Brain-Computer Interfaces: A New Frontier for Hackers 

Guest author Jason Pittman, Sc.D., is a collegiate faculty member at UMGC where he teaches in the School of Cybersecurity and Information Technology. 

The potential of Brain-Computer Interfaces (BCIs) is enormous, from helping people with disabilities to improving work and personal performance but so, too, are the untold cybersecurity risks. 

The idea of using our brains to control a computer may seem far-fetched, even in science fiction. Yet, brain-computer interfaces (BCIs) are already commercially available. We can use a BCI to float a ball in mock Jedi fashion, enable the physically disabled to enter data into a computer, and academically plumb the mysteries of human-computer interaction. Indeed, companies such as OpenBCI and Emotive offer research-grade equipment. Manufacturers including Mattel and NeuroSky sell toy BCIs.  

The good news is these devices benefit millions of people today. The bad news is that BCIs provide three new frontiers for hackers.  

First, a little background about BCI technology. BCI technology is either invasive or noninvasive. Invasive BCIs measure neural activity from within the brain through some form of implant. While such methods are medically intrusive, the fidelity of recording is high since the sensors connect into neural clusters and can measure single-neuron activity. Noninvasive BCIs gauge neural activity using sensors placed on the scalp. Signal recording in noninvasive BCIs is broad because sensors can only measure clustered neural activity. Currently, all commercial BCIs are noninvasive except for some medical implementations, such as cochlear implants. 

The promise of BCIs is impressive, but the technology carries attack opportunities for hackers.  It is important to understand the cybersecurity of BCIs if we are to proactively prevent threats to this new frontier of innovation. We need to be ahead of the hackers willing to use it for nefarious outcomes.  

Malicious software. Malicious software—viruses, worms, and Trojans—have existed since the dawn of the internet. This software has one purpose: to cause harm and mayhem. Modern malicious software, or malware, leads to more than $20 billion in damages every year. On one hand, the concept of malicious software infecting a wired-up brain is scary. On the other hand, the concept of ransomware or malicious software that uses encryption to lock the brain is downright terrifying. 

Integrity. Our data and their transmission are the primary drivers of modern computing. With BCI, our thoughts become part of the operating landscape. As such, BCI data are subject to the same at-rest and in-transit problems as regular data. Just as normal data can be intentionally corrupted to cause harm to the integrity of the data, hackers will be able to corrupt or otherwise alter thoughts-as-data.  

Interception. An obvious vector for hackers is going to be reading our thoughts since BCI uses our thoughts as input to a computing system. Hackers can already do this with data flowing over a computer network. They can intercept and block or intercept and alter messages. Because a BCI transmits neural activity, we should expect that existing interception techniques apply. When this happens, no thought will be private or safe. 

We should not let the grimness of potential attack vectors dampen the great potential of BCI. We have conquered harder problems. Moreover, we are in a unique position to understand the threats before hackers start exploiting these vulnerabilities. But we need to begin now, and we need to take these frontiers seriously. 

Perseverance Pays Off for Couple Pursuing Careers in Cybersecurity and Health Informatics 

Shkelzen Deshishku and his wife, Teuta, came to the United States in 1999, just after the war in their home country, Kosovo, ended. The move forced both to leave family, jobs and university studies, but it never diminished either’s desire to earn a college degree. 

In his first years in the United States, Shkelzen, who goes by Xeni, worked in a series of jobs that included selling cars. Then he discovered University of Maryland Global Campus (UMGC) and realized he could work full-time while studying in a program that afforded him the flexibility he needed. Teuta found employment as a medical assistant. 

They settled into their new life and started a family that would grow to include four children now ranging in age from 6 to 19. They juggled work, school and home life. 

With patience and perseverance, Xeni obtained a Bachelor of Science in Cybersecurity in 2019. He went on to earn a Master of Science in Digital Forensics Cyber Investigation in May 2021. Meanwhile, Teuta moved up the ranks to clinical manager at the medical practice where she works. She obtained a B.S. in psychology from UMGC. 

