyber insurance will likely be higher for small businesses with gaps in their cybersecurity than for companies that have strong measures in place.

Businesses use scores to rate their third party providers during selection process. Potential impact: Suppliers may lose bids not on cost or service commitments, but rather on weak cybersecurity.

Businesses use scores to monitor their third party providers’ security risk level and potential impact to them. Potential impact: Large businesses may demand stronger cybersecurity measures from its suppliers and terminate agreements with low scored providers.

Businesses use scores to monitor their competitors’ cybersecurity level. Potential impact: Businesses may find ways to leverage a competitive advantage of their strong cybersecurity v their competitors’ weaker measures.

Companies use their own score to communicate their risk level to the board of directors. Potential impact: This may provide support for cybersecurity management to get the support they need due to increased board awareness.

The Data

Data comprising the cybersecurity score is gathered from a variety of publicly accessible information sources, including:

  • Hackers’ forums and data available on the Dark Web
  • Use of multi-factor authentication by a company
  • Known vulnerabilities to a company’s network
  • Open ports to a company’s network
  • Patching practices

The risk raters also analyzing data that may flow into or out of a network to determine volume of malware, spam, or viruses that may be associated with a company’s network. The raters couple the data collected and analyzed with their proprietary predictive modeling. In some services, the data is monitoring continuously and a rating may quickly change to reflect any fluctuations. For example, if stolen data suddenly appears for sale on the Dark Web, the rating of the impacted company may be quickly decreased.

What You Can Do

If your business uses third party providers, you should think about investigating the services of scoring companies. If you are a supplier to a large company, you should consider talking to your client about how they are using cybersecurity scores for their vendors such as you. Cybersecurity is no longer a private matter within your own company. Future business deals and contracts may be won or lost on cyber security effectiveness, not just price or service levels.

Lessons Learned from the Automotive Industry’s Approach to Cybersecurity

Posted on by Excelsior Staff
Cybersecurity needs to be part of the supply chain.

The automotive industry’s cyber threat information sharing organization, Auto-ISAC, recently announced its best practices for cybersecurity measures for automobiles. The best practices are intended for all manufacturers and suppliers in the automotive industry, regardless of size. The organization states they built in flexibility for implementation by a range of companies.

Auto-ISAC is a member of the National Council of Information Sharing and Analysis Centers (ISACs). ISACs were created for various critical infrastructure industries after a presidential directive in 1998. The directive asked key critical infrastructure sectors to establish organizations that would share information about threats and vulnerabilities within their specific industry. Auto-ISAC is owned and operated by automotive manufacturers and suppliers.

The Auto-ISAC’s best practices are categorized by functions:

  • Governance
  • Risk assessment and management
  • Security by design
  • Threat detection and protection
  • Incident response
  • Awareness and training
  • Collaboration and engagement with appropriate third parties

One lesson learned from the risk assessment and management category is the acknowledgement that cybersecurity needs to be part of the supply chain. The best practices recommend including the supply chain in risk assessments as well as developing a process to confirm compliance by critical suppliers to verify security requirements, guidelines, and training. A manufacturer can’t ensure final security without including all key suppliers.

Another lesson that can be learned from the automotive industry is its recognition that cybersecurity in the industry is about safety, not a competitive advantage. The best practices call out specifically the need for sharing of information with third parties such as Auto-ISAC, peers, researchers and government agencies. Collaboration is important among stakeholders to defend against cyber-attacks.

Billington Cybersecurity, a media company that produces a variety of events on cybersecurity, hosted a conference last week for the automotive industry. The Cyber Wire covered the conference in detail and noted that the large manufacturers are taking collaboration and sharing seriously.

The conference was attended by the Department of Transportation, auto manufacturers and suppliers. Participants seem to be highly interested in how other critical industries such as aerospace and defense are handling cybersecurity. A further lesson learned for small businesses is that increasingly, industries realize cyber-attacks need to be discussed among industry players and best practices shared.

Small businesses have an opportunity in many of their industries to be part of cybersecurity conversations and industry cybersecurity initiatives. Small businesses have as much to lose in cyber-attacks as do large businesses. Small business voices should be expressed to ensure their needs are represented.

Video: Strengthening Communities by Bridging Health and Economic Development

Posted on by Mike Lesczinski

As part of the Nyquist Leadership Series, Excelsior College brought together experts from across the country for a panel discussion exploring the reciprocal relationship between health and economic development – the investment of resources into neighborhoods, buildings, and businesses – and the collective positive impact on communities. The event took place on June 7, 2016.

