Professional Documents
Culture Documents
United States
{CYBERSECURITY}
Magazine
Feature Article
Cyber Security
Forum Initiative
Defense in the Age of
Cyber-Warfare
Page 40
2015: It’s All about the Data Who’s Watching the Back Door? Diving into the Deep Web
BLACKOPS Partners e-End USA Emagine IT
Master of Science or Post-Master’s
Cybersecurity
PART-TIME MS IN CYBERSECURITY;
10 COURSES TO COMPLETE DEGREE
3.0 GPA
We currently are not accepting applications to the Cybersecurity program from online students who reside in AR or KS.
Residents in these states may apply to Johns Hopkins Engineering for Professionals programs
offered at any JHU campus location. For additional online education state authorization information, visit ep.jhu.edu/oesa.
“…train my hands for war
Technology Services, Inc and my fingers for battle.”
www.GovPurchase.com
Administration: Tiana Coley These cyber criminals do not sleep. Malware continues to spread across the net;
valuable intelligence and intellectual property is stolen; data breaches expose
App Development: Jason Johnson, thousands to fraud and theft. Picking up the pieces from these attacks is time-
PROJECTSEVEN
consuming and expensive. The only true solution is to continue our research and
To place a display advertisement, development into preventing and predicting these cyber crimes, and to continue
please contact: educating our children, our future cyber defenders, and our general public on how
Kimberly Horn at 410.755.1014 to protect themselves from bad actors.
Mary Engelbrecht at 443.850.9900
Charles Coleman at 313.333.4733 In this issue of our magazine, we hear from voices on the front lines of these efforts,
To subscribe, visit:
developing new methods to predict cyber events before they occur; protecting our
www.uscybersecurity.net/subscribe. cities and critical infrastructure; and training the new generation of cyber warriors
to continue the fight. But as many of our contributors stress, cybersecurity is
Download our app on the App Store
important for more than just corporations and government agencies: it’s necessary
or Google Play, or contact Karen Austin
at 443.453.4784
for everyone. Small businesses face just as much risk of cyber attacks as large ones,
and sometimes more. Everyone needs to know the threats they face and how to
To submit an article, please contact: stop them. Our nation’s cybersecurity is only as strong as its weakest links: when
Karen Austin at 443.453.4784 one of us is vulnerable, we are all vulnerable.
Amanda Fortner at
a.fortner@uscybersecurity.net
We must continue on our mission. We want 100,000 readers by the end of 2016.
American Publishing, LLC provides no warranty and Everyone should have a copy of the United States Cybersecurity Magazine, and
accepts no responsibility regarding the services/ everyone should download our app, available for both iOS and Android, to continue
products of the advertisers, either in print or online, receiving the most relevant information on cybersecurity from the top experts
in the United States Cybersecurity Magazine.
in the field. The fight for the cyber defense of our nation’s citizens, soldiers, and
The views and/or opinions expressed in the
advertisements and articles in the United States businesses does not stop, and neither will we.
Cybersecurity Magazine, either in print or online,
are not the views and/or opinions of American The cybersecurity industry deserves a voice of its own; hence, the
Publishing, LLC.
United States Cybersecurity Magazine.
American Publishing, LLC provides no warranty and
accepts no responsibility regarding such views and/ May God Bless America.
or opinions, other than its own.
50 How Connected is Too Connected? Cybersecurity for a 40 Defense in the Age of Cyber-Warfare:
Fully Networked World the Cyber Security Forum Initiative
Darin Anderson, Chairman & Founder
CyberTECH Amanda Fortner, Editor
The Internet of Things is a highly exciting and rapidly expanding field for both consumers and United States Cybersecurity Magazine
businesses, but that rapid growth can also invite disaster. Darin Anderson advises prioritizing
security in Internet-connected devices during their development stage, looking towards safety in
the present rather than attempting to fix issues in the future.
52 Looking to Make Your Leap: Protecting Yourself from Threats 68 Who’s Watching the Back Door?
and Breaches in the Cloud Arleen Chafitz, Owner & CEO & Steve Chafitz, President
Vaughan Emery, President & CEO e-End USA
CENTRI Technology
Businesses may have excellent front-end security, but without proper attention paid to data
While transitioning your organization’s data to the cloud may provide any number of benefits, on end-of-life devices, they may find themselves at risk of losing classified and valuable
it also carries the attendant risks of data breaches and security threats. Vaughan Emery explains information out their back door and into the hands of identity thieves, causing serious and
the importance of an end-to-end encryption solution in protecting your data while navigating costly data breaches.
this new technology.
72 Small Businesses, Big Threats: Cybersecurity in Small
Enterprise Environments
Cybersecurity Law Megan Clark, Help Desk Technician & Amanda Fortner, Editor
Bryn Mawr College United States Cybersecurity Magazine
54 The Problem of Attribution in Cyber Attacks: the Sony Example If you think your business is too small to be a target for bad actors, think again: small
businesses face just as much risk as large corporations, if not more. Megan Clark and Amanda
Ira E. Hoffman, Esq., Principal in Cybersecurity, Government Contracts Fortner present important considerations for cybersecurity professionals in small enterprise
and International Law environments to prepare, protect, and educate their communities.
Offit Kurman, P.A.
While the actions of the attacking forces are usually readily apparent in conventional warfare, 74 Keep It Secret, Keep It Safe: Nine Steps to Maintaining
attributing attacks to any particular party is far more complicated in cyber-warfare. Ira Hoffman Data Security
uses the recent attack on Sony Pictures Studios as a lens through which to view this
Alvita Fitgerald, Vice President of Administration &
complex issue.
Jessica Schneider, Strategic Commuications Specialist
57 A Shopper’s Guide to Cyber Liability Insurance Megadata Technology
Holly Winger, Esq. Maintaining knowledge of and control over your important data may sometimes seem like
Brenner, Saltzman & Wallman LLP an impossible task, but as Alvita Fitzgerald and Jessica Schneider explain, nine simple steps
can help you keep your cyber information well in hand and reduce your risk of catastrophic
While most businesses have some form of insurance protection, many have not updated cybersecurity breaches.
their insurance to protect themselves from claims and suits that may arise from data breaches
and other risks associated with operating an e-business. Holly Winger discusses important
considerations when evaluating whether you’re properly protected by cyber liability insurance.
Education
Cybersecurity & Your Business 76 Creating Your Ultimate Code-Cracker: the Design of Digital
Forensic Workstations
60 Getting Cybersecurity off the Back Burner and into John Samborski, CEO
the Boardroom Ace Computers
Rick Lipsey, Senior Strategic Cyber Lead In any craft, it’s important to have the right tools for the job, and the same is true of digital
LMI forensics. John Samborski discusses many of the considerations necessary to keep in mind
when designing a workstation that will perform the often highly intensive computing tasks
Recent high-profile security breaches have galvanized many employers into making required by many digital forensics operations.
cybersecurity a greater priority. Rick Lipsey offers suggestions for how to prioritize resources
and present recommendations to make the transition to greater organizational security as 78 Cyber Innovation Center: a Pioneer in Cyber-Education and
seamless as possible.
Workforce Development
64 A Blueprint for Cybersecurity Government Contracting: G.B. Cazes, Vice President
Phase One Cyber Innovation Center
Kim Harwell, National Procurement Manager The United States is facing a critical dearth of cybersecurity professionals in the near future, but
GovPurchase G.B. Cazes offers hope: the National Integrated Cyber Education Research Center has developed
a vertically integrated, multi-disciplinary, project-driven curriculum to advance the development
The world of IT government contracting can often be a fast-paced and confusing place, but and direction of teachers and students.
Kim Harwell sheds some light on the subject with a clear, defined series of steps to research,
development, and bidding success.
08
With all of the recent advancements in technology,
including the ability for anyone to know what is going on
secure it.
around the world with just a few keystrokes or finger swipes,
it is amazing that anything can be a mystery anymore.
When I was young, you had to rely on the newspaper,
nightly news programs on the TV or radio, or books and
consulting.
magazines. Encyclopedias were the old-school version of
the Internet, but you had to know what to look for. Now
Twitter, Facebook, Google, LinkedIn, and endless other
social media and Internet search tools allow you to get technology.
any information you need when you need it. You don’t
even have to know exactly what you are looking for to get
leadership.
more information on a topic than you could read through
in a year. Simply plug a few keywords into your favorite
Internet search engine and you will be on your way to a
subject matter expert in minutes.
United States Cybersecurity Magazine | www.uscybersecurity.net 09
the dangers of the deep web. The
deep web has been around for
years but it is still unknown to most
people. I conducted an informal
survey with consummate security
Most common sites visited
professionals and almost 4 out of
without concern
every 5 could not tell me what the
Sites for downloading pirated material deep web was or how to access it.
Remarkably, only 2% have actually
Large numbers of users sharing browsed the deep web.
downloads
TOR browser required to enter this level, which
The deep web is something new
grants access to directories and downloads
and exciting to many. Like a child
Onion Chan forums, portals, hackers for who doesn’t understand what a hot
hire, child pornographic material, sale of stove is until he or she touches it
stolen goods, objects, and drugs
and gets burned, your employees
may want to dive into the deep
TOR will only become more mainstream as time goes web until they or your organization get burned. It is only a
on and there is little to nothing that can be done, as the matter of time before diving into the deep web becomes
software to access the deep web is free. as common as surfing the web is today. I urge other CISOs,
CIOs, and executives to ask your staff and employees
Organizations have no control over what individuals do about the deep web. Make it an impromptu question so
in their personal time. Anyone choosing to explore the they cannot go research and give you what appears to be
depths of the deep web, regardless of the reason, is a an educated answer. Ask your security personnel to explain
target for malicious attacks. In order to maintain anonymity the deep web to you and be ready for a lot of blank stares.