“It was important for us to earn degrees so that our kids would see us as role models. In fact, I graduated a year before my oldest started college,” said Xeni. “I tell my kids that college might be difficult, but it’s a gift many people around the world aren’t able to obtain.

“‘Slow and steady wins the race’ became our motto,” he added.

For Xeni, a degree in cybersecurity culminated a lifelong interest in information technology. Teuta’s childhood enthusiasm about becoming a medical doctor evolved into an interest in psychology and the administrative side of the medical field. She is now pursuing a Master of Science in Health Informatics Administration at UMGC to advance her career as a clinical manager of electronic health record systems. 

Xeni now works as an information systems security officer at Synergy ECP, where he enjoys bringing new talent together to positively address challenges. 

Teuta also recognizes the cybersecurity risks inherent in her work. “It is important to keep health records secure, especially when considering all the cyber intrusions as well as ransomware attacks that are crippling the health care systems,” she said. 

Xeni aspires to become a special agent with a focus in digital forensics and cyber investigation, while Teuta has her eye on becoming a clinical informatics analyst. For both, the biggest challenge is time management. Through their pursuit of work-life balance, perseverance has emerged as the tool that keeps them focused and committed to the end goal. 

“A letter from my son at graduation showed me that our greatest achievement is not necessarily our degrees, but the example and the expectations we set for our children,” said Xeni. 

Can Public-Private Partnerships Solve Our Cybersecurity Woes?  

Guest author Bruce deGrazia, JD, CISSP, is a collegiate professor of cybersecurity management and policy at UMGC.  

Every day a new cyberattack takes place somewhere in the United States. These attacks can originate domestically or internationally, and their motives range from financial gain to state-sponsored, low-level warfare. Whatever the threat, the common thread is that there is no easy way to stop them.  

What is the solution? We’ve seen policy approaches, including simple strategies such as training. We’ve seen technical approaches, such as stronger firewalls. Also in the national cybersecurity conversation is a discussion around what is known as the Orlando Doctrine, in which private organizations can legally target suspected hackers and destroy their infrastructure. None of these approaches appear to work, as successful cyberattacks have only increased, leading experts to search for other solutions.  

One of those is the idea of public-private partnerships. 

A public-private partnership takes various forms, from the sharing of costs and profits, as occurs with a toll road, to the sharing of information between the private sector and the government without the fear of liability for antitrust. It is the latter type of public-private partnership that has been proposed to address cyber-vulnerabilities and attacks. The question is: Will it work?  

This idea is not new. As early as 2009—a lifetime in cybersecurity years—the Intelligence and National Security Alliance (INSA), a not-for-profit organization of private sector government contractors in the intelligence and national security fields, offered various models of how such a partnership would work. INSA looked at successful partnerships in fields other than cybersecurity to determine whether those approaches could be transferred. Ultimately, it proposed bringing together a series of panels, the members of which would encompass individuals, private sector companies and government organizations, to share information and draft voluntary standards for use across industry. 

INSA’s proposal was good but was never implemented. To have done so would have required action not only by the executive branch of government, but also through legislation. In addition, the private sector, including internet service providers, would have needed to accept the concept of voluntary regulation. The information technology industry is vehemently opposed to regulation of any sort. Even voluntary standards were a non-starter. 

Legislation has been proposed in Congress to create public-private partnerships for cybersecurity. In 2020 and 2021, the bipartisan Enhancing Grid Security Through Public-Private Partnership Act was introduced in both the U.S. House and Senate. This bill focuses on just a single industry—the electricity creation and transmission sector—but one that is seen as particularly vulnerable and for which a successful attack on the grid would have devastating consequences. Focus on preventing such an attack is a logical place to start. 

The proposed legislation is hardly earthshaking. It simply directs the secretary of energy to create a program to develop a basic framework for auditing, self-assessments, training, sharing best practices and setting up third-party vendor guidelines. It also requests that the secretary of energy provide a report that evaluates policies and procedures for enhancing the cybersecurity of the grid.  

So, what happened to the bill? In the previous Congress, it passed the House and was sent to the Senate, where it died in committee. In the current Congress, the bill has also passed the House and is back in the Senate—under consideration by the same committee that previously reviewed it. 

