Editor’s note: This article contains plot spoilers.
Society’s understanding of technology and cybersecurity often is based on simple stereotypes and sensational portrayals in the entertainment media. I’ve written about how certain scenarios are entertaining but misleading. Think of black-clad teenage hackers prowling megacities challenging corporate villains. Or think of counterintelligence specialists repositioning a satellite from the back of a surveillance van via a phone call.
But sometimes Hollywood gets it right by depicting reality in ways that both entertain and educate. And that’s important, because whether it’s a large company, government or your personal information, we all share many of the same cybersecurity threats and vulnerabilities. As a former cybersecurity industry practitioner and current cybersecurity researcher, I believe the final season of “Star Trek: Picard” is the latest example of entertainment media providing useful lessons about cybersecurity and the nature of the modern world.
So how does “Star Trek: Picard” relate to cybersecurity?
The nature of the threat
The show’s protagonist is Jean-Luc Picard, a retired Starfleet admiral who commanded the starship Enterprise-D in a previous series. Starfleet is the military wing of the United Federation of Planets, of which Earth is a member. In Season 3, the final season, Picard’s ultimate enemy, the Borg, returns to try conquering humanity again. The Borg is a cybernetic collective of half-human, half-machine “drones” led by a cyborg queen.
The Borg has partnered with other villains and worked for over a decade to deploy hidden agents able to compromise the DNA data contained in the software underpinning the transporter – a teleportation device used regularly by Starfleet personnel. Over many years, a certain subgroup of Starfleet personnel had their DNA altered by using the transporter.
Thus, in launching their final attack, the Borg is able to instantly activate thousands of “drones” to do its bidding in the form of altered, compromised Starfleet personnel. As Geordi La Forge, the Enterprise-D’s engineer, notes, “They’ve been assimilating the entire fleet this whole time, without anyone ever knowing it.”
Instead of malicious software taking over computers, the plot involves malicious genetic code taking over humans.
The Borg’s prolonged, stealthy infiltration of the federation is indicative of how today’s most effective cyberattackers work. While it’s relatively easy to detect when hackers attempt to breach a system from the outside, experts worry about the effects of an enemy infiltrating critical systems from within. Attackers can put malicious code in software during manufacturing or in software updates, both of which are avenues of attack that do not arouse suspicion until the compromised systems are activated or targeted.
This underscores the importance of ensuring the security and integrity of digital supply chains from product development at the vendor through product deployment at client sites to ensure no silent “drones,” such as malware, are waiting to be activated by an adversary.
Equally important, “Star Trek: Picard” presents the very real and insidious nature of the insider threat faced by today’s organizations. While not infected with a cybernetic virus, recently arrested Massachusetts Air National Guard airman Jack Teixeira shows the damage that can occur when a trusted employee has malicious intent or becomes co-opted and inflicts significant damage on an employer.
In some cases, these compromised or malicious individuals can remain undiscovered for years. And some global adversaries of the U.S., such as China and Russia, are known for taking a long-term perspective when it comes to planning and conducting espionage activities – or cyberattacks.
Humans remain the weakest link
“Synchronistic technology that allows every ship in Starfleet to operate as one. An impenetrable armada. Unity and defense. The ultimate safeguard.”
With these words, humanity’s military defenders activated a feature that linked every Starfleet vessel together under one unified automated command system. While intended to serve as an emergency capability, this system – called Fleet Formation – was quickly hijacked by the Borg as part of its attack on Earth. In essence, Starfleet created a Borg-like defense system that the Borg itself used to attack the federation.
Here, the most well-intentioned plans for security were thwarted by enemies who used humanity’s own technologies against them. In the real world, capabilities such as on-demand real-time software updates, ChatGPT and centrally administered systems sound enticing and offer conveniences, cost savings or new capabilities. However, the lesson here is that organizations should not put them into widespread use without carefully considering as many of the potential risks or vulnerabilities as practical.