(the main purpose of the deep web), there are TOR Then ask yourself how vulnerable your organization and
browser configurations that disable certain content from your data really is.
being viewed within the browser. Much of the content is
downloadable, and smart hackers and evildoers will lure
Sources
in their prey with irresistible content that won’t load in
the web page but is conveniently available to download 1 <https://www.torproject.org/>
301.287.8254 | www.CambridgeUS.com
2288 Blue Water Boulevard | Odenton, MD 21113
United States
{CYBERSECURITY}
Magazine
Subscribe today!
www.uscybersecurity.net/subscribe
C y b e r
Virtual Desktop
EndPoint Security Download the app today!
Available on Apple iOS and Android.
Search:
convergencetech.us | 301-860-1960 "United States Cybersecurity Magazine"
What's
01011100 00100110 00100011 00110000 00110011 00111001 00111011 01110011 00100000 01001111 01
01100100 00100000 01101001 01110011 00100000 01001110 01100101 01110111 00100000 01000001 01
OLD
01100001 01101001 01101110 01010111 01101000 01100001 01110100 01011100 00100110 00100011 00
00110011 00111001 00111011 01110011 00100000 01001111 01101100 01100100 00100000 01101001 01
00100000 01001110 01100101 01110111 00100000 01000001 01100111 01100001 01101001 01101110 01
01101000 01100001 01110100 01011100 00100110 00100011 00110000 00110011 00111001 00111011 01
00100000 01001111 01101100 01100100 00100000 01101001 01110011 00100000 01001110 01100101 01
is
00100000 01000001 01100111 01100001 01101001 01101110 01010111 01101000 01100001 01110100 01
00100110 00100011 00110000 00110011 00111001 00111011 01110011 00100000 01001111 01101100 01
NEW
00100000 01101001 01110011 00100000 01001110 01100101 01110111 00100000 01000001 01100111 01
01101001 01101110 01011100 00100110 00100011 00110000 00110011 00111001 00111011 01110011 00
01001111 01101100 01100100 00100000 01101001 01110011 00100000 01001110 01100101 01110111 00
01000001 01100111 01100001 01101001 01101110 01101001 01101110 01011100 00100110 00100011 00
Again
00110011 00111001 00111011 01110011 00100000 01001111 01101100 01100100 00100000 01101001 01
00110011 00111001 00111011 01110011 00100000 01001111 01101100 01100100 00100000 01101001 01
00110011 00111001 00111011 01110011 00100000 01001111 01101100 01100100 00100000 01101001 01
00110011 00111001 00111011 01110011 00100000 01001111 01101100 01100100 00100000 01101001 01
As 2015 starts, there is no shortage of senior positions in operations, of the exercise still remain classified,
of articles, posts, and interviews analysis, strategic planning, research but the team was able to inflict
projecting the year ahead for and development, and finance considerable simulated damage. Even
cybersecurity trends, attack scenarios, during his time at the NSA, and served today, 17 years later, it seems that the
and countermeasures. I have as Deputy Director of Operations adage of “what’s old is new again”
reviewed numerous materials (from from 1991 to 1994, and Deputy applies. Systems still remain insecure
McAfee Labs, Trend Micro, FireEye, Director of the Agency from 1994 across the board – public and private.
Websense Security Labs, Symantec, to 1997. After retiring from the NSA Crowell says that “Eligible Receiver
etc.) highlighting similar themes he served as President and CEO proved an important point that is still
around critical infrastructure, mobile of Cylink Corporation, a leading relevant today in our efforts to secure
device attacks, and the evolution of provider of e-business security networks. The Internet Protocol was
hacking in general. One article cannot solutions, from 1998 to 2003.1 Bill designed to facilitate connections
cover all possible scenarios for the Crowell is an excellent resource for across the network and was not
year ahead, so I asked someone with all things cybersecurity – past, present designed to facilitate security. We
experience across both the public and and future. will live with this ‘ease of connecting’
private sectors at the highest levels as an anathema to security for a long
for his input. Mr. Crowell organized and deployed time to come.”2
Operation Eligible Receiver in 1997
Bill Crowell has led the NSA and been a while at the NSA. This US government Many 2015 threat reports highlighted
CEO in commercial industry. He sits on exercise used the NSA as a hacking the emergence of mobile devices and
multiple boards and has been heavily group in a simulated attack on the US sensors in driving the IoT (Internet of
engaged in the cyber market since its government to show how insecure Things) model. The IoT will integrate
inception. He is currently a partner in our critical systems were. The NSA 26 billion connected devices by 2020
the venture capital firm Alsop Louie team used techniques and software (Gartner’s estimates)3, while HP also
Partners, as well as an independent freely available on the internet at the recently published a report stating
consultant specializing in information time and did not allow the use of any that over 70% of current connected
technology, security, and intelligence special techniques or prior information devices contain major vulnerabilities.4
systems. Crowell held a number from the government. Many aspects While initially the consumer side may
United States Cybersecurity Magazine | www.uscybersecurity.net 13
001110 01100101 01110111 00100000 01000001 01100111 01100001 01101001 01101110 01010111
110011 00100000 01001111 01101100 01100100 00100000 01101001 01110011 00100000 01001110
100001 01110100 01011100 00100110 00100011 00110000 00110011 00111001 00111011 01110011
"The
110111 sophistication
00100000 01000001 01100111of attack
01100001 tools01101110
01101001 has advanced to 01100001
01010111 01101000
001111the point
01101100 where
01100100 defenders
00100000 must not
01101001 01110011 only
00100000 find new
01001110 01100101 01110111
011100 00100110 00100011 00110000 00110011 00111001 00111011 01110011 00100000 01001111
000001ways to01100001
01100111 defend themselves,
01101001 but must
01101110 01011100 also
00100110 share
00100011 00110000 00110011
100000their knowledge
01001110 of the
01100101 01110111 threats
00100000 with
01000001 others
01100111 in a01101001 01101110
01100001
100000 01001111 01101100 01100100 00100000 01101001 01110011 00110011 00111001 00111011 011
coordinated way to reduce the uncertainties
100000 01101001 01110011 00100000 01001110 01100101 01110111 00100000 01000001 01100111 0110
111011of evolving
01110011 computer
00100000 and01100100
01001111 01101100 network attacks."
00100000 01101001 0111001100110011 001
101100 01100100 00100000 01101001 01110011 00100000 01001110 01100101 01110111 00100000
110000 00110011 0011100101
110011 00111001 00111011 01110011 00100000 01001111 01101100 01100100 00100000 01101001 11
not see the impact of cyber-attacks, order to hide their own attack vectors rapidly to stay ahead of the millions
the thousands of new devices being in the noise.”5 of attackers that currently cruise the
deployed in hospitals and healthcare network with impunity.”6
facilities are at much greater risk. The As these major attacks continue
same is true for the financial sector, as in 2015 we will see more lawsuits Considering 2015 in terms of
smartphone technology has brought against corporations and their boards cybersecurity and its impact on
innovation to the user experience but and, consequently, additional money risk management in general, a few
greatly broadened the attack surface. will be spent to protect systems, fundamental shifts continue to present
Hacking groups understand both the personal information, and corporate themselves. First and foremost, the
topology of enterprise networks and brand reputations. Businesses large adversary is getting more sophisticated,
unique user behaviors and interests, and small must now manage physical dangerous, and global. The hacking
thanks to social media. The skills of and digital risk across their entire community is evolving at every level,
advanced hackers seem to be mirroring organization and their extended from hacktivists to organized criminals,
the tools and tactics of intelligence supply chain. If 2014 was considered and using creative ways to distribute
professionals. Bill Crowell sees it this the year of the breach, 2015 may malware and make the average hacker
way: “The three major attack vectors have new surprises in store, if the more problematic. The cyber threat is
that have emerged since 2006 have recent Sony hack is any example. It growing, and active defense against
been distributed denial of service will take a coordinated global effort the three major attack vectors Bill
(DDOS) attacks, social engineering to truly combat these sophisticated Crowell cited above is an important first
(phishing, etc.) and zero day attacks. cyber-attacks. Bill Crowell concurs: step. The public and private sectors
All three seem to have come out of the “The sophistication of attack tools must also improve in the sharing of real
criminal, hacktivist and nation state has advanced to the point where time data about attacks and attackers.
skill pool and have spread throughout defenders must not only find new Corporations and individuals must
those three communities like wildfire. ways to defend themselves, but must better understand how and why they
Many of these attack mechanisms also share their knowledge of the are being attacked in order to protect
are freely available for sale or in the threats with others in a coordinated their most valuable information assets.
case of DDOS, for rent. The attack way to reduce the uncertainties of The job of collecting security event
vectors are being enhanced by their evolving computer and network data isn’t complete until action is
creators with far greater speed than attacks. In addition, new tools that taken to stop an attack and prevent
the security tools needed to deal with can use threat information to reduce reoccurrences. Actionable intelligence
them. There is also reason to believe the threat surface, and ensure that on real time information feeds will
that nation states and skilled criminal known threats do not succeed in be key in 2015 and beyond, to truly
hackers deliberately make attack penetrating their perimeters, and their understand when you are being
vectors available to script kiddies in applications will have to be deployed attacked and how to respond.
Sources
CORPORATION WWW.MILCORP.COM
Internet of Things
Doesn’t Have to Be a Security Nightmare
Chris Castaldo
Senior Cyber Security Analyst
Visionist Inc.