Unfortunately, the outlook for public-private partnerships to advance cybersecurity looks dim. The most comprehensive proposal, that of INSA, appears to have gone nowhere. Even approaches that target a single industry, like the bill now in the Senate, are not assured.  

Perhaps the public-private partnership is not the way forward. We need only look as far as the INSA proposal to see why. Voluntary regulation is unpopular. Industry does not like regulation in general and will use the process to delay any attempt to impose rules. The IT industry is notoriously independent and likes it that way. Also, because there are as many cybersecurity technology solutions as there are companies, competition among the creators of those solutions is fierce. Where would the “best practices” come from?  

The bottom line is that the INSA and legislative approaches presuppose a high-level of voluntary cooperation between government and the private sector. In our competitive marketplace, that cooperation is difficult to achieve if a trade secret might be revealed or if a company might lose a strategic advantage.  

UMGC Cyber Team Enters Fall Season with a Victory at Parsons Capture the Flag Competition

Adelphi, Md. (October 8, 2021)–The University of Maryland Global Campus (UMGC) cyber competition team placed first in in a recent capture the flag (CTF) tournament sponsored by Parsons Corporation, a global provider of cyber and converged security services.

At the Sept. 28 event, which attracted cybersecurity professionals and students of all skill levels, UMGC scored 4,300 points to beat out 10 other teams and take first place. The winning UMGC team included current student and active duty Air Force member John Cole, as well as recent alumni Paul Chilcote, Alex Barney and Jonathan Woodward, who all received their undergraduate degrees from UMGC. 

“Our win in this Parsons event was particularly meaningful because the team fell out of first place with only 24 minutes left, but then regained the lead for good and won by only 100 points,” said Jesse Varsalone, associate professor of Computer Networks and Cybersecurity at UMGC and coach of the competition team. “The victory was a testament to the highly developed skills of the students and alumni who participated.”

The Parsons jeopardy style CTF event tested participants’ skills on a range of relevant topics, including network forensics, coding, web hacking, cryptography, analytics, penetration testing, malware analysis, algorithms and reverse engineering. Typically an in-person event, students participated in this Parsons CTF competition remotely due to COVID-19 restrictions. “In the face of the pandemic, UMGC has continued to grow its team and compete in remote events at the highest level and the Parsons competition, based in Denver Colorado, is yet another example,” said Varsalone.

Established in 2012, the UMGC cybersecurity team is composed of students, alumni, and faculty who compete regularly in digital forensics, penetration testing, and computer network defense scenarios that help them gain experience to advance their cybersecurity careers. To prepare for competitions, students detect and combat cyberattacks in the university’s Virtual Security Lab and work through case studies in an online classroom. Through its history, the team has received numerous top honors, including recent first-place finishes in the 2021 Maryland Cyber Challenge and the 2020 MAGIC, Inc. capture the flag competition. 

About University of Maryland Global Campus

University of Maryland Global Campus is a world leader in innovative educational models with award-winning online programs in biotechnology, cybersecurity, data analytics, information technology, and other high-demand disciplines in today’s increasingly technical, global workplace. With an enrollment of some 90,000 students, UMGC offers open access with a global footprint and a specific mission—to meet the learning needs of students whose responsibilities may include jobs, family, and military service. The university offers both undergraduate and graduate degrees and certificate programs, including doctoral programs. A pioneer in distance education since 1947, UMGC is harnessing the power of learning science and technology to deliver accessible high quality, low-cost higher education.

Cyberbullying: Five Common Misconceptions 

Guest author Richard White, Ph.D., is an adjunct professor of cybersecurity information assurance at UMGC. He is also the author of the books “Cyberbullying: The Silent Sickness of America’s Youth,” and “Cybercrime: The Madness Behind the Methods.” 

In the last 15 years or so, a new menace has emerged that threatens to erode trust and destroy young lives. Before children had access to mobile phones, social media accounts and online gaming forums, bullying occurred mainly in schoolyards and on playgrounds. There, at least you knew who the bullies were and that you would be safe at home. Sadly, today we live in a world where “cyberbullies,” perpetrators who use electronic communication to intimidate or threaten, follow their victims right into their homes and even the safety of their bedrooms.  