But even then, technology alone can’t protect humans from ourselves – after all, it’s people who develop, design, select, administer and use technology, which means human flaws are present in these systems, too. Such failings frequently lead to a stream of high-profile cybersecurity incidents.
Resiliency is not futile
To counter the Borg’s final assault on Earth, Picard’s crew borrows its old starship, Enterprise-D, from a fleet museum. The rationale is that its ship is the only major combat vessel not connected to the Borg collective via Starfleet’s compromised Fleet Formation protocol and therefore is able to operate independently during the crisis. As La Forge notes, “Something older, analog. Offline from the others.”
When a network has been compromised, it’s important to be able to use systems that aren’t connected to the network.
From a cybersecurity perspective, ensuring the availability of information resources is one of the industry’s guiding principles. Here, the Enterprise-D represents defenders in response to a cyber incident using assets that are outside of an adversary’s reach. Perhaps more important, the vessel symbolizes the need to think carefully before embracing a completely networked computing environment or relying on any single company or provider of services and connectivity for daily operations.
From natural disasters to cyberattack, what’s your plan if your IT environment becomes corrupted or inaccessible? Can your organization stay operational and still provide necessary services? For critical public messaging, do governments and corporations have their own uncorruptible Enterprise-D capabilities to fall back on, such as the fediverse, the decentralized microblogging platform that is immune to the impulsive manipulations of Twitter’s ownership?
Prepare for the unknown
The “Star Trek” universe explores the unknown in both the universe and contemporary society. How the crews deal with these experiences relies on their training, the appreciation of broad perspectives and ability to devise innovative solutions to the crisis of the week. Often, such solutions are derived from characters’ interests in music, painting, archaeology, history, sports and other nontechnical areas of study, recreation or expertise.
Similarly, as modern digital defenders, to successfully confront our own cyber unknowns we need a broad appreciation of things beyond just cybersecurity and technology. It’s one thing to understand at a technical level how a cyberattack occurs and how to respond. But it’s another thing to understand the broader, perhaps more systemic, nuanced, organizational or international factors that may be causes or solutions, too.
Lessons from literature, history, psychology, philosophy, law, management and other nontechnical disciplines can inform how organizations plan for and respond to cybersecurity challenges of all types. Balancing solid technical knowledge with foundations in the liberal arts and humanities allows people to adapt comfortably to constantly evolving technologies and shifting threats.
Dystopic metaphors in fiction often reflect current social concerns, and the “Star Trek” universe is no different. Although rooted in a science fiction fantasy, “Star Trek: Picard” provides some accurate, practical and understandable cybersecurity reminders for today.
Season 3, in particular, offers viewers both entertainment and education – indeed, the best of both worlds.
]]>
Lessons from ‘Star Trek: Picard’ – a cybersecurity expert explains how a sci-fi series illuminates today’s threats Richard Forno, University of Maryland, Baltimore County Editor’s note: This...https://dev.my.umbc.edu/api/v0/pixel/news/133729/guest@my.umbc.edu/0799593c84f838cad961ae6b5276f435/api/pixelcybersecurityComputer Science and Electrical Engineeringhttps://dev.my.umbc.edu/groups/cseehttps://assets3-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/xsmall.png?1314043393https://assets1-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/original.png?1314043393https://assets1-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/xxlarge.png?1314043393https://assets4-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/xlarge.png?1314043393https://assets3-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/large.png?1314043393https://assets1-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/medium.png?1314043393https://assets2-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/small.png?1314043393https://assets3-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/xsmall.png?1314043393https://assets3-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/xxsmall.png?1314043393Computer Science and Electrical Engineering10trueThu, 25 May 2023 09:10:48 -0400talk: Competition Arm of the CyberDawgs, 12-1 May 12Introduction, Overview, and Upcoming Tryouts
The UMBC Cyber Defense Lab presents
The Competition Arm of the CyberDawgs: Introduction, Overview, and Upcoming Tryouts
Established for the purpose of raising awareness and promoting good security practices in all aspects of computing, UMBC's Cyber Defense Team (aka CyberDawgs) is the university's renowned collegiate cyber defense team. The CyberDawgs participate in numerous annual cyber defense competitions where they have achieved national recognition, including DOE CyberForce in Illinois, ISTS in New York, and MACCDC hosted at home in Maryland. In addition to team competitions, members also participate in various individual and collaborative Capture the Flag (CTF) events, and host their own DawgCTF and Cyber Defense Exercise (CDE) each Spring/Fall semester, respectively. In this hour-long presentation, the team's captain will provide an overview of the CyberDawgs, their competitive journey, and the unique opportunities available to students interested in cybersecurity at UMBC. The captain will address some Frequently Asked Questions, covering topics such as selection criteria, team commitment, balancing extracurricular activities, and preparation for tryouts. Attendees will also learn about the social aspects of being part of the CyberDawgs, including participation in local hacker trivia nights, student conference tickets, dinners, hiking trips, and social gatherings. The team strives to create a well-rounded experience that goes beyond the realm of competitions, fostering camaraderie and lifelong friendships.