San Antonio may not be the first city you think of when concerns about the responsibilities of the various groups
you think cybersecurity, but it might be time to start. in a crisis situation and the existing legislation that might
The Alamo City has a long history of cybersecurity regulate and promote the city’s preparedness. Not just
innovation and development, being the birthplace of the concerned with cybersecurity on a macro scale, the city
first analog computer used for gas pipelines in 1955, the also focused on the micro with Cyber Storm, an exercise
first protocol for the Internet of Things, ARCNET, in 1975, designed to test the readiness of small and medium
and the first network intrusion detection system in 1998. enterprises.
San Antonio plays host to 81 cybersecurity companies In April, San Antonio will host the Cyber Texas National
across the spectrum of start-up, mid-market, and some of Cyber Security Conference for the federal event’s sixth
the largest defense industrial players in the United States. It year. This year’s event will feature Bob Butler, the former
holds 7,500 SCI-cleared personnel and the second-largest Deputy Assistant Secretary of Defense for Cyber Policy,
concentration of data centers in the country, as well as a convening a panel on Energy Critical Infrastructure
booming startup scene. It’s also an established national Protection (CIP). Butler speaks glowingly of San Antonio’s
research and development center, with organizations like past and present as a leader in the cybersecurity industry:
the Southwest Research Institute (SwRI), home to the US “San Antonio is the ideal location for a national forum on
Automotive Consortium for Embedded Security (ACES) cyber security and critical infrastructure protection. The
and the first Department of Homeland Security Cyber city is the #1 U.S. city for first responders – cyber, medical,
Security Research & Development Program. logistics, and hazardous materials; the #2 market in the
United States for data centers; and has one of the largest
San Antonio also took part in the 2003 DARK SCREEN cyber workforces – certified security systems professionals,
cybersecurity exercise, the first in America to evaluate or CISSPs, in America.”
a city’s ability to respond to a cyber-attack. Born of a
challenge made by Representative Ciro Rodriguez (D-TX) Butler is a Senior Advisor to the Chertoff Group, a fellow
to the city of San Antonio and its surrounding environs at the Center for New American Security (CNAS), and a
to test its cybersecurity preparedness, DARK SCREEN’s founding member of the Texas Cybersecurity, Education,
first phase kicked off in September 2002 with a tabletop and Economic Development Council (TCEEDC), one of the
scenario. The second phase involved a joint military/ catalysts for the Cyber Texas event. His history with San
civilian exercise designed to test the responses of multiple Antonio has led him to the opinion that its commitment to
branches of the military and municipality to respond to cybersecurity research and development has been of the
cyber terrorism. The exercise raised useful questions and utmost importance, and will only grow more so in the future:
1
SolarWinds and Market Connections: “SolarWinds Federal Cybersecurity Survey
In addition to enhancing training and communication Summary Report.” Slide 2. February 2015. <http://www.solarwinds.com/resources/
surveys/solarwinds-federal-cybersecurity-survey-summary-report-2015.aspx>
processes, federal IT pros should consider which
2 Ibid. – Slide 7
infrastructure management tools will provide them with 3 Ibid. – Slide 10
real-time visibility into network behavior. This visibility is key 4 Ibid.
to identifying and targeting internal breaches—malicious 5 Ibid. – Slide 17
6 Ibid. – Slide 8
or accidental—before critical information is shared or
7 Ibid. – Slide 11
destroyed. 8 Ibid. – Slide 13
www.siotforum.com
http://business.utsa.edu/it
@CyberHiveSD
Baltimore
October 28-29 | Baltimore Convention Center 1855 First Avenue, Suite 103
CyberMaryland 2015: Securing the Internet of Things San Diego, CA 92101
Destiny
is a way of life. For another, today’s victim may very well
be tomorrow’s customer. But perhaps the most important
driver behind this code of silence is an extraordinary aversion
to blaming the victim. Cyber defenders see themselves
as guardians, charged with protecting organizations and
individuals from actors whose motivations range from petty
mischief to pure evil. Shifting fault to the victim is seen as
an illustration of the defenders’ own shortcomings.
by Adam C. Firestone Chivalrous as this view may be, it hasn’t yielded much in
President and General Manager the way of operational success. Ever. The reality is that
Kaspersky Government Security Solutions, Inc. unless the defended are fully enfranchised and engaged
@ACFirestone in their own defense, the defenders, cyber or otherwise,
cannot be successful. This principle is as true in physical
space as it is in cyberspace.
United States Cybersecurity Magazine | www.uscybersecurity.net 27
It’s difficult to dispute that responsibility for basic
seek to leverage known The word victim implies a lack of control over one’s destiny,
and victims should not be blamed for an attacker’s actions.
vulnerabilities as often The word for failing to take basic prudence and caution into
account, however, is negligence. That’s a strong word, and
as they can. one that will, hopefully, inspire the necessary accountability
and action.
Sources
1 Mayer, Dan: “Ratio of Bugs Per Lines of Code.” November 11, 2012.
Cyber criminals and hackers are all about outsized return <http://www.mayerdan.com/ruby/2012/11/11/bugs-per-line-of-code-ratio/>
on investment. Given this, it’s no surprise that they seek to 2 Mimoso, Michael: “Two-Factor Snafu Opened Door to JP Morgan Breach.”
December 24, 2014. <http://threatpost.com/two-factor-snafu-opened-door-to-
leverage known vulnerabilities as often as they can. Why jpmorgan-breach/110119>
go to the time and trouble of finding a new zero-day when
3 Sjouwerman, Stu: “Ponemon: Phishing part of 50% of APT’s.” December 4, 2013.
you can simply surf the National Vulnerability Database < http://blog.knowbe4.com/bid/356934/Ponemon-Phishing-part-of-50-of-APT-s>
or the Common Vulnerabilities and Exposures database? 4 IBM Global Technology Services: “IBM Security Services 2014 Cyber Security
Attackers have a similar philosophy with respect to their Intelligence Index.” June 2014.
<http://media.scmagazine.com/documents/82/ibm_cyber_security_intelligenc_20450.pdf>
malware tooling. This is where endpoint security comes in.
A good endpoint security suite can identify and neutralize
more than 99% of known malware.
About the Author
However, endpoint security suites are only useful if they’re a) Adam Firestone is President and General Manager
of Kaspersky Government Security Solutions,
installed and b) updated with the latest malware signatures, Inc. He is responsible for providing world-class
behaviors, and definitions. Failure to keep an endpoint cybersecurity intelligence and systems engineering
security product current with respect to its comparator data services as well as innovative product solutions
to meet the needs of government, government
results in it being the software equivalent of a brick. As contractor, and national critical infrastructure
with patching and updating, the ultimate responsibility for organizations. Adam leverages more than 20
managing endpoint security falls to the owner. years of experience in the defense, intelligence, and government
contracting industries. In addition to his duties at KGSS, Adam is
also an adjunct professor at Georgetown University and teaches
Finally, there are the carbon-based units in the chairs in graduate courses in Technology and Systems Engineering
Management. Prior to joining Kaspersky Lab in 2013, Adam
front of the silicon-based units on the desks: the users. led the defense and federal subsidiary of a global middleware
The single most effective means that an attacker has for company where he was responsible for understanding and crafting
gaining entry to a system remains an email phishing attack. advanced technology solutions for the challenges faced by military,
intelligence, and government organizations. Adam is a graduate
Between 50% and 60% of sophisticated malware attacks of Yale University, a former United States Army officer, and also
gain initial penetration when a user clicks on a link or holds a Juris Doctorate degree, and has practiced law in New York.
opens an attachment in an email.3 Up to 95% of incidents
can be attributed to “human error” and misconfiguration.4
Unfortunately, neither training nor disciplinary processes
have been adequate in stemming the effectiveness of
phishing attacks.
2014 taught us that massive security breaches are the new normal for U.S. companies, government
agencies, and universities. Some of the most prominent were Target, Home Depot, Neiman
Marcus, Apple's iCloud, Michaels, the U.S. Postal Service, the IRS, Community Health Services,
UPS, Staples, the State Department, Sands Casinos, USIS, eBay, PF Chang’s, JP Morgan
A New Chase, and, to sum up the year, Sony Pictures. The sobering reality is that it is now no
World longer a matter of if but when and how often that we’re going to be breached. In 2014, we
witnessed CEOs being fired, CIOs let go, boards of directors personally sued, and company
data stolen or sabotaged on a grand scale. What will the extent of the damage be to our
company, shareholders, and customers? What are the bad actors really after?
Innovation is the primary engine that has driven the U.S. economy over the past 100 years.
Our innovation has evolved over decades of extensive and compounded investment in trade
secrets, technology, and processes, including personally identifiable information (PII). Today,
companies have untold trillions of dollars invested in U.S. innovation. It is precisely our
Holy Grail innovation that is of superior value to data thieves. An estimated $500 billion is stolen
from U.S. companies and the U.S. economy each year. It is much faster, cheaper, and more
effective for bad actors to steal our innovations than to make their own investments in dollars,
people, and time. Nearly all of our innovation is converted and stored electronically as data.
A more frightening fact is that most of the breaches reported in 2014 were from retailers - which
account for only 20 percent of breaches. Publicly held companies are required to report all
breaches and that is especially true for retailers when it involves consumer PII. Conversely,
80/20 80 percent of (non-retailer) companies either choose not to report the breach due to a
Rule potential stock hit or, worse, don’t know that they have been breached. Innovation and
trade secrets are more nebulous than PII and therefore more difficult to protect and notice
when breached or stolen. This fact is sobering.
The data protection strategy on which most companies focus today is defending the
“perimeter” or “castle walls.” This strategy has evolved over the past two decades with a
collage of products to address an array of security issues. By definition, individual products
Perimeter have inherent limitations and quickly become obsolete. When mapping numerous vendors’
products together into a security solution, gaps in coverage appear. These gaps are further
widened by the assault on access points by smartphones, apps, and pervasive free Wi-Fi. In
2014, we became painfully aware that the perimeter strategy is no longer effective.