Cyberbullying occurs out of public view and away from the sightline of mindful parents, teachers, friends and bystanders. Victims of cyberbullying have nowhere to hide. 

Many people do not take the cyberbullying epidemic seriously, mainly because they do not see it or understand its implications. But the consequences can be devastating. According to the Journal of Health Economics, statistics collected as far back as 2017 indicate that internet bullying increases suicidal thinking among its victims by 14.5 percent and suicide attempts by 8.7 percent. In recent research published in the Journal of School Violence, Sameer Hinduja and Justin Patchin, co-directors of the Cyberbullying Research Center, found that students who experienced bullying or cyberbullying are nearly twice as likely to attempt suicide.   

Social media, an integral part of how teens, especially, communicate and interact with friends, has made it particularly difficult for parents to identify the signs cyberbullying and even more difficult for them to prevent it. The social aspect of social media—namely retweets, “likes” and comments—opens a world of opportunity for nefarious behavior. An original message can be distorted, private photos can be shared, and a perfectly innocent communication can be misused to victimize and torment its originator. 

Cyberbullies remain anonymous or masquerade as someone else. They attack at any time of day or night and from any place in the world. Victims often find themselves alone in the fight as others steer clear to avoid becoming targets, too. This gives the advantage to the cyberbully and makes it harder to stop the malicious activity. 

To better understand and combat online abuse and hate, it is helpful to dispel common misconceptions about cyberbullying.   

  1. Cyberbullying is less harmful than traditional bullying. 

False. Traditional bullying can be damaging and lead to physical altercations. But the  persistent and pervasive nature of cyberbullying can fuel deep emotional and physical problems that even lead, in some cases, to suicide. The real problem with cyberbullying is the persistent relationship between the victim and the digital media source of the abuse. A cyberbully take advantage of this relationship. 

  1. Victims of cyberbullying show signs of emotional abuse early. 

False. With younger victims, often there are no obvious signs of abuse until the bullying problem becomes overwhelming and dangerous. Victims, embarrassed by the content a cyberbully focuses on or spreads, may make every effort to hide it from those who care about them.  

  1. A parent can tell if a child is being cyberbullied.  

False. Not only is this not true, but a parent may be the last to know. Children and young adults are experts when it comes to hiding emotional distress. They go great lengths to hide their pain from parents and other authority figures, particularly in the early stages of the abuse.  

  1. Cyberbullying usually unfolds in one form. 

False. Cyberbullying takes many shapes, including the following: 

  • Using text messaging to harass a victim: Bullies often work as a gang to identify a target and then send hundreds of messages filled with vulgarities and personal insults. The goal is to overwhelm a victim by the sheer number of attacks. These bullies may magnify this by posting rumors—meant to cause as much emotional distress as possible—on social media platforms.  
  • Falsely reporting a victim as a cyberbully: Many websites and chatrooms feature a button to notify moderators of a user who is causing harm to other people on the platforms. If they receive multiple reports over a short period of time, the systems are designed to automatically remove someone from their service. Bullies use this feature to kick innocent victims off social media networks. 
  • Identity theft: Bullies will steal the password to a social media account and then post inappropriate material in full view of parents, relatives and friends. Some cyberbullies post racist or sexual information specifically to embarrass. 
  • Trolling: Trolling is a term that has received widespread notoriety over the last few years. This practice involves sending a message aimed at eliciting an emotional response from the victim. These messages target ethnic, religious or social background. Most of these offenders, or Trolls, seek to overwhelm their victims and make them feel vulnerable and humiliated. This leads to feelings of hopelessness. It also leaves victims powerless to control emotional and social situations in their lives.  
  • Cyberstalking: An especially dangerous type of bullying, cyberstalking occurs when a perpetrator monitors a victim’s digital media presence to gather information on their personal life, whereabouts and behavior patterns. The information is used to blackmail, harass or solicit sex from a victim. This is additionally dangerous due to the close link between stalking and violence.  
  • Ostracism: A large group of friends can decide to purposefully ignore one member by failing to acknowledge phone calls, texts or online posts. This makes the victim feel isolated and embarrassed. 
  • Trickery: Trickery can take several forms. For example, someone can create a fake social media account to trick a victim into believing someone is romantically interested in them or to get the victim to trust them. Once the connection is achieved, victims might be lured into revealing personal information that could be used to blackmail or embarrass them.  
  1. Cyberbullies are evil and misguided. 

