Tag Archives: cybersecurity

The holiday season is approaching and like millions of Americans, I will be using my credit card to purchase items that I don’t need. In doing so, I run the risk of having my information stolen.

Cyber-attacks are on the rise; just this year Macy’s, Saks Fifth Avenue, and Panera Bread (just to name a few), were hacked. According to a Shape Security report, 90 percent of these hacks began with malicious login attempts. 1

So, whose responsibility is it to safeguard our data and protect our cyber infrastructure? The answer is unclear, and unfortunately that means the answer is “no one.” A lack of communication and general distrust between the private and public sectors makes the problem even worse.

The true answer is that we need a hybrid framework to safeguard data and protect infrastructure. We need a partnership that incorporates both the government and the private sector to mitigate attacks, but also designates responsibility.

The current division of responsibility for cybersecurity between the government and the private sector is unclear, especially in open liberal democracies like ours. The DHS is authorized to protect private critical networks but lacks both the capabilities and the expertise.

The DoD and the NSA have both the ability and talent to defend our networks but do not have the required authority. They also lack the trust of the American people regarding cyber, particularly after the Snowden leaks.

Furthermore, the Internet is too big to be protected by any single agency.

On the other hand, a few companies have the expertise, e.g., Google. But much of the private sector consists of retailers with hardly any cyber experts. Additionally, they also lack the infrastructure or financial support to protect all networks. Moreover, companies have strong incentives not to disclose any cyber incidents publicly.

For one, they do not want to lose their customers’ trust nor be liable for negligence and mishandling private data.

A hybrid partnership framework for cybersecurity can benefit both parties. The government can recommend best practices and alert the private sector of cyber weaknesses and imminent attacks. The private sector can voluntarily adhere to recommendations and best practices.

This approach will make their networks safer and resilient to attacks. Additionally, the government can subsidize this program by setting aside some of the DoD’s budget. Incentives could take the form of a limitation on liability, tax breaks and grants for participating in the program.

This move will encourage database owners to discover and immediately report any cyber incidents.

One aspect of this framework should be an agreement between the NSA and private sector on the NSA’s collection of zero-day exploits. The NSA should opt to turn over less-useful zero-day exploits to companies who could patch them.

Currently, the NSA quietly collects and amasses large amounts of these exploits, and this has soured its relationship with the companies whose systems are vulnerable to them.

Lastly, the government alone cannot secure private networks. A government-imposed cybersecurity mandate will stifle innovation in a rapidly changing cyber environment. The public sector is notorious for falling behind the technological curve. Most importantly, a government-run Internet risks the danger of censorship and limits on freedom of expression.

The inspiration for this hybrid framework comes from The Federal Reserve system, a highly successful public-private partnership. We now need such a partnership for the Internet. Each benefits from the expertise of the other; each serves as a check and balance on the other.

This public-private partnership will provide a safety net, allowing innovation and free market flow without eroding our civil liberties. The US government created the Internet. But it was the private sector that built the infrastructure that brought it to our homes.

The responsibility to secure private networks shouldn’t solely fall on one or the other.

Public and private sectors must work together to protect our cyber infrastructure. Their partnership will keep us safe and secure our data. Their partnership will respect our cherished democratic ideals and values.

*

1 Shape Security, “2018 Credential Spill Report,” Second Annual Edition. Retrieved from; https://info.shapesecurity.com/rs/935-ZAM-778/images/Shape_Credential_Spill_Report_2018.pdf

**

Author: Gabriela López Case, graduate student at George Washington University, Elliott School of International Affairs. 

Workforce Solutions Borderplex is announcing the final opportunity for Borderplex residents to take part in the award-winning Cybersecurity Technology Certification Training program, launching January 2019.

The program will be free for selected participants.

This final campaign of the Workforce Solutions’ Cybersecurity training program will offer a suite of (5) IT security certificates that build an individual’s capacity to work in the cybersecurity field.

There will be (3) 12-week training cohorts that will provide candidates with the necessary skills required to pass the five, IT-recognized, highly-coveted cybersecurity certifications in IT fundamentals, A+, Network+, Security+, and CSA+.  This innovative training program is targeted to adults, students, veterans, transitioning soldiers, and military spouses, as well as currently unemployed and underemployed professionals.

The program will run Monday through Friday, from 8am – 5pm each day.  Candidates who currently do not have a full-time work commitment are encouraged to apply for the program.

The Cybersecurity Technology Certification Training program requires a full-time commitment from candidates in order for them to successfully complete the training and be ready to pass the 5 certification tests.

This is an intense IT training that will require candidates to:

• Possess an aptitude for IT, with the ability to pass an IT Fundamentals assessment with an 80% passage rate
• Candidates will need to prove their right to work in the U.S. by providing eligible documents
• Candidates will need to commit to near perfect attendance while undergoing the program
• Candidates will not be able to be currently employed in a typical Monday-Friday, 8-5 job during the training program, due to the program’s strict attendance requirement and rigorous course of study

Potential candidates must pass the IT Fundamentals exam with a score of 80% or higher. From there, candidates will undergo an interview process, must pass a WIOA (Workforce Innovation and Opportunity Act) eligibility screening, and agree to seek a job in the IT field upon program completion.