Panelists included Kathy M. Sheehan, City of Albany Mayor; Tray Hairston, Attorney, Butler Snow LLP; former gubernatorial counsel and policy advisor; Karen Lee, MD, MHSc, healthy built environment and health policy advisor and consultant; and, Kaitlyn W. Meirs, program associate, Robert Wood Johnson Foundation.

Welcome to Week 3 of National Cybersecurity Awareness Month!

Posted on by Excelsior Staff

Welcome to Week 3 of National Cybersecurity Awareness Month. If you have been participating in the National Cybersecurity Institute’s NCSAM activities, you have probably learned a little more about cybersecurity and your role in making the world’s digital landscape a little safer. The focus of Week 3’s activities is phishing.

The National Cybersecurity Institute is using the events of this month to participate in the nationwide initiative to expand the public’s knowledge on cybersecurity and promote a unified information security movement. During Week 2 of NCSAM, the National Cybersecurity Institute would like to challenge you to an activity is called the Crypto Challenge.

In the article “Social engineering poses a serious cyberthreat to businesses,” the National Cybersecurity Institute reported that phishing occurs when a hacker presents him or herself as a genuine entity, often a school, company or financial institution, in order to gain access to secure data. Phishing is the most common type of social engineering attack, and NCI wants to help you recognize when a phishing attempt is being made.

Email messages that contain phrases like “You’re a winner” and “Friend in need of help. Click to find out more” are most likely phishing attempts. Hackers will present themselves as a trustworthy person or business to get you to engage in their call to action. This can be a link to a website, a download or a request to send money. Once a person does what the hacker wants them to, they are usually able to infiltrate a network and gather the data they want. Now that you have a little background knowledge on phishing, let’s take a look at how you can apply this new knowledge to the week’s NCSAM challenge.
Make your digital pond a “No phishing” zone by recognizing hack attempts before they happen.

For Week 3 of NCSAM, the activity is called “Spot the Phish.” NCI will post several “email messages,” and challengers must use logic and cybersecurity knowledge to figure out which one is the phishing attempt. Just like with the other weeks’ activities, every day there will be a new challenge posted on NCI’s website along with the solution to the previous day’s challenge.

Later in the week, NCI will post an article that will delve deeper into Zero-Attacks, one of the topics the institute will be focusing on for this week’s podcasts. Be sure to check back for that study and the other podcasts.

To learn more about cybersecurity and National Cybersecurity Awareness Month, visit the National Cybersecurity Institute’s website. Here you will find a blog that is contributed to by experts in the field and read the latest cybersecurity news. Additionally, you explore degree programs such as Excelsior College’s Online BS in Cybersecurity and Online MS in Cybersecurity degree programs and courses that can help you start your career in cybersecurity.

Encryption: The Backbone of Cybersecurity Strategies

Posted on by Excelsior Staff

In congruity with the Department of Homeland Security’s nationwide initiative to promote a unified cybersecurity effort, the National Cybersecurity Institute is hosting daily podcasts that discuss information security topics. For Week 2 of National Cybersecurity Awareness Month, NCI would like to focus on the podcast entitled “Encryption.” This topic is one of the most important when it comes to combating cyberthreats and being prepared against modern cyberattacks.

What is encryption?

To keep things simple, James Antonakos of the National Cybersecurity Institute explains encryption as the process of taking data that is readable and making it unreadable to humans. Encryption is made possible by using algorithms to create complex codes out of simple data, effectively making it more difficult for cyberthieves to gain access to the information. According to Florida Tech University, encryption is the most widely used form of data security because its ciphertext and coding make it more difficult to crack than basic password protected information. To really understand encryption, however, one must take a closer look at the various types.

Symmetric vs. Asymmetric

Symmetric

This type of encryption is also frequently called “secret key encryption.” Computers use the same algorithm, or key sequence, to decode the encryption as they would have to initially encrypt the information. This is an advantage in terms of key management because there is only one code to memorize. However, because there is only one line of defense, businesses must be careful in choosing who gets access to the key.

Asymmetric

Sometimes called “public key encryption,” this method means that the cyberdefense has been built with more than one key. Typically, it is one key to encrypt the information and a separate one to decrypt the data. While managers using asymmetric encryption do not have to spend as much time worrying about key distribution, or the number of people who have access to the keys, they must pay close attention to key management. Having multiple keys can create confusion, so it is important to keep the codes organized.

Why is it important?

While cybersecurity managers may dislike encryption because it requires constant maintenance, it is often your last line of defense from cyberattack, according to Tech Republic. Even if hackers break through firewalls, passwords and anti-spyware software, encryption is still in place to keep them from viewing the protected data. Because encryption algorithms are often difficult to break, this method of cybersecurity is often the most effective.