False. Cyberbullies, in most cases, appear well adjusted and socialize with others in a seemingly acceptable manner. This includes their interactions with parents, teachers, authority figures and even the parents of their victims. Who, then, becomes a cyberbully? The disconcerting answer is anyone. Context and situation, home environment, poor coping skills, past victimhood or a lack of supervision can all contribute to the emergence of a cyberbully. 

Cyberbullying is on a rapid rise, and we must take a stand now to prevent and eradicate this social disease. Tougher laws are needed to document and punish first-time and repeat offenders. More responsibility needs to reside with social media platforms. They must block and permanently remove offenders, both automatically and when reported. We also need to extend more authority to law enforcement agencies responsible for investigating and prosecuting offenders.  

Lastly, everyone must be involved: parents, teachers, friends, other family members. The cost of inaction will be the loss of those most vulnerable. If you know or suspect someone is being cyberbullied, act now. Tomorrow might be too late.  

2021 GenCyber Campers Gain the Toolkit to Prepare the Next Generation

High school teachers gathered virtually for an intensive week-long workshop designed to help incorporate cybersecurity into school curriculum. The program, offered with the support of University of Maryland Global Campus (UMGC), provided educators with an array of skills, games, labs, and supporting tools and technologies to take back to their classrooms.

“What stood out to me was the way that we were able to build a community of teachers by the end of the week,” said Brandie Shatto, program chair for the GenCyber camp and professor of instructional technology at UMGC. “We were able to incorporate activities throughout the camp that required collaboration and allowed the teachers to get to know each other and the instructional staff.”

Last offered in 2019 as an in-person event, this year’s July 26-30 camp was delivered via Zoom, but that did not stop participants from thriving in a collaborative environment.

Kyra Walker

The teachers came from high schools in five Maryland counties, as well as the District of Columbia, northern Virginia, New Jersey, Connecticut, and Pennsylvania. They represented a broad range of subject areas, including homeland security, computer science, data structures, engineering, networking, and library sciences. The program exposed them to the many facets of cybersecurity.

“I hope to give my students an insight to an undiscovered portal,” said Kyra Walker,a resource teacher for the gifted at the Arlington Career Center in Arlington, Virginia. “I’m looking forward to incorporating the skills of ethical hacking into our problem-based learning projects.”

Leading the instruction at the event were Shannon Beck, assistant professor of computer and cyber sciences at the United States Air Force Academy, and Kim Mentzell, cybersecurity program manager at the Maryland Department of Commerce.

“The diversity, deep experience, and interest of the teacher participants was particularly notable this year,” said Beck. “One of the notable interactions was a debate about privacy centered around views for cell phone access.”

In addition to cybersecurity training relevant to grades 9–12, camp participants receive cybersecurity curriculum development support, resources to take back to the classroom, a $1,300 stipend for full program participation, and a certificate of completion.

University of Maryland Global Campus Meets Growing Demand for Data Scientists with New Bachelor’s Program

Adelphi, Md. (August 11, 2021) — University of Maryland Global Campus (UMGC) will begin enrolling students in a new Bachelor of Science program in Data Science in Spring 2022. The program, offered through the School of Cybersecurity and Information Technology, responds to growing industry demand for skilled data science professionals at the bachelor’s degree level.

The demand for skilled data science professionals exceeds supply by 50 percent, and the shortage is expanding. According to the U.S. Bureau of Labor Statistics, about 11.5 million data science jobs will be created by 2026.

“As a pioneer in online learning, UMGC is one of a very few universities to offer an online bachelor’s degree in data science,” said Douglas Harrison, vice president and dean, School of Cybersecurity and Information Technology at UMGC. “Traditionally data science programs have been offered exclusively at the master’s level, but we’ve heard loud and clear from our corporate and public sector partners – and employment market reviews by organizations such as Glassdoor, Forbes and Gartner back this up – that data science is rapidly becoming ubiquitous across all sectors of the economy and generates incredible growth in job opportunities for graduates at the bachelor’s level.”