Kei-Won-Tia von Wrex (keiwontia@umbc.edu) is the captain and an honorary board member of UMBC's Cyber Defense Team (aka the CyberDawgs). Under the CyberCorps: Scholarship for Service (SFS) program, Kei-Won-Tia is seeking dual undergraduate degrees in computer science and psychology, with a social welfare minor and a focus on cybersecurity. In addition, she is a Returning Women Scholar and CWIT Associate Scholar, with honored membership in WiCyS, Phi Kappa Phi, Phi Theta Kappa, and Omicron Delta Kappa. Kei-Won-Tia is also a researching member of the Cyber Defense Lab. She expects to graduate magna cum laude in December, 2023.
Host: Alan T. Sherman, sherman@umbc.edu, Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681. The UMBC Cyber Defense Lab meets biweekly Fridays 12-1pm. All meetings are open to the public. Biweekly CDL meetings will resume in fall 2023.
]]>
The UMBC Cyber Defense Lab presents The Competition Arm of the CyberDawgs: Introduction, Overview, and Upcoming Tryouts Kei-Won-Tia von Wrex UMBC CSEE Department 12-1pm, Friday, May...https://dev.my.umbc.edu/api/v0/pixel/news/133325/guest@my.umbc.edu/04162aee884cdc9522e4e34d6554fa44/api/pixelctfcyberdawgscybersecurityComputer Science and Electrical Engineeringhttps://dev.my.umbc.edu/groups/cseehttps://assets3-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/xsmall.png?1314043393https://assets1-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/original.png?1314043393https://assets1-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/xxlarge.png?1314043393https://assets4-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/xlarge.png?1314043393https://assets3-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/large.png?1314043393https://assets1-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/medium.png?1314043393https://assets2-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/small.png?1314043393https://assets3-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/xsmall.png?1314043393https://assets3-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/xxsmall.png?1314043393UMBC Cyber Defense Lab00trueMon, 08 May 2023 14:08:29 -0400Mon, 08 May 2023 14:25:38 -0400Talk: AVScan2Vec, feature Learning on Antivirus Data, 4/14Learns semantics for production-scale Malware Corpora
The UMBC Cyber Defense Lab presents
AVScan2Vec: Feature Learning on Antivirus Scan Data for Production-Scale malware corpora
RJ Joyce
UMBC Discovery, Research, and Experimental Analysis of Malware Lab
Joint work with Tirth Patel, Dr. Charles Nicholas, and Dr. Edward Raff
We introduce AVScan2Vec, a sequence-to-sequence autoencoder that can ingest AV scan data, extract semantic meaning, and produce meaningful feature vectors for malware. AVScan2Vec is able to bypass several limitations of prior malware feature-extraction methods, while simultaneously showing noteworthy improvement in several relevant ML tasks. Our implementation of AVScan2Vec in combination with Dynamic Continuous Indexing is especially potent, enabling 10 nearest-neighbor lookup queries in ~16ms on a dataset containing over seven million malware samples. Automation has become increasingly more vital to the field of malware analysis due to manual effort being slow and costly. To improve common tasks such as classification, clustering, and nearest-neighbor lookup of malware, improving malware feature extraction has been a significant research focus. Many approaches rely on features that can only be obtained using prolonged analysis. Due to the enormous quantity and variety of malware, however, applying these feature extraction techniques to a production-size malware corpus would be infeasible. Other, more scalable feature-extraction methods are hindered by static obfuscation, restricted to a single file format, and/or limited in their capacity to identify higher-level malware features. Our work explores the under-recognized potential of antivirus (AV) scan data, which is relatively cheap to acquire and contains rich features.