A vacuum exists in nearly every company between the tactical and strategic views of information
security. Those career-focused employees who take the initiative to take personal ownership
of the 360-degree view will become indispensable to their company executives and fellow
Get employees. Employees who become experts in both perimeter and hybrid data-centric
Engaged models of defense and the current intelligence that drives them can expect to advance
rapidly as they fill important gaps in their companies. There are also opportunities
for C-level executives to engage their boards of directors in providing relevant
intelligence and solutions.
Data and information security is the responsibility of every employee, executive, board
member, contractor, and supplier. Each individual must be trained and certified each year
All with the latest intelligence-driven and research-based tools. Training raises the awareness
Hands level among all employees to maintain a higher level of data security for the protection
of everyone’s jobs. Awareness creates and maintains vigilance. Data security is everyone’s
responsibility, because stolen data may mean lost jobs.
®
PARTNERS
It’s 2 A.M. on a Tuesday morning and I awake to my phone chirping. Quickly looking at it,
I realize it’s a text from one of my city’s prime contractors who provides our security services.
As I roll over and make the phone call, I realize we have an issue that will require me to start
my day earlier than planned. We have a zero day attack never seen before and technicians are
afraid it may have progressed into the department’s share drive. As the day unfolds and this
incident is cleaned up and remediated, we discover that a simple phishing email received by
an employee on the evening work shift set this event in motion.
In today’s city environment, as in any private company, phishing attacks and infections
caused by attachments and links to hacked web sites have become common occurrences.
However, in the disparate network environments of today’s large cities, these types of
attacks can be catastrophic due to the inherent blending of old and new technologies found
in city enterprise networks. The repercussions of new malware attacks on this intertwined
infrastructure can result in loss of critical services to the city’s customers: its citizens.
To counter these ever-evolving threats, I have come to use three tools to shield my city:
Jason Christman
MS, CISSP, PMP
McClure, Brown, & Associates LLC The cyber domain presents limitless opportunities
for cyber threat actors while causing significant
challenges for cybersecurity professionals. While
our current time might be construed by historians
as the golden age of cybercrime, it is also an age
that offers new ways and means to counter these
crimes. Neuro-behavior forensics is such a means,
permitting the extraction of analog indicators1 to
identify an intruder’s internal thought process –
more specifically, the neurocognitive ‘decision’
pattern that aligns with the system or network
behavior. This is possible because cyber intruders
leave behind cognitive fingerprints with neuro
psychometric markers2 that can be translated
into cognitive patterns.3 Neuro cyber analytics
deciphers these indicators, of analog or digital
origin,4 into a cognitive print (Cogni-print®)5, or
signature, in order to make sense of how the
intruder thinks in the context of committing a
cybercrime. Neuro cyber analytics unravels the
footprint of cyber intruders using an engineering
system approach in order to help professionals
‘protect, detect, respond, and recover’6 from
unwarranted or unexpected cyber acts.
1 Analog indicators are attributes like facial features, breathing, heart rate, eye
movements, tones, and so forth.
3 Cognitive patterns are the repetitive process that humans use for mapping their
4 Digital indicators (in this article) are verbal indications, like words and phrases.
draw on knowledge of how an intruder reasons or solves Jason Christman, MS, CISSP, PMP is an industry leader and
problems. Thus, they can become more proactive in domain expert in cyber operations planning and execution, threat
mitigating security risks. Cyber analysts, operators, and intelligence analysis, and human decision analytics. His strategic
planning, mission management, and technology development
planners can become more proficient strategists with background spans the homeland defense, intelligence, special
the ability to move pieces in positions of influence for an operations, and commercial telecommunication business arenas.
ultimate checkmate. Jason is an ardent supporter of human-centered computing and
is a proponent for the convergence of neurocognitive technology
and cyber ecosystems.
Acknowledgement
We wish to acknowledge Dr. Joe McClure VanHoozer,
Senior Managing Member of McClure, Brown, & Associates
LLC, and leading expert in neuro analytics, neurolinguistics,
and Cogni-print® for his generous time in reviewing and
editing this article.
www.securitycurrent.com
United States
{CYBERSECURITY}
Magazine
Subscribe today!
www.uscybersecurity.net/subscribe
Organizational Relevance
Cyber is a vital focus area at SSC Pacific. This experience has become a key
component in MFCC’s mission success and ultimately their proactive support
for the U.S. Navy.
U.S. Marine Corps photo by Sgt. Emmanuel Ramos
Patric Petrie is the lead staff writer for Space and Naval Warfare Systems 1 Greenert, Admiral Jonathan: “Adm. Greenert:
Center Pacific, based in San Diego, California. Petrie is a veteran Wireless Cyberwar, The EM Spectrum, And The
Changing Navy.” BreakingDefense.com, April 2013.
journalist and a former Navy hospital corpsman. <http://breakingdefense.com/2013/04/adm-greenert
-wireless-cyber-em-spectrum-changing-navy/>
CSFI came about in a particularly interesting time for a hot topic among not only cybersecurity professionals,
cybersecurity and hacking: the age of Stuxnet. Discovered in but anyone who uses electricity, running water, and
June 2010, the Stuxnet worm attacked and badly damaged Bluetooth – which is to say, pretty much everyone. De
the PLCs (programmable logic controllers) of many of Souza cautions that it’s more important than ever to focus
Iran’s nuclear centrifuges, setting the country’s nuclear on this topic, as “the way cyber can be used to cause real
development program back heavily. Due to the Iranian effect in the physical domain as a precise weapon system
government’s reticence, the extent of the damage has not that can be acquired by any nation on earth at a very low
been fully defined, but some estimates put the worm as investment” means we have, in effect, entered a new arms
having ruined nearly one fifth of the country’s centrifuges.1 race: nations scramble to pick up exploits and zero-day
Cybersecurity experts from dozens of countries worked vulnerabilities that can be held in reserve for strategic use
– or retaliation. Given that attacks like Stuxnet can be used
together to figure out the worm’s provenance. While
to affect industrial and public infrastructure, such as the
it has not been definitively proven, many concluded that
power grid or manufacturing equipment, cyber-warfare can
the sophistication and scope of the attack, as well as
have far-reaching real-world consequences for even private
its particularly targeted nature, pointed to the work of one
citizens of the nations waging silent war in cyberspace.
or more governments, as few believed an independent
hacker or group could have had the time, resources,
The issue is not going away anytime soon: as de Souza
skill, and motivation to create a worm that behaved as cautions, “Asymmetric warfare will not stop growing; it is
Stuxnet did.2 here to stay.” The growth and prevalence of the Internet of
Things, and its increasing permeation into every aspect of
Experts like de Souza had been interested in the concept our lives, means that attacks have the potential for more and
of state-sponsored hacking for some time, but the public more real-world consequences. In 2013, white-hat hackers
nature and scope of the attack brought the issue forcefully Charlie Miller and Chris Valasek were able to control the
into the public eye. Suddenly, hacking was not just speed and braking functions of a car using a computer
something that lived on the Internet, a crime on the level connected to its On-Board Diagnostic System.3 Nearly two
of vandalism committed by “some high school or college- years later, many cars are so much more connected that
aged kid living in his mom’s basement who could deface Senator Edward Markey warned in a report to the Senate
the main webpage of the local community college,” as de Commerce Committee in February that it was theoretically
Souza said. It had even gone beyond “more sophisticated possible for not just speed and braking, but also steering
threats to society like identity theft or financial fraud via and other critical functions to be remotely hijacked.4 It’s not
insecure websites.” In forming CSFI, de Souza realized that hard to imagine the serious damage that could be done
“cyberspace had quickly become a war-fighting domain, by determined, directed bad actors who can control the
just like land, air, space, and sea.” critical functions of millions of cars.
The concept that hacking and cyber-attacks can have The shift from money- or achievement-motivated hacking
effects not just on computers and the Internet, but on to targeted, government-sponsored attacks is a real point
physical spaces and infrastructure, has made cyber-warfare of concern for de Souza and for his forum members, who
United States Cybersecurity Magazine | www.uscybersecurity.net 43
As we live more and more of our lives digitally,
it becomes more important than ever to listen
to what cybersecurity researchers have to say,
and demand more information on how to
protect ourselves in the future.
General Daniel O’Donohue, Commanding General for the professional and as CSFI’s founder, de Souza has taken
U.S. Marine Corps Force Cyberspace (MARFORCYBER): the pulse of the cybersecurity landscape, a vision that he
“We believe the solutions to our shared problems in shares with his members and with anyone in the general
cyberspace revolve around our people, and not systems. public for whom cybersecurity is a necessity – which is to
However, we must provide our workforce the training, say, in today’s connected age, everyone. “Minimize the
tools, and resources they need to defend our nation.”6 threat surface,” de Souza advises. “You cannot completely
eliminate the threat, but you can minimize the risk. Be
CSFI has also partnered with Capitol Technology University creative! Understand the environment, shape it to your
to increase professional awareness, proficiency, and advantage, and stay operational. Stay current, and never
certification. “There is a global demand for more qualified stop learning.” De Souza encourages sharing important
cyber security professionals,” said Dr. Michael T. Wood, information and collaborating with others in order to
President of the University. “To address this need, Capitol catch vulnerabilities before they become large-scale
and the CSFI will work to educate and train individuals and breaches, but he urges caution when doing so: “When
award them credits towards certifications and masters and sharing vulnerabilities, please make sure to also share the
doctoral degrees in information assurance at Capitol.”7 countermeasure or workaround. There are many ways of
Professionals and students can undertake ICWOD and sharing information, from open-source to classified means,
DCOE training, providing them with transfer credits but no matter the medium, always be aware that no system
towards masters and doctoral-level courses in Information is 100 percent secure. Practice good security standards for
Assurance at the University. transmitting information and also maintaining data at rest.”