“The Bachelor of Science in Data Science program aligns with an expected surge in demand for machine learning, deep learning, Python, Tableau, artificial intelligence and natural language processing,” said Elena Gortcheva, professor and director of the data analytics program at UMGC. “The program aims to produce graduates who are ready to respond to the emerging need for skills in those areas.”

Graduates of the program will earn a certificate in Business Analytics upon completion of the first five courses in the program. The degree helps fast track careers in a range of private and public sector industries, including banking and financial services, sports and entertainment, health care, technology, manufacturing, retail, and government.

UMGC faculty in the Bachelor of Science in Data Science program are expert scholar-practitioners in all aspects of the field. They include principal data scientists at National FFA Organization, IBM, GE and Oracle Healthcare, as well as a chief information officer at the National Institutes of Health Clinical Research Center.

About University of Maryland Global Campus

University of Maryland Global Campus is a world leader in innovative educational models, with award-winning online programs in disciplines—including biotechnology, cybersecurity, data analytics and information technology—that are in high demand in today’s increasingly technical global workplace. With an enrollment of some 90,000 students, UMGC offers open access with a global footprint and a specific mission to meet the learning needs of students whose responsibilities may also include jobs, family and military service. The university offers both undergraduate and graduate degree and certificate programs, including doctoral programs. A pioneer in distance education since 1947, UMGC today is harnessing the power of learning science and technology to deliver high quality, low cost, accessible higher education.

UMGC Awarded Grant for 2021 GenCyber Teacher Education Program

Adelphi, Md. (June 7, 2021)– University of Maryland Global Campus (UMGC) has been awarded a $90,000 grant through the National Security Agency (NSA) to conduct a GenCyber program for high-school teachers in the summer of 2021.

Building on the success of a similar program conducted in 2019, the 2021 GenCyber Teacher program, to be held July 26-30, aims to help a new, diverse group of high school teachers improve their methods of delivery for cybersecurity content in their curricula. Like the 2019 event, participants will leave with lesson plans, classroom projects, and a network of like-minded teachers to share future ideas.

“As cyberattacks continue to rise, particularly among educational institutions and school systems, it is vitally important that we arm educators with the skills needed to ensure the security of their students and schools,” said Dr. Loyce Pailen, senior director of the Center for Security Studies at UMGC. “This year’s GenCyber program will build on the 2019 event to provide educators the tools they need to train and inspire the next generation of cyber professionals’

The 2021 GenCyber program will comprise 25 teachers from STEM fields in Maryland and the surrounding area with a priority on teachers in Baltimore City. Consideration will also be given to teachers in other subject areas such as business, given the fact that cybersecurity is a critical element in all facets of the private sector. Participants will receive a $1,300 stipend for full program participation. UMGC will conduct follow-up sessions with participants to further their professional development and support the use of curriculum and materials in their classrooms.

The application deadline for the 2021 camp is Friday, June 11, 2021, at 11:59 p.m. Eligibility requirements and application instructions are available on the UMGC website. In response to the global Covid-19 pandemic, the 2021 program will be conducted in a virtual learning environment.

UMGC Expertise Featured Prominently at CyberMaryland 2021

The 2021 CyberMaryland Conference presented by the Federal Business Council (FBC) promoted the theme, “Building the Cyber Generation.” During the two-day conference agenda, University of Maryland Global Campus speakers built on this theme with the intent of ensuring today’s cyber-safety and educating tomorrow’s cybersecurity professionals.

Featuring thought leaders from Maryland’s cybersecurity sector as well as nationally recognized speakers and panelists on cyber and technology innovations, the online event covered the most up-to-date information in all facets of the cyber ecosystem. UMGC faculty members, including several from the School of Cybersecurity and Information Technology, presented on a wide range of topics. Notably they discussed current and future cyber legislation, promoting women in cybersecurity, the emerging field of cyber accounting, and the potential of stackable credentialing.