RJ Joyce (joyce8@umbc.edu) is a PhD student at UMBC under the supervision of Dr. Charles Nicholas and Dr. Edward Raff. Presently, RJ works as a data scientist at Booz Allen Hamilton performing research at the intersection of malware analysis and machine learning. RJ is also a visiting lecturer at UMBC and is teaching the Principles of Computer Security course this semester.
Host: Alan T. Sherman, sherman@umbc.edu. Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681. The UMBC Cyber Defense Lab meets biweekly Fridays 12-1pm. All meetings are open to the public. Upcoming CDL meetings: April 28, Roberto Yus (UMBC), Privacy; May 5, CSEE Research Day (ECS Atrium); May 12, Kia-Won-Tia von Wrex (UMBC), Cyberdawgs
]]>
The UMBC Cyber Defense Lab presents AVScan2Vec: Feature Learning on Antivirus Scan Data for Production-Scale malware corpora RJ Joyce UMBC Discovery, Research, and Experimental Analysis...https://dev.my.umbc.edu/api/v0/pixel/news/132449/guest@my.umbc.edu/0c344d3039da4b8a069a92af2af16780/api/pixelcybersecurityembeddingsmalwareComputer Science and Electrical Engineeringhttps://dev.my.umbc.edu/groups/cseehttps://assets3-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/xsmall.png?1314043393https://assets1-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/original.png?1314043393https://assets1-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/xxlarge.png?1314043393https://assets4-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/xlarge.png?1314043393https://assets3-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/large.png?1314043393https://assets1-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/medium.png?1314043393https://assets2-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/small.png?1314043393https://assets3-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/xsmall.png?1314043393https://assets3-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/xxsmall.png?1314043393UMBC Cyber Defense Lab00trueSun, 09 Apr 2023 14:15:09 -0400Sun, 09 Apr 2023 14:15:53 -0400Talk: Hidden Secure Fallback for Cryptocurrency Wallets 3/31W-OTS+ up my Sleeve!
We introduce a new key-generation mechanism where a user generates a "backup key", securely nested inside the secret key of a cryptocurrency wallet. Our main motivation is that, in case the secret key is leaked, established techniques such as digital signatures or zero-knowledge proofs of knowledge become void since the secret key is exposed. A well-established result in this key-compromise setting is that an adversary who gained access to the leaked secret key, and an honest secret key owner, effectively become indistinguishable, because both parties have access to the same key. Our design does not have this limitation.
Using our construction, which relies on a "backup key" that is kept secret, users can generate "proofs-of-ownership" that can be produced only by the true owners of the key pair. When instantiated properly, our design offers the ability of integrating a quantum secure fallback securely nested in the ECDSA secret key.
To our knowledge, this extra level of security is novel. If used in digital wallets for cryptocurrencies, our mechanism could mitigate losses from leaks of account private keys. Blockchain bridges or high-value NFT collections can also benefit from this construction, because it provides more security to the owners and potentially prevents funds from being immediately stolen, even when the secret key of the cryptocurrency wallet is compromised. Furthermore, this construction represents a step towards simplifying the migration of traditional public-key pairs to post-quantum cryptography.