A little bit of incaution from cybersecurity professionals,
CSFI develops its training efforts collaboratively with even with good intentions, can become a big problem for
qualified members of the Initiative who possess relevant everyone from end users to entire governments.
skills, education, and experience, both from the public
and private sectors. In terms of cyber warfare, some of the From Stuxnet to Heartbleed, Target to Home Depot,
training initiatives have included “cyberspace operations the world is gradually waking up to the concept that
methodologies, the integration of cyberspace capabilities, cybersecurity is important for everyone. Organizations
the role of Information Assurance in cyberspace operations, like CSFI work to enable the transfer of information in a
training and developing the cyber workforce, and designing trickle-down fashion: the more industrial sysadmins, white-
cyber-related organizations,” de Souza said. Each of these hat hackers under government auspices, private security
topics could be its own foundation; CSFI’s global reach researchers, and others can communicate important
and scope enables it to tackle these concepts, and others, information and collaborate on research and development,
and provide relevant information and training to all of its the more cybersecurity will become incorporated into
members and more. our daily lives. The increased visibility and impact of
cybersecurity incidents mean that private individuals are
From his experience both as a cybersecurity industry starting to realize that cybersecurity should be a priority
Sources
1
Kelly, Michael B: “The Stuxnet Attack On Iran’s Nuclear Plant Was ‘Far More 5 Ready.Gov: “Exercises.”
Dangerous’ Than Previously Thought.” BusinessInsider.com, November 2013. <www.ready.gov/business/testing/exercises>
<http://www.businessinsider.com/stuxnet-was-far-more-dangerous-than-previous-
thought-2013-11> 6
Major General Daniel O’Donohue: “Cyber Operations: Improving the Military
Cyber Security Posture in an Uncertain Threat Environment.” Congressional
2 Gross, Michael Joseph: “A Declaration of Cyber-War.” VanityFair.com, April 2011. Hearing Rayburn HOB-2118, March 2015.
<www.vanityfair.com/news/2011/04/stuxnet-201104> <www.csfi.us/?page=training>
3
Goodin, Dan: “Tampering with a car’s brakes and speed by hacking its computers: 7
Capitol Technology University: “Capitol Technology University Partners with the
A new how-to.” ArsTechnica.com, July 2013. Cyber Security Forum Initiative (CSFI).” CapTech.edu, October 2014.
<arstechnica.com/security/2013/07/disabling-a-cars-brakes-and-speed-by-hacking- <http://captechu.edu/news-events/news-headlines/1925>
its-computers-a-new-how-to>
4
Goodin, Dan: “Senator: Car hacks that control steering or steal driver data way too
easy.” ArsTechnica.com, February 2015.
<arstechnica.com/security/2015/02/senator-car-hacks-that-control-steering-or-steal-
driver-data-way-too-easy>
United States Cybersecurity Magazine | www.uscybersecurity.net 47
Beyond being invisible and not basic. Full 3rd Wave RF assessments
discernable by our physical senses, what require having the right tools and an
Beyond being makes the RF operational domain risky understanding of RF propagation,
is how information propagates beyond antennas, and current attack methods.
invisible and not Physical and “Wired” IT Security
discernable by our boundaries or controls. Imagine a After the assessment, actionable
physical senses, skyscraper in any major city, where recommendations should be provided
WiFi networks propagate into adjacent so that an organization can prioritize,
what makes the spaces of other building tenants or into based on threat, their investment to
RF operational other towers in the vicinity. This can be mitigate the risks. The objective of the
domain risky is easily demonstrated by accessing email 3rd Wave of security is to create a more
from your cell phone: most likely you will secure work environment and to add
how information be shown many WiFi accounts that you persistent monitoring just as is present
propagates can potentially access. Often they will in the 1st and 2nd Wave of security.
beyond Physical show a lock symbol, but a moderately
skilled hacker can get on the network Part 2 will go into more detail on
and “Wired” and gain access to information. In the c re a t i n g m o re s e c u re w o r k
IT Security same way you see the WiFi networks of environments. It will appear in the
boundaries or other organizations, they undoubtedly Summer 2015 issue of the United States
see yours. This is obviously not good, Cybersecurity Magazine.
controls. unless you feel bulletproof.
Sources
The good news is that steps can be
1 Toffler, Alvin: The Third Wave. Bantam Books, 1980.
taken to rectify your risk position.
The first step is to get a full spectrum
assessment that looks at all three
waves of security. RF penetration
testing should assess the full and
useable spectrum of data exfiltration
from an environment typically from
300 MHz to 6 GHz, and not just the About the Author
WiFi portion of the spectrum. There Will Janssen is the Business Development
are many companies that have fairly Director for Signals Defense. Mr. Janssen has
over 30 years of experience in information
mature tools and processes to assess
security and signals intelligence. He was
your organization’s Physical and IT Boeing Corporation’s Executive site
Security risks, but fewer have the skills director for a DoD customer, a Senior
for the 3rd Wave of security. RF security Executive in DoD, and has worked in the
banking industry expanding information
is more problematic in that the tools security practices internationally.
required are more extensive than just
having a laptop with some penetration
software typically used in information
security assessments. Even 3rd Wave
“warwalking” to find open or rogue
WiFi devices is insufficient and too
Subscribe today!
www.uscybersecurity.net/subscribe
Download the app today!
Search "United States Cybersecurity Magazine"
C y b e r
www.uscybersecurity.net | 443.453.4784
Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc.
We are rapidly losing the ability to determine the “right” 1 Ashton, Kevin: “That ‘Internet of Things’ Thing.” RFID Journal, June 2009.
<http://www.rfidjournal.com/articles/view?4986>
level of our own connectedness; it is being determined
2
Evans, Dave: “The Internet of Things: How the Next Evolution of the Internet Is
for us by the very systems we have engineered to better Changing Everything.” Cisco, April 2011.
our lives. In the best-case scenario, humans will enjoy <http://www.cisco.com/web/about/ac79/docs/innov/IoT_IBSG_0411FINAL.pdf>
Why Encryption is a Must-Have for architecture, which minimizes overhead and, therefore,
reduces latency. By comparison, block encryption takes
Securing Cloud Data a large amount of data and encrypts it over time. That
approach increases latency and thus undermines a cloud
Encryption is an ideal way to maximize cloud security. Even
service’s ability to provide an on-premise user experience.
if firewalls and other safeguards fail, a hacker still won’t
have the keys to encrypted data and thus can’t do anything
with the information that’s been stolen. It is critical to have Encryption to Secure your Data
an end-to-end strategy, where data is encrypted at rest,
in transit, and at the endpoints. While new technologies like the cloud can make businesses
more efficient, cost-effective, and flexible, they must
Encryption also can avoid the limitations of other security ensure that they are protected against cybercriminals that
tools. For example, SSL (Secure Sockets Layer) – a standard are trying to obtain their highly valuable and proprietary
security technology for establishing an encrypted link data. Encryption is the key to securing the cloud, and
between server and client – is computer-intensive. Even organizations that utilize these technologies will be better
when a laptop, smartphone, or tablet has a multicore prepared to mitigate risk while also taking advantage of
processor that can handle SSL’s workload without affecting all of the benefits that the cloud has to offer.
other tasks, that workload still can take a significant toll
on battery life. By avoiding these and other drawbacks, Sources
encryption helps cloud services achieve a key goal: 1
Kim Weins: “Cloud Computing Trends: 2014 State of the Cloud Survey.” April
providing a user experience that feels the same as if 2014, Cloud Management Blog. <http://www.rightscale.com/blog/cloud-industry-
insights/cloud-computing-trends-2014-state-cloud-survey>
everything were on-premise.
At Fort Sumter, Union troops quickly identified the forces 2. the series of strategic cyber attacks that disabled
that were bombarding them as newly minted Confederate Georgian command and control systems in 2008,
artillery. Similarly, at Pearl Harbor, the U.S. Navy immediately which coincided with a Russian military intrusion across
identified Japan as the source of the bombing raid because the Georgian border, but which were later determined
of the unmistakable markings on the low-flying aircraft to have begun with online Russian hacking groups;
overhead. In attacks involving conventional warfare, and
“attribution,” or the identification of an attacker, is readily
apparent. In the case of attacks in cyberspace, however, 3. the Stuxnet attack on nuclear centrifuges in Iran in
attribution is a much more complex problem, as the recent 2010, which has been attributed by various sources
hack on Sony Pictures Entertainment demonstrates. The to the U.S., Israel, or both.2
purpose of this article is to explore the issue of attribution
through the prism of the Sony hack, which many analysts, In contrast to the Estonia and Georgia examples, where
but by no means all, attribute to North Korea. the victimized governments sought to publicize evidence
that would point the finger at the Russian government,
attribution in the Stuxnet case has been made virtually
Background impossible by the fact that the Iranians have declined
As a report by the Congressional Research Service (CRS) to disclose either the extent or source of the damage,
explains, “blurry lines” between various types of malicious presumably because such evidence would have revealed
activity in cyberspace make it difficult for investigators to the progress that Iran had made to that date in its
attribute an incident to a specific individual, organization, nuclear weapons program and/or would have exposed
informal group (e.g., the hacker group Anonymous), or vulnerabilities in its network.
even foreign government.1 As examples of such blurry
lines, CRS cited In any event, each of the foregoing three examples
involved cyber attacks on important assets of a foreign
1. the 2007 distributed denial of service (DDOS) attacks government. In the case of Sony, however, the importance
launched against Estonia, which the Estonians originally of the attribution issue has been dramatically extended to
attributed to Russia, but investigations subsequently victims in the private sector.
led to unofficial Russian-language chatrooms and
the conviction of one ethnic Russian student;
• Technical analysis of the data deletion malware used 1 Congressional Research Service: “Cybercrime: Conceptual Issues for Congress
and U.S. Law Enforcement.” CRS No. R42547, at 11. January 2015.
in the attack disclosed links to other malware that “the 2 Ibid – page 10
FBI knows North Korean actors previously developed,” 3 FBI National Press Office: “Update on Sony Investigation.” Washington, D.C.,
December 2014.
i.e., similarities in “specific lines of code, encryption 4 Ibid.
algorithms, data deletion methods, and compromised 5 Comey, James B.: “Addressing the Cyber Security Threat.” Fordham University.