Additionally, the UMGC student cyber competition team scored a big win by placing first in the four-year university category at the conference’s national capture-the-flag (CTF) competition. This signature event, hosted by UMGC, assembled top national cyber talent competing in an online-virtual competition. The UMGC team, including Tim Nordvedt, Paul Chilcote, Louis Rush and Ben Simcox, scored 91 points to take first place, followed by runner up University of Central Florida with 87 points, and Towson University taking third place with 56 points.

Keeping pace with national and local threats through legislation

On day one of the conference, Greg Von Lehman, special assistant for cybersecurity at UMGC, moderated a panel on recent cybersecurity legislation in Maryland and at the federal level. Von Lehman noted that the number of cybersecurity bills proposed in Congress has climbed steadily in recent years as have bills in state legislatures.

“We will be seeing a greater impact of the government’s role in the nation’s cybersecurity,” said Von Lehman. “From 2016 to 2020, we saw that COVID-19 impacted the number of cybersecurity bills that passed, and we should see more passed in 2022.”

Panelists, including Michael Garcia, senior policy advisor at ThirdWay, and Markus Rauschecker, cybersecurity program director at the University of Maryland Center for Health & Homeland Security (CHHS), explored the victories for cybersecurity in the last Congress, the range of cybersecurity issues that state legislatures are seeking to address, and the cybersecurity bills that are currently moving through the Maryland General Assembly.

Garcia added that the 116th Congress has increased the amount of cyber legislation, which is also gaining bipartisan support. “Although going after adversaries is not a key priority thus far, there has been a lot of pressure on members of congress to act after the SolarWinds attacks,” he said.

Von Lehman offered a summary of legislation, stating that most bills introduced and passed on the national level focused on three primary areas—election security, criminality and consumer protection. For election security, 14 best practice bills were introduced out of 35 total and four were passed. Criminality bills focused on increasing penalties, identifying new crimes, and increasing investigative capacity for cybercrimes. Most consumer protection bills introduced focused on security requirements, such as data protection and personal information. In this area, 33 bills were introduced and three passed.

Von Lehman added that legislation in Maryland reflects what is happening on the national stage. “There are 18 cyber-related bills in the current Maryland session focusing on criminal law, consumer protection, preparedness, governance, education and workforce development, and voting security,” he said.

Supporting women in cyber education

A day-one afternoon keynote panel on women in cyber education featured Loyce Pailen, senior director for the Center for Security Studies at UMGC and focused on how public and private organizations can work together to bring more cybersecurity education and employment opportunities to women in their local communities and nationwide.

While cybersecurity jobs are at an all‐time high, she said the gender gap in the field remains wide. The panel discussed ways to build awareness and interest in cyber careers among women of all ages. Pailen stressed the importance of role models. “Girls need to see people like them in the jobs they aspire to attain,” she said. “Rather than introducing girls to cyber, we should be asking them what it is they want to solve in life,” she added.

Also on the panel was 14-year-old Bianca Lewis, otherwise known as “BiaSciLab,” founder of Girls Who Hack, which teaches girls hacking skills so that they can change the future. Asked what educators can do to get girls engaged in cybersecurity, Lewis said, “Kids love anything hands on, so I think that if we want my generation to get into STEAM, we need to teach them hands on projects.”

Panelist Jennifer Wood, head of communications and government affairs at Luta Security, offered a messaging perspective for promoting women in cyber. “We need to change the messages that women are hearing,” she said. “Girls need to see all these women featured as cyber experts and understand that they can have that role as well.” Wood also said that local companies are lagging in terms of engagement. “They need to do a better job engaging in local events and getting involved in the schools to make sure there are increased opportunities in K-12 and beyond.”

Meeting the need for cybersecurity training in the accounting field

As guardians of crucial assets—while not typically thought of as cybersecurity professionals—accountants now play a critical role in cybersecurity and digital forensics. A UMGC panel of four faculty members discussed the impetus to develop a master-level CyberAccounting program, including the expanded role of lawyers and CPAs in cybersecurity.