Candidates interested in taking part in one of the 3 cohorts of the cybersecurity training program must log onto the Workforce Solutions Borderplex website to sign up to take an IT Fundamentals course in December..

No one wants to hear about another hack. As our society becomes more and more reliant on constantly emerging technologies from smart phones to smart cities, we have not been able to keep our digital information secure while harnessing these innovations.

Cybersecurity is no longer only about protecting your social security or bank numbers – it’s about keeping our electricity on and our economy functioning. Nearly every aspect of our lives nowadays depends on technology, which means they are also all vulnerable to hacks.

I came to Congress to find solutions and fix problems, which is why I’m excited to team up with private sector leaders to develop real solutions as a tri-chair of the Aspen Cyber Strategy Group. This group brings together experts and thought leaders across industry sectors to keep up to date on the latest malicious cyber threats and trends.

It can be hard to fully grasp the severity of our current situation. However, the reality is that although the concept of a cyberattack can seem distant and elusive, cyberattacks are very real and impact all of us, our businesses and our economy.

For example, this past year alone, companies lost over $1.2 billion from malware attacks. This is money that could’ve gone into investments like hiring or new equipment purchases.  Due to hacks, in 2017 alone, personal information was compromised for 198 million voters, three billion Yahoo account users and 145 million civilians due to the infamous Equifax breach, among others.  These hacks will continue to occur until we find and implement concrete, tangible solutions.

That’s why I’ve agreed to lead the initiative and the government cannot do it alone. The new group will facilitate robust conversation between 35 CEOs, lawmakers and academics on how to best address today’s cybersecurity challenges.

For us to truly find a fix to our systemic cybersecurity challenges, the public and private sectors need to work together, and more importantly, the public needs to know that without action their safety and personal information may be at risk. By utilizing experts from the public and private sectors, we will be able to develop tangible, implementable cybersecurity recommendations.

Emerging technology is an exciting thing. It allows us to travel faster, live longer, and communicate more efficiently. At the same time, innovation creates new threats, and we must do a better job protecting ourselves and our systems. This year I’m looking forward to working with policy makers, business owners and cyber experts to turn our security recommendations into action.

***

A former undercover CIA officer, entrepreneur and cybersecurity expert, Will Hurd is the U.S. Representative for the 23rd Congressional District of Texas. In Washington, he serves on the House Permanent Select Committee on Intelligence, as Vice Chair of the Maritime and Border Security Subcommittee on the Committee for Homeland Security, and as the Chairman of the Information Technology Subcommittee on the Oversight and Government Reform Committee.

“It’s exciting and it’s dangerous.” That’s how Ernesto Arreola describes our current state of connectivity in the world. The Information Security Assurance Manager for the City of El Paso was one of 23 attendees at the first community cybersecurity workshop at UTEP.

The interactive session took place inside the newly established Center for Cyber Analysis and Assessment.

“I think that not only providing the training, but allowing people to do it themselves and not just talk about it, gives them the opportunity to learn more and ask questions,” Arreola said. “Bringing everybody together that’s involved in security across the city promotes networking.”

The community component is a critical part of the new partnership between UTEP and the Army. The University has been designated as a satellite campus to the Army Research Lab South (ARL-South) initiative. The collaboration allows for the exchange of personnel between ARL and UTEP, opens more ARL internship opportunities for UTEP students, and allows ARL members to mentor students through class offerings and practicum experiences.

Through in-kind contributions of equipment, construction costs, furniture, mentorship and manpower, ARL and UTEP established the cybersecurity center and laboratory at UTEP. The main function of the center is to conduct research and design and deliver cybersecurity-related workshops for the El Paso area community.

The inaugural session was a success.

“We are trying to apply any type of security processes available to our network, so it is important for users to see a presentation and see how other companies are doing it,” said Benito Jimenez, workshop attendee and network integration manager with the City of El Paso.

ARL and UTEP staff have been working together for more than two years on informal collaborations that proved beneficial. Army staff say they needed to take advantage of local talent and leverage experts and resources. The seed money they received allowed them to establish the new center in Prospect Hall equipped with server machines, laptops and three labs now under development.

“We leverage the resources that UTEP has to not only improve the capabilities of the Army Research Lab, but also help students focus on real-world problems and train them so they’re ready for the workforce,” said Jaime Acosta, Ph.D., director of the Center for Cyber Analysis and Assessment.

UTEP computer science students already are seeing the benefits. This summer the first four students were hired for the center. Their objective is to research vulnerabilities in cybersecurity and develop workshops accordingly. Data collection from the workshops also will help with researching future solutions.

“The whole idea is these are vulnerabilities and systems that adversaries can expose,” explained Salamah Salamah, Ph.D., associate professor in the Department of Computer Science and director of the Master of Science in Software Engineering program. “By collecting and analyzing all this data, we are learning about how people expose such vulnerabilities, and hopefully it gives us insights into how to build secure software systems that are less vulnerable.”

Salamah said the UTEP/ARL collaboration also will have an impact on the industry because there is a high demand for cybersecurity experts, but diversity in the workforce is significantly lacking. The hope is that such efforts and collaborations will help produce a diverse cybersecurity workforce.

The the first community cybersecurity workshop at UTEP was held in late August.

Author:  Lauren Macias-Cervantes – UTEP Communications