International Conference on Cyber Security, New York, NY: January 2015, page 3
networks”; 6 Kirk, Jeremy and Martyn Williams: “North Korea unlikely to be behind Sony
Pictures attacks.” Computerworld, December 2014 – page 2
• Observation of “significant overlap” between the 7 Ibid. – page 3
8 Kopan, Tal: “U.S.: No alternate leads in Sony hack.” Politico Pro, December 2014
infrastructure used in the Sony hack and “other – page 1
malicious cyber activity that the U.S. Government 9 Ibid. – page 2
had previously attributed to North Korea,” e.g., IP
addresses associated with known North Korean
About the Author
sources; and
Ira E. Hoffman, Esq., is a Principal in the
• Similarity to the tools used in a cyber attack in March Cybersecurity, Government Contracts and
2013 against South Korean banks and media outlets, International Practice Groups in the Bethesda,
which “was carried out by North Korea.”4 MD office of the multi-state law firm, Offit Kurman,
P.A. He is a Fellow of the Cyber Security Forum
Initiative (CSFI); a member of the Advisory Boards
Then, in a speech delivered in January of 2015, the FBI of CyberMaryland and CyberMontgomery; an instructor for the
Director, James Comey, reiterated that “[i]t was the North Public Contracting Institute (PCI); and a frequent speaker, and
author of several articles, on cybersecurity law and policy. He
Koreans who hacked Sony.”5 In contrast to the certainty can be reached at 240-507-1723 or at ihoffman@offitkurman.com.
professed by the FBI, there are a number of other
cybersecurity analysts who point out that the evidence
linking North Korea to the Sony hack is not definitive.
ENTREPRENEURIAL
Come START UPS
GROW 3D/ADDITIVE
with
US!
MANUFACTURING
MARYLAND’S
CYBER/DEFENSE
SOLUTIONS
AG RESEARCH &
EXPOSITION
ECONOMIC GARDENING
www.harfordcountymd.gov
www.harfordbusiness.org
410-638-3059
BARRY GLASSMAN
Harford County Executive
KAREN HOLT, DIRECTOR
Office of Economic Development
As the insurance specialist at Brenner, Saltzman & HVAC contractor. At a recent Connecticut Bar Association
Wallman, I have reviewed a variety of insurance policies program, an executive of one of the major insurers noted
for clients with cybersecurity needs. Some host websites that fully 38% of claims regarding data breaches came
for marketing commercial real estate; others develop from companies with 100 employees or less.1 Hackers may
software to assist hospitals with monitoring patients target smaller companies specifically because they may
for serious chronic conditions, or coordinate billions of not have large IT departments focused on cybersecurity.
credit transactions for retailers. These policies came to Between costs of:
me when our clients faced some unusual claims or were
preparing to enter new areas of business and wanted to • satisfying statutory requirements to notify customers
know whether their existing insurance would protect them. concerning releases of personal identifying
My clients and I were often surprised to learn that they information (PII)
were not as well-protected as they hoped by the policies • diverting personnel to investigate and address the
they had purchased. This article shares some basic tips data breach
acquired through these coverage surveys which will help
you shop for cyber liability insurance or evaluate whether • damage to critical data and hardware
your existing insurance coverage will protect your business • decreased revenue from lost customer trust,
from cyber liability claims.
recent losses calculated from data breaches averaged over
You may think that you are not a target (or Home Depot) $5 million each.2
which would interest a hacker, and thus don’t really need
cyber liability insurance. Yet even small businesses are at Regular property and liability policies generally are not
risk: Target’s computer system was hacked through its designed to and will not offer any robust protection for
United States Cybersecurity Magazine | www.uscybersecurity.net 57
On multiple occasions, when
seeking coverage for claims, you can bear in the form of a “self-insured retention” (SIR)
my clients and I learned that or deductible. The higher the SIR/deductible, generally,
the policies that they had the lower the premium. The higher the limit of protection,
the higher the premium.
purchased either did not
offer coverage for what they While you may not have had much input in the purchase
actually did or contained of your business’s general liability or auto insurance policy,
you will benefit from working closely with your broker to
exclusions for claims arising find the right cyber liability policy. First, offer your broker
from activities that they a complete description of what your business actually
engaged in regularly. does, so he/she can make an educated search for the
right product and the insurer’s underwriters can focus on
the real needs of your business. Unless the brokerage
cyber liability risks. My experience reviewing these policies understands the specifics of your business, it may focus
for our clients suggests that insurers have become savvy at on more traditional insurance products with which it has
limiting their risk for cyber liability in these policies. They experience rather than exploring new products, even
regularly exclude “data” from the definition of “property” when more established coverages may not match the
that is protected or exclude operation of websites from specialized needs of your e-business. For example, a client
coverage for “personal injury” such as defamation or whose software assists hospitals with monitoring chronic
improper publication of private information. conditions got a “medical products” policy designed for
manufacturers and sellers of devices like artificial joints. It
If your business depends on sharing and storing information contained exclusions for coverage for unauthorized release
electronically, specific cyber liability insurance may be a of Protected Health Information (PHI) and costs of notifying
worthwhile cost of the new way business gets conducted. persons affected by data breaches. It’s important to look
Decide whether the money your business may have saved out for and be aware of exclusions like this in traditional
on cloud storage instead of paper records and accounting policies that may leave you exposed.
software instead of bookkeepers would be well-spent on
new insurance to: When the cyber liability policy arrives, review it promptly
to check whether its coverage matches what you do and
• better protect electronic records exclusions for key functions have not been added. On
multiple occasions, when seeking coverage for claims,
• cover new costs of doing business, such as notifying
my clients and I learned that the policies that they had
customers whose PII may have been improperly
purchased either did not offer coverage for what they
released and restoring any corrupted data.
actually did or contained exclusions for claims arising
from activities that they engaged in regularly. Often the
Cyber liability policies can address those ecommerce “binders” that a broker forwards for your approval do not
risks. Most of these policies are relatively new and are describe all policy exclusions. You can request a more
“manuscripted,” meaning that rather than being standard complete description of all exclusions and, where you and
forms, they may be written for particular businesses or your broker recognize that exclusions may create a serious
industries, with the language and coverage differing hole in desired coverage, your broker can ask the insurer
substantially among different insurers. Insurers may whether it will delete exclusions for an adjustment of the
negotiate provisions specific to the needs of a particular premium to see whether it will be worth the cost to plug
business to a greater or lesser degree, if requested. The that hole.
same insurers with which you carry your general liability
and other policies may offer their own separate, specialty Your business’s description should be reviewed each time
coverage for this growing risk. Pricing may depend on policies come up for renewal. Your broker will need to
what level of coverage your business needs or that business know about new locations where you operate both online
partners require you to carry and what kind of up-front costs and off, as well as new products or services that you offer.
For example, a client which originally coordinated credit Cyber Liability Insurance
card transactions for gas retailers was approached by
a major medical provider about handling payments.
Suddenly, concerns about the unauthorized release of When domestic or foreign hackers,
PHI jumped to the fore. When your business shifts or employees, or other third parties invade
grows in new directions, check your coverage and adjust your computer networks, be assured
it according to your new needs. If, as you plan the growth that we can provide first and third party
of your business, you find that you cannot insure against protections for:
certain risks of your e-business, you can take other steps
to address or plan for those risks. • Loss of Digital Assets
• Non-Physical Business Interruption
Other tools to reduce exposure for cyber liability include and Extra Expense
placing appropriate limitations of liability in invoices and • Cyber Extortion Threat
contracts with customers or clauses in contracts requiring
another party to indemnify your business for cyber liability. • Security Event Costs
You should also determine whether those parties have • Network Security & Privacy Liability
insurance that can back up those indemnification claims. Coverage
Be aware that over 30% of cyber liability claims arise • Employee Privacy Liability
from human error.3 Properly training your employees to
recognize and avoid cyber risks and enforcing company • Electronic Media Liability
policies which address those risks remain important tools • Cyber Terror
to limit your company’s exposure. • Special Expenses Aggregate
Sources • Customer Notification Expenses
1 Johnson, Karen I. and Gregory Podolak, Esq.: “Ensuring Data Confidentiality and • Public Relations Expenses
Insuring Cyber Exposures.” Cyber Liability Insurance Coverage CLE, Connecticut
Bar Association. New Britain, CT: November 2014.
2 Ibid.
3 Ibid.
Like us on Follow us
Facebook on Twitter
The road to government contracts can seem complicated, What many contractors often ignore or underestimate is
even to a seasoned professional government contractor. It the value of historical data in understanding the number
does not have to be that way. In this article I will attempt of contracts.
to simplify government contracting business development
and explain its initial phases honestly and simply. Government spending is budgeted on an annual basis.
The fiscal year ends on September 30th. Knowing how
Identify your capabilities by using government-recognized many contracts were awarded the previous fiscal
criteria. Capabilities statements are necessary in year in a particular NAICS code is the first step in the
government contracting, but understanding North blueprint to IT government contracting. This number will
American Industry Classification System (NAICS) codes be proportionate to the budget approved by Congress.
From a contractor’s perspective these budgets do not
and properly identifying your company’s capabilities in
vary much from year to year. Therefore knowing the
this fashion is critical. Learn more about the NAICS codes
number of contracts awarded in the previous fiscal year
you are using and understand the differences and the
is the clearest sign of the number of contracts that will
value in having the right NAICS codes. For sales and
be awarded during this current fiscal year.
marketing purposes, do not use too many NAICS codes
that represent various industries unless these are core
The next step is knowing the agencies, and which
capabilities of your company. Once you have identified
departments inside of the agencies, awarded contracts
your prospective NAICS codes, review the description of
in the last fiscal year. This information helps you identify
each code to better understand the subtleties and slight
which agencies you should target, during the current and
differences between them.
future fiscal years.
United States Cybersecurity Magazine | www.uscybersecurity.net 65
re-competed, or otherwise re-advertised. This is the opportunities that fit your company’s capabilities. However,
origin of what most people think of as open solicitations. to truly get the edge in government contracting, you need
The ability to obtain enough information about expiring to develop a pipeline of opportunities so that you know
contracts far enough in advance to determine your future which contracts are coming up before they’re active.
opportunities is the key to government contracting. Key Having a pipeline of contracts lined up years in advance
information required is: will help you:
• What is the contract? What is the contact number? Is • Forecast future sales
the contract on a GSA Schedule? • Focus on specific ops by agency, dollar amount, etc.
• What are the individual tasks’ orders? • Develop necessary relationships with contracting and
end user staff up front
• What agency awarded the contract?
• Develop internal capabilities and resources to be
• Which facility is the point of performance location? prepared in advance
• Develop necessary relationships with potential
• Who is the current vendor? Do they have any set aside
partners, and contractors in advance
status? Is it expiring?
• Create an action plan for pursuing upcoming
• What is the dollar amount of the contract and the opportunities, so you are prepared when they arrive
individual task orders?
• When was the contract awarded? Most importantly, In the past, only large prime contractors understood
on what date does the contract end? these steps and had the resources required to
perform this valuable research and business
Armed with this and the information from the previous development. Armed with this information, however, you
steps, we can develop our pipeline and determine will be prepared to play in the big leagues of government
how far in advance we should begin to plan for certain contracting too.
expiring contracts.
www.TechExpoUSA.com
Whatever definition you use for “cybersecurity,” the Visit any company or government agency and you’ll find
common denominator is to implement policies and this data-filled equipment stored unsecured in hallways,
procedures for protecting networks, computers, and data storage rooms, and offices. Even when the hard drives are
from an attack and ultimately prevent costly data breaches. removed from this equipment, the media can still end up
on bookshelves or in boxes in the IT department waiting
While the major focus of cybersecurity is keeping the front to be sanitized.
door impenetrable from global criminal activities, according
to the 2014 Bitglass Healthcare Breach Report, 68% of By not placing enough emphasis on the proper handling of
breaches originate from the inside.1 Part of this epidemic is data from end-of-life equipment, your IT department may
from a significant amount of data-rich electronic equipment leave hard drives untouched for weeks or months waiting
and devices going out the back door.
United States Cybersecurity Magazine | www.uscybersecurity.net 69
• Enter into a Business Associate Agreement (BAA).
• Consider “Data Breach Insurance” (a.k.a Cyber Liability
Insurance).
• Ensure proper recycling of equipment by securing a
vendor who is R2:2013 or e-Stewards certified.
Sources
1 Bitglass, Inc.: “The 2014 Bitglass Healthcare Breach Report.” Nov. 4, 2014: p.2.
<http://pages.bitglass.com/pr-2014-healthcare-breach-report.html>
2
Kissel, Regenscheid, Scholl, Stine: United States Department of Commerce.
National Institute of Standards and Technology. “NIST Special Publication 800-88
Revision 1: Guidelines for Media Sanitization.” December 2014.
<http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-88r1.pdf>
3 Bitglass 5
Cybersecurity may not seem like the costs of ignoring cybersecurity can but for many groups the cost can
a priority for many small enterprise be much larger than the time and money be prohibitive, and it’s often difficult
environments - after all, you’re small. you may save by neglecting it. You may to mandate that time be spent on
Who would want to hack, phish, find yourself facing litigation or fines anything other than business as usual.
or spam you? But small enterprise that your organization is ill-equipped
environments face just as much, if not to handle, and it may be incredibly More pressure may therefore fall on
more, threat as large corporations. You difficult to recover from the blow to your your cybersecurity team (or individual)
need only look at recent news to see reputation and customer confidence to present relevant information more
why small businesses may be tempting that a security breach may cause.2 quickly and consistently than a
targets for bad actors: Reuters, Target, training program can. Think about not
just the needs but the culture of your
CNN, The Washington Post, and Time Small enterprise environments carry
community: what gets their attention?
were all compromised through their their own unique challenges. A
In some places, eye-catching posters
interactions with small to medium- small staff often means limited time
in highly trafficked areas help spread
sized businesses.1 and flexibility during the workday.
vital information (we've found that
For those in charge of providing
“How are passwords like underwear?”
Now that we’ve established that education on cybersecurity, this can
in bold with red cartoon briefs can be
you’re not just small fry but a tempting be the ultimate challenge: how to fit rather effective). Rewards and perks
catch, you need to consider how to accessible education for community can also boost interest. Hosting
promote cybersecurity awareness and members on cyber threats into an awareness events with quizzes and
best practices amongst coworkers already full business day. Programs prizes, such as a Swedish Fish for
and leaders to protect your entire like Securing the Human3 or Wombat4 every correct answer about phishing,
organization from becoming the next can go a long way towards giving can grab the attention of users who
headline - or a footnote. According to your community the cybersecurity are less likely to read through non-
the U.S. Small Business Administration, education and awareness they need, emergency emails.
“we will never ask for your password” personal data, like old addresses and 1 Polanich, Jason: “The Soft Underbelly of Enterprise
can be what prevents a phisher from the last four digits of a credit card Cybersecurity: Small Business Readiness.” July 2014,
SecurityWeek.com.
gaining access. number, which may be freely available <http://www.securityweek.com/soft-underbelly-
with a little digging. 6 You’re not enterprise-cybersecurity-small-business-readiness>
Even the best-prepared communities trying to scare your end users, but it’s 2 U.S. Small Business Administration: “Cybersecurity
for Small Businesses.” <https://www.sba.gov/sites/
can eventually be compromised. important that they understand what default/files/cybersecurity_transcript.pdf>
Immediate intervention is key. As the risks are and why it’s important to
3 <www.securingthehuman.org>
soon as you are aware that someone maintain good net hygiene.
has given out their password, reset 4 <http://wombatsecurity.com/>
it, and then later help the user Be sure to leave the meeting with 5 Bryant, Josh: “How I almost lost my $500,000
reset it themselves. If you are in an instructions going forward: things Twitter user name @jb…and my startup.”
ArsTechnica.com, January 2014. <http://arstechnica.
environment without system-enforced to look for that are expected (like com/security/2014/01/how-i-almost-lost-my-500000-
password policies (e.g. via Active bounceback messages and replies twitter-username-jb-and-my-startup/>
Directory), you may need to have a to spam emails sent out from their 6 Hiroshima, Naoki: “How I lost my $50,000 Twitter
username.” ArsTechnica.com, January 2014.
conversation with the account holder account) and unexpected (seeing <http://arstechnica.com/security/2014/01/how-i-lost-
to ensure that they understand what’s messages appear in their Sent folder my-50000-twitter-username/>
happened and how to prevent it from that they did not send). It’s also
happening again. important to follow up with them
within one or two business days after About the Authors
This conversation should take place your meeting, both to make sure they
face-to-face whenever possible. Even haven’t seen any further issues with Megan Clark has worked
at Bryn Mawr College
better is working side-by-side with the their accounts and to answer any helping community
user to restore their account settings, questions they might have. members stay secure
allowing you to approach the issue since 2011. Inspired
in a personal and familiar way rather Though education and reaction are by a fascination with
social engineering and
than presenting information to them vital components of maintaining the ways interpersonal trust changes
like a lecture or reproach. Keeping the a secure environment, an ounce when socializing online, she seizes any
user in control of the mouse will show of preparation is worth a pound of opportunity to spread awareness of the
them clearly that someone has logged firewalls. Keep abreast of new threats potential dangers of internet anonymity.
into their email account and gained and be proactive about addressing Amanda Fortner is the
access to all it contains. them. Use current examples to ensure editor for the United
that your community members know States Cybersecurity
Now is also the time to clarify what these issues mean for them and Magazine. She worked
with Megan Clark to
what happened and ensure they how to defend themselves efficiently. protect, educate, and
understand the severity of someone Clearly and succinctly explain the prepare Bryn Mawr
other than themselves having importance of increased security College community members from cyber
access to their account. Be sure to practices, like password complexity threats from 2010 to 2013 and credits
Clark for teaching her (nearly) everything
discuss what else their username or expiration rules, so that your users she knows.
and password may grant an intruder see them as important protective
access to, like personal and financial measures instead of unnecessary
information, or accounts that store inconveniences. Perhaps most
credit card information, like Amazon importantly, show your community
or eBay. Also consider explaining the that you are working together with
dangers of social engineering: on them to keep your organization
Megadata Technology is a cybersecurity company located in National Harbor, Maryland, just across the river
from Washington, DC. As a company whose focus is on securing information for national organizations,
it is important for our clients and our staff to always be aware of potential security breaches and ways to
avoid them. Our years of experience and regular training to remain current in this field have helped us
form a multi-level approach for warding off cyber hacks. Megadata Technology believes that knowledge
is power, and it is our goal to secure your power. The following are nine simple steps that can help any
individual, business, or organization secure their cyber information.
6 Take advantage of training opportunities to stay makes it our business to protect our clients’ information,
current in the security field. and these nine steps can be easily implemented to help
Training is a great way to heighten IT skills, while you do so as well.
simultaneously helping to stay abreast of changes in
technology. This will empower individuals and companies
with the knowledge to secure information, and ward
off cyber-attacks. Megadata Technology implements a
About the Authors
monthly training for our staff that keeps them on track for
Alvita Fitzgerald is Megadata Technology’s Vice President of
required certifications, increasing our capabilities and our Administration and Director of Human Resources. Ms. Fitzgerald
staying power in the field. received both her Bachelor’s and Master’s degrees in Business
Administration from American Intercontinental University. In her
role at Megadata Technology, Alvita oversees all organizational
development strategies that drive and support talent management.
the Design of It’s also important to consider the type of media the system
needs to acquire data from. Once this is established, the
Digital Forensic
next step is to plan and include write-protected data
acquisition methods. The most basic media is a hard
drive write-blocked forensic bridge. Write-blocked drive
Workstations
bay-mounted forensic bridges are available for all common
hard drive types such as IDE, SATA, SAS, SCSI, IEEE1394
(Firewire), and USB, with adapters for using 3.5”, 2.5”,
John Samborski, CEO and 1.8” drives. A write-blocked flash media card reader
is also useful for forensically reading media cards such
Ace Computers
as SD and CompactFlash cards. A read-only media card
reader is best, since it will prevent accidental corruption
Today most records of individuals, businesses, government or addition to the source data. A read-write switchable
agencies, and even criminal organizations are stored on reader can potentially be corrupted, but by using a model
various types of electronic media. In order to properly that is incapable of writing data, that source of error can
investigate a suspect, evidence needs to be extractable be eliminated. It’s simple to add a standard external flash
from electronically stored information (ESI) sources without reader/writer to the system. Although it will be obvious to
being corrupted. users that this external flash is capable of corrupting data,
the internal model should be write-blocked at all times.
Digital forensics is the acquisition, scientific examination,
and analysis of data retrieved from digital devices Optical media is another common source of forensic data.
(computers, mobile phones, game consoles, memory This media is typically not written to without specialized
sticks, etc.) in such a way that the information can be used software, so a standard DVD or Blu-Ray reader/writer will
in a court of law or for the purposes of the retriever without perform this work adequately.
any disturbance to that evidence. Digital forensics often
requires workstations that are dedicated to and designed Once the data can be read in a forensically safe manner, it
for the task. needs to be stored on either a target drive, a RAID array,
comes
(GPU) should be included for assistance in breaking
passwords. Normally, systems are shipped with a single
graphics card for display purposes, but users can also
leverage the intense processing power of the GPU for
assistance in brute-force password cracking through
built in.
massively parallelized iterative attempts. By using a higher-
end graphics card or multiple graphics cards, the forensic
system can also be used to shorten the time needed to
break a password installed on a system or to open up
files which have been encrypted. The current top-of-the-
line card is the NVIDIA GeForce Titan-X, which is a single
GPU card with 3,072 processing cores that costs about
$1000. While this is five times the cost of a standard
video card, it can be well worth the expense for password
breaking/decryption work.
www.acetechpartners.com
What do you want to be when you grow up? This is a start writing, we must teach them the alphabet – and that
timeless question teachers across the country ask their foundation for success is what we provide through our
students. A typical response: doctor, nurse, lawyer, fireman, NICERC programs.
veterinarian. While these are great occupations, today’s
workforce not only includes these professions but also NICERC programs have become a national model for cyber
great opportunities for computer and data scientists, education, focusing on teacher professional development,
cybersecurity directors, digital forensics analysts, cyber curricular design, and collaboration in K-12 education.
threat managers, and other cyber-focused careers. As a Through a diverse, multi-disciplinary team of university
generation with empowering, educating, and developing faculty, subject matter experts, and master teachers,
our future leaders and workforce, our responsibility is NICERC has developed a vertically integrated, cross-
simple: at an early age students must be introduced to curricular, project-driven curriculum for middle school and
and prepared for cyber opportunities, including current high school classrooms. These curricula make up a robust
career fields and those that do not yet exist. cyber pathway rooted in strong STEM fundamentals.
Cyber is the integration of STEM and liberal arts
The nation and its citizens face an active and growing cyber disciplines, wrapped in a societal context with a technology
threat and a critical shortage of cybersecurity professionals. underpinning. Taking this broad approach provides context
To ensure our nation’s future security and economic growth, for the content being taught in the classroom and engages
we must build a strong cyber workforce. Today, there are a broader group of students. A sample of NICERC curricula
over 340,000 unfilled cybersecurity jobs.1 Further, a report includes STEM: Explore, Discover, Apply (STEM EDA);
to the President by the Council of Advisors on Science and Cyber Literacy; Cyber Science; Cyber Society; Cyber
Technology says, “The nation will require approximately Physics; and Advanced Math for Engineering & Science.
one million more science, technology, engineering, and NICERC has created a “Cyber Interstate” that allows
math (STEM) professionals than what will be produced at students to enter and exit at various points throughout their
current rates over the next decade.”2 Building a strong academic and professional careers. By building a strong
STEM foundation in the early years is the key to getting foundation, students can compete in cyber competitions,
students interested in related degrees and careers. Today’s earn industry certifications, explore new career fields, and
workforce requires students to possess STEM skills in order earn a variety of cyber degrees. It’s critical that students are
to be globally competitive. provided multiple opportunities to become aware of cyber
issues (enhance awareness), engage in cyber education
The National Integrated Cyber Education Research Center (expand the pipeline), and select cyber careers (evolve
(NICERC), an academic division of the Cyber Innovation the field). Cyber impacts every aspect of our lives, and our
Center in Bossier City, Louisiana, was created to design, ability to lead in this new domain is critical to our future
develop, and advance both cyber and STEM academic economic and national security.
outreach and workforce development programs across the
region and nation. NICERC’s objectives are to nationally The development and enhancement of the Cyber Interstate
disseminate innovative practices in cyber education; to begins with teachers. Teachers are vital players in creating
promote a culture of educational innovation; to serve a systemic and sustainable change in K-12 cyber education.
as a catalyst for future research in cyber education; and Imagine a classroom of students who are on the edge
to provide a focal point for continued interdisciplinary of their seats, filled with enthusiasm and questions, and
collaboration in STEM education reform. Cyber is like engaged in learning about how science, technology,
a well-written essay: before we can expect students to engineering, math, and liberal arts all integrate. It’s a unique
Students who were unmotivated and uninvolved are now 1 Department of Homeland Security: “FY 2015 Budget Overview.” 2015.
<http://www.dhs.gov/sites/default/files/publications/DHS-Congressional-Budget-
key players in their small groups and have found an interest Justification-FY2015.pdf>
in academics they didn’t think they had.”
2
President’s Council of Advisors on Science and Technology, Executive Office
of the President: “Report to the President: Engage to Excel: Producing One Million
Through teacher empowerment, professional development, Additional College Graduates With Degrees in Science, Technology, Engineering,
and Mathematics.” February 2012. <http://www.whitehouse.gov/sites/default/
and classroom resources, NICERC aims to provide teachers files/microsites/ostp/pcast-engage-to-excel-final_2-25-12.pdf>
with the powerful capability to connect what they’re
already teaching students to the hundreds of thousands
of unfilled cybersecurity jobs. And those students, the
future cyber professionals, will help the nation address the About the Author
growing cyber threat to public and private networks and G.B. Cazes is the Vice President of the Cyber
improve critical infrastructure resiliency. The Department Innovation Center, serving as the Director of the
of Homeland Security has recognized NICERC’s efforts with National Integrated Cyber Education Research
a 2013 grant and funded the expansion of these programs Center (NICERC). G.B. has over eleven years of
experience in the Information Management and
to communities across the country.
Information Technology (IT) fields. His experience
includes working in the international, commercial,
NICERC offers professional development opportunities and government markets. He has served as the Assistant Director
for middle and high school teachers that use its curricula of the Information Technology Consulting Department and Director
to empower teachers and engage students. NICERC of Telecommunications Management Department for a Shreveport-
based IT consulting and software development company. G.B.
professional development programs include, but are
has a Master of Business Administration from Centenary College
not limited to, STEM EDA teacher workshops, the and serves on a variety of professional organizations, including
annual Education Discovery Forum (EDF), and Cyber the Military Affairs Council and the Louisiana EPSCOR Board. He
Discovery. These professional development programs also serves on numerous boards including the Bossier Chamber
enable teachers to bring new projects, technology, and of Commerce, the Bossier Parish Community College – Cyber
Information Technology Advisory Board, and the STEP Forward
curricula into their classrooms, creating a dynamic new
Executive Team. He was awarded the Partners In Education Award
learning environment. The results are increased student in 2010, the AFCEA Exceptional Contribution to STEM Education
engagement, development of soft skills, and a connection Award in 2012, and the 2012 Southern Growth Innovator Award
to necessary industry skills. for Workforce Development in Louisiana.
OFFENSIVE METHODOLOGY
& ANALYSIS
May 4 – 15
www.advancedengineering.umd.edu/cyber-degree