Accounting firms are treasure troves of information. To hackers, they are targets. And although CPAs are not cyber experts, they do need to know when to engage cyber professionals. They need to understand the risk landscape, how to detect intrusions into assets, how to promote cyber resilience, and how to foster conversations among stakeholders.

Key to cyber accounting, according to Bruce DeGrazia, professor of Cybersecurity Management and Policy, is an understanding of Blockchain. “Leaders in accounting need to understand Blockchain, not because it is the basis for crypto currencies, but because it can be used to protect documents and transactions,” he said. “Blockchain in financial institutions allows us to protect documents and confidentiality.”

DeGrazia also made the case that the CPA skillset is a natural fit for cyber audits. “CPAs are expert in audits and are able to identify cyber risks and assess the severity of each one,” he said. “They are good at auditing security policies and privacy controls, they can perform penetration testing on the social engineering side of cybersecurity, and they can integrate cyber risks into the audit plan.”

Positioning learners for academic and career success with microcredentials

Douglas Harrison, vice president and dean of the UMGC School of Cybersecurity and Information Technology, moderated a session on stackable microcredentials and how providing professionals with right-sized industry-aligned credentials that can be assembled (stacked) toward traditional degrees are increasingly valued in the workplace.

“Students can assemble a series of credentials–certificates, licenses, badges, or apprenticeships–that recognize achievements and abilities,” said Harrison. “This increases their currency in our knowledge economy, creating more direct pathways to better jobs and higher wages.”

Why stackable? The high cost of education and immediate relevancy are two driving factors to incremental learning. “There is a theory that supports learning in smaller bites,” said Harrison. There is also a motivational aspect. Harrison noted that adults also sense value upon completion if learning is done incrementally and in smaller amounts. Moreover, by stacking education into small units of learning, students are afforded the flexibility of coming in and out of learning. Ed Bach, vice president, Strategic Partnerships at UMGC, discussed the business case for stackables from an employer perspective. “Corporations are looking for knowledge now,” he said. “Stackables help us produce focused, well-educated employees for employers, while encouraging life-long learning.

UMGC Takes First Place in CyberMaryland’s National Capture-the-Flag Competition

Adelphi, Md. (March 29, 2021)–University of Maryland Global Campus (UMGC) placed first in the four-year university category at the 2021 CyberMaryland Conference’s national capture-the-flag (CTF) competition on March 24.

UMGC scored 91 points to take first place, followed by runner up University of Central Florida with 87 points, and Towson University taking third-place with 56 points.

The UMGC team included Tim Nordvedt, captain (MS Cybersecurity Technology); Paul Chilcote (BS Cyber Management and Policy); Louis Rush (MS Digital Forensics and Cyber Investigation); and Ben Simcox (BS Computer Science, Cybersecurity minor).

“Our victory in this annual event is a testament to the rigor of our cybersecurity program and to the highly developed skills of the graduate and undergraduate student practitioners working in the field today,” said Jesse Varsalone, collegiate professor of Cybersecurity Technology at UMGC and organizer of the competition.

The signature event of the conference, the Maryland Cyber Challenge & Competition (MDC3) hosted by UMGC, gathered top national cyber talent competing in an online-virtual competition using the TryHackMe cybersecurity training platform.

The UMGC team was coached by Aaron Klink, associate adjunct professor in Cybersecurity Technology in the School of Cybersecurity and Information Technology. John Galliano, program director, Cybersecurity Technology, and Varsalone ran the competition, which included creating all 100 questions in 10 categories, conducting the training session, tabulating the results, and managing technical issues and questions throughout the competition.

About CyberMaryland 2021

Hosted by the Federal Business Council (FBC), the 2021 CyberMaryland Conference featured two days of educational presentations on the latest IT and cybersecurity technologies by industry and government subject matter experts. The event assembled thought leaders from Maryland’s cybersecurity sector and also featured nationally recognized speakers and panelists on cyber and technology innovations. Sessions covered the most up-to-date information from leaders in all facets of the cyber ecosystem. This year’s theme, “Building the Cyber Generation,” encompassed the event’s intent to ensure the cyber-safety of today and educate the cybersecurity professionals of tomorrow.