For an industry focused on something as basic as ones and zeroes, the concept of cybersecurity is remarkably hard to pin down. Even cybersecurity experts can’t agree on a unifying definition.
Partly to blame is the word’s generic use as a catch-all term for frequently overlapping elements, such as information security, application security, network security, end-user education, continuity planning, online hygiene and other related disciplines.
It helps, nominally, to think of cybersecurity in terms of science itself, a vast realm of study that’s similarly made up of constituent disciplines: chemistry, biology, zoology, physics and astronomy, among others.
According to Rick Geritz, CEO of the Baltimore-based company LifeJourney, provider of STEM mentoring and career advice, it’s not such a bad analogy.
“In fact, [people in the industry] have recently introduced the term CyberScience to help clarify [the industry’s focus],” he said. “CyberScience is the new cybersecurity. It’s more or less the intersection of risk, technology and human behavior.”
If that sounds like a dangerous combination, consider also the underlying technodiversity of mobile and networked devices, and their rapidly progressing evolution.
The effort to stay a step ahead of unanticipated threats is enormous, but it is being made. At the federal level, it is driven by President Barack Obama’s 2009 Cyberspace Policy Review and former President George W. Bush’s Comprehensive National Cybersecurity Initiative.
Closer to the home page, which is of more concern to businesses in the private sector, there are a number of local, regional and statewide efforts focused on the global problem.
CyberMaryland, a public-private partnership launched in 2011 to reinforce Maryland’s leadership in cybersecurity and information technology (IT), will host its fifth annual conference on Oct. 28 and 29 at the Baltimore Convention Center.
“Statewide, the industry has stepped up to form a very robust advisory board for [the initiative], and there’s a lot of action behind it,” Geritz said.
The board composes about 30 companies formed around the core areas of education, innovation and investment capital, technology and economic development, he said.
“The big theme this year explores the fact that cybersecurity has now made its way into the boardroom,” Geritz noted. “Companies are paying more attention to it, and more companies are beginning to create the position of chief risk officer in their organizations, [for] someone who takes on both the information technology and risk roles.”
Another statewide initiative, the Maryland Cybersecurity Roundtable, continues the work of its inaugural task to create recommendations for industry partners and stakeholders and to develop itself as a cybersecurity resource for businesses in the state.
Launched in 2012, the Roundtable suffered a setback in June with the sudden and unexpected death of its president, Len Moodispaw, former president and CEO of Hanover-based KEYW Corp.
And although Jeffery Wells stepped down as executive director of the Maryland Department of Business and Economic Development (DBED)’s Office of Cyber Development in July, he will nevertheless continue his association with the Roundtable as its vice president for the foreseeable future.
According to DBED Assistant Secretary for Business and Enterprise Development Ursula Powidzki, a new director of cyber development should be named within the next two months.
Although no replacement has been named for Moodispaw, “The Cybersecurity Roundtable remains very active, and we’re focused on rolling out a number of things that will be announced within six months to a year from now,” said Vice President Kevin Kelly of Scoyoc Associates in Washington, D.C., who serves as the Maryland Cybersecurity Roundtable’s secretary.
Part of the Roundtable’s tasking is to figure out how to apply national security and defense expertise in cybersecurity to non-military and non-governmental applications.
“We’re also working closely with community colleges, at the behest of Sen. Barbara Mikulski, to create stronger matchmaking between companies and these colleges,” Kelly said. “We’ve now launched an initiative with the Maryland Association of Community Colleges to make this happen.”
From an education and workforce development perspective, the Anne Arundel Community College Center for Cyber and Professional Training focuses on the needs of industries that are very well defined.
At the same time, “We do recognize that cybersecurity is more amorphous and falls across all industries, defined by the particular application,” said Michael Volk, business development coordinator for AACC’s Cyber Center. “For that reason, we’re enhancing our continuing education options, offering non-credit courses and building out courses to help students develop specific skills along pathways to their individual job roles.”
On Sept. 10, the Howard County Chamber of Commerce’s GovConnects division will continue its engagement of the area’s cybersecurity stakeholders with its sixth annual cybersecurity conference. Titled, “Cyber 6.0: Migration to the Cloud,” the event provides a forum for small and mid-sized businesses in Howard County and the region to access industry and government leaders with current information.
“This year we’re focused on the challenges and vulnerabilities as companies contemplate the best place to store intellectual property and manage the cloud,” said GovConnects Executive Director Maureen Thomas. She added that this year’s panel discussion with experts from a number of industry sectors will give participants the chance to discuss these issues from various perspectives.
Breakout sessions this year include Mobile IT, Health IT, the insider threat and the Federal Risk and Authorization Management Program (FedRAMP).
New this year is a Tech Talk Challenge. “We’re accepting applications until Aug. 10 from entrepreneurs and startups with new ideas and giving them a chance to pitch those ideas at the conference,” Thomas said, adding that the deadline for application may be extended. Interested entrepreneurs can find details at www.govconnectscyber.com.
Devices Turned Targets
As more devices and even homes, appliances and vehicles begin to feature network connectivity, the so-called Internet of Things is poised to become the next unintended target of hostile exploitation.
With that in mind, it’s more important than ever that employees who use computers — or anyone who uses computers, for that matter — has the education to protect themselves when surfing, using e-mail or recognizing situations that could expose networks to hostile access.
Travelers themselves are also becoming more aware of a technique called juice jacking, in which criminals use third-party docking stations in airports and other public places to steal personal and financial information from devices while they are being charged.
As a minimal defense, Kelly said, travelers should use power-only USB cords that don’t have the ability to transmit data.
“From networked systems on cars to personal health devices, all of these things now offer greater vulnerability in the process of their use,” Kelly said. “The convenience of connectivity has introduced a level of risk that nobody really anticipated.”