To learn more about encryption and other topics related to cybersecurity, visit the National Cybersecurity Institute’s website today.You can also find out about degree programs such as Excelsior College’s Online Bachelor of Science in Cybersecurity and Online Master of Science in Cybersecurity ..

Student Success Story: Scott Plymesser

Posted on by Excelsior Staff

Scott Plymesser

“Be whatever your goal is. Keep that light at the end of the tunnel.” – Scott Plymesser

I come across a lot of students who inspire me. Scott Plymesser is no exception. As a first generation student, Scott dove right into the online learning experience after 40 years away from school. Scott is going for his Bachelor of Science in Business with a concentration in Operations Management. One thing to know about Scott is that he is not getting his degree for the diploma to collect dust on his shelf. Receiving his degree goes much deeper. Read on to learn more about Scott, get inspired, and take a tip or two from him.

What experiences in your life have led you to the place where you are ready to finish your degree?

I served in the military for 24 years in the Infantry and Special Operations arena.  It is very hard to earn your degree while being deployed and trying to be the best possible solider and leader that you can be. My parents never earned their degrees because they were married at a young age and had kids, thus having to go to work to provide for the family. After my military career I lost all of my family to cancer including my younger sister and wife. So, being “alone”, I looked within myself and asked myself, what do I really want in life that would make me happy and my parents proud? I decided to earn my four year degree in business, not because I need it for a promotion or work, but for my own personal pride of accomplishment.  Also to show my son (only child, 36 years old) that even his father can get a degree without needing it for a specific purpose. As the old saying goes “Why did you get the degree?” – “Because I can!”, nothing more nothing less.

What will it mean to you to receive your degree?

It will mean self-satisfaction and pride. Knowing that if you put your mind to an end state it can be accomplished.  And knowing that I would have made my parents and family proud.  There is nothing in this world more precious than the pat on the back from friends and the people that love you. Nothing else matters.

What tips would you give other first generation students?

Everything can be accomplished, you just have to commit and be patient. Rome was not built in a day. Plan your time and commit to it. We are all busy in our day to day lives with family, work, problems, and life as it is today. Be whatever your goal is. Keep that light at the end of the tunnel.  If you have to put up a blanket to cover the light for an amount of time due to life stuff, that is OK.  The blanket can be removed whenever you are ready (like myself). Remember the most important thing is to take care of yourself. If you are stressed in life take a break and return when the proverbial batteries are charged.

What is your recipe for success?

Planning, dedication, getting ahead of the assignments. Use the resources that the school provides (big help). Plus, do not feel embarrassed to ask for help. Help is all around for everyone to succeed.

What keeps you motivated?

Like I stated before this is for me. To get the degree and that is it. Personal accomplishment. A lot of people talk about how a four year degree is nothing nowadays. The new norm is a Master’s degree and then the Master’s will be looked down on and a PhD will be the golden ring.  I do not think that we have come to that yet, but if you do look at it that way, it is the crawl, walk, run scenario. Looking toward my golden ring, which is a four year degree, that keeps me motivated.  Patience is a virtue.

Connectivity from Drones

Posted on by Excelsior Staff

Look…up in the sky…it’s a bird…it’s a plane….it’s…connectivity!

If you are like most people you have had the experience of losing your Internet connection when traveling to areas where there is a ‘dead zone’. It is frustrating to be sure. Imagine how frustrating it would be if you were living in entire areas of the world that were without coverage.

Enter Facebook and Google to the rescue in an effort to eliminate areas of non connectivity. Facebook just completed its initial testing of its massive (747 size) solar powered done that will, if things work out, beam Internet service all over the planet. Writing for CNN Money, Heather Kelly writes “The drones will be solar powered and use lasers to deliver internet connections receivers on the ground, up to 30 miles in any direction. The connections will be fast, with speeds up to tens of thousands of gigabytes per second”. Facebook envisions a huge fleet of such drones flying at extremely high altitudes beaming connectivity to everyone….and for free!

IoT-Graphic

Google has also put forth similar ideas with a fleet of high altitude balloons with the same mission. According to google.com….”Many of us think of the Internet as a global community. But two-thirds of the world’s population does not yet have Internet access. Project Loon is a network of balloons traveling on the edge of space, designed to connect people in rural and remote areas, help fill coverage gaps, and bring people back online after disasters”.

The idea of free Internet with no dead zones around the planet is something we can all enjoy, here in the US or in the many undeveloped sectors of the world.

Sources

Kelly, H. (2016) Facebook’s giant internet drone nails test flight. Retrieved from the Internet at http://money.cnn.com/2016/07/21/technology/facebook-aquila-drone-successful-flight/index.html?iid=ob_homepage_tech_pool

http://www.google.com/loon/