We introduce our novel construction, provide tight proofs of security for the key generation and signing components, and a formal-methods analysis using Verifpal to ensure that the formal-methods results match our initial security results. This construction is compatible with the main cryptocurrency wallet designs based on ECDSA and is modular to allow for the hiding of any quantum secure key pair.
Mario Yaksetig (mario@xx.network) is a former MS student intern at UMBC under the supervision of Alan T. Sherman. Presently, Mario works with David Chaum on the design and analysis of cryptographic protocols.
Host: Alan T. Sherman, sherman@umbc.edu. Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681. The UMBC Cyber Defense Lab meets biweekly Fridays 12-1pm. All meetings are open to the public.
]]>
The UMBC Cyber Defense Lab presents W-OTS+ up my Sleeve: A Hidden Secure Fallback for Cryptocurrency Wallets Mario Yaksetig, xx labs, Cayman Islands Joint work with David Chaum and...https://dev.my.umbc.edu/api/v0/pixel/news/132058/guest@my.umbc.edu/1d393f69357adfef102f2ff2c80f2bc7/api/pixelcryptocurrencycybersecuritywalletComputer Science and Electrical Engineeringhttps://dev.my.umbc.edu/groups/cseehttps://assets3-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/xsmall.png?1314043393https://assets1-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/original.png?1314043393https://assets1-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/xxlarge.png?1314043393https://assets4-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/xlarge.png?1314043393https://assets3-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/large.png?1314043393https://assets1-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/medium.png?1314043393https://assets2-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/small.png?1314043393https://assets3-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/xsmall.png?1314043393https://assets3-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/xxsmall.png?1314043393UMBC Cyber Defense Lab00trueTue, 28 Mar 2023 21:51:48 -0400Sat, 01 Apr 2023 12:55:54 -0400Dr. Rick Forno on US Cybersecurity StrategyWhat it is and what has changed
What is the National Cybersecurity Strategy? A cybersecurity expert explains what it is and what the Biden administration has changed
The federal government has a lot of cybersecurity resources, but the private sector plays a key role in national cyber defense.
U.S. government
As the National Security Strategy does for national defense, the National Cybersecurity Strategy outlines a president's priorities regarding cybersecurity issues. The document is not a directive. Rather, it describes in general terms what the administration is most concerned about, who its major adversaries are and how it might achieve its goals through legislation or executive action. These types of strategy statements are often aspirational.
As expected, the 2023 Biden National Cybersecurity Strategy reiterates previous recommendations about how to improve American cybersecurity. It calls for improved sharing of information between the government and private sector about cybersecurity threats, vulnerabilities and risks. It prescribes coordinating cybersecurity incident response across the federal government and enhancing regulations. It describes the need to expand the federal cybersecurity workforce. It emphasizes the importance of protecting the country's critical infrastructure and federal computer systems. And it identifies China, Russia, Iran and North Korea as America's main adversaries in cyberspace.
However, as a former cybersecurity industry practitioner and current cybersecurity researcher, I think that the 2023 document incorporates some fresh ideas and perspectives that represent a more holistic approach to cybersecurity. At the same time, though, some of what is proposed may not be as helpful as envisioned.
Some of the key provisions in the current National Cybersecurity Strategy relate to the private sector, both in terms of product liability and cybersecurity insurance. It also aims to reduce the cybersecurity burden on individuals and smaller organizations. However, I believe it doesn't go far enough in fostering information-sharing or addressing the specific tactics and techniques used by attackers.
Acting National Cybersecurity Director Kemba Walden discusses the Biden administration's National Cybersecurity Strategy.
The end of vendor indemnification?
For decades, the technology industry has operated under what is known as "shrink-wrap" licensing. This refers to the multiple pages of legal text that customers, both large and small, routinely are forced to accept before installing or using computer products, software and services.
While much has been written about these agreements, such licenses generally have one thing in common: They ultimately protect vendors such as Microsoft or Adobe from legal consequences for any damages or costs arising from a customer's use of their products, even if the vendor is at fault for producing a flawed or insecure product that affects the end user.
In a groundbreaking move, the new cybersecurity strategy says that while no product is totally secure, the administration will work with Congress and the private sector to prevent companies from being shielded from liability claims over the security of their products. These products underpin most of modern society.
Removing that legal shield is likely to encourage companies to make security a priority in their product development cycles and have a greater stake in the reliability of their products beyond the point of sale.
In another noteworthy shift, the strategy observes that end users bear too great a burden for mitigating cybersecurity risks. It states that a collaborative approach to cybersecurity and resiliency "cannot rely on the constant vigilance of our smallest organizations and individual citizens." It stresses the importance of manufacturers of critical computer systems, as well as companies that operate them, in taking a greater role in improving the security of their products. It also suggests expanded regulation toward that goal may be forthcoming.
Interestingly, the strategy places great emphasis on the threat from ransomware as the most pressing cybercrime facing the U.S. at all levels of government and business. It now calls ransomware a national security threat and not simply a criminal matter.
Backstopping cyber insurance
The new strategy also directs the federal government to consider taking on some responsibility for so-called cybersecurity insurance.
Here, the administration wants to ensure that insurance companies are adequately funded to respond to claims following a significant or catastrophic cybersecurity incident. Since 2020, the market for cybersecurity-related insurance has grown nearly 75%, and organizations of all sizes consider such policies necessary.
This is understandable given how many companies and government agencies are reliant on the internet and corporate networks to conduct daily operations. By protecting, or "backstopping," cybersecurity insurers, the administration hopes to prevent a major systemic financial crisis for insurers and victims during a cybersecurity incident.
However, cybersecurity insurance should not be treated as a free pass for complacency. Thankfully, insurers now often require policyholders to prove they are following best cybersecurity practices before approving a policy. This helps protect them from issuing policies that are likely to face claims arising from gross negligence by policyholders.
Looking forward
In addition to dealing with present concerns, the strategy also makes a strong case for ensuring the U.S. is prepared for the future. It speaks about fostering technology research that can improve or introduce cybersecurity in such fields as artificial intelligence, critical infrastructure and industrial control systems.
The strategy specifically warns that the U.S. must be prepared for a "post-quantum future" where emerging technologies could render existing cybersecurity controls vulnerable. This includes current encryption systems that could be broken by future quantum computers.
Practical quantum computers, when they arrive, will force a change in how the internet is secured.
Where the strategy falls short
While the National Cybersecurity Strategy calls for continuing to expand information-sharing related to cybersecurity, it pledges to review federal classification policy to see where additional classified access to information is necessary.
The federal government already suffers from overclassification, so if anything, I believe less classification of cybersecurity information is needed to facilitate better information-sharing on this issue. It's important to reduce administrative and operational obstacles to effective and timely interaction, especially where collaborative relationships are needed between industry, academia and federal and state governments. Excessive classification is one such challenge.
Further, the strategy does not address the use of cyber tactics, techniques and procedures in influence or disinformation campaigns and other actions that might target the U.S. This omission is perhaps intentional because, although cybersecurity and influence operations are often intertwined, reference to countering influence operations could lead to partisan conflicts over freedom of speech and political activity. Ideally, the National Cybersecurity Strategy should be apolitical.
That being said, the 2023 National Cybersecurity Strategy is a balanced document. While in many ways it reiterates recommendations made since the first National Cybersecurity Strategy in 2002, it also provides some innovative ideas that could strengthen U.S. cybersecurity in meaningful ways and help modernize America's technology industry, both now and into the future.
]]>
What is the National Cybersecurity Strategy? A cybersecurity expert explains what it is and what the Biden administration has changed The federal government has a lot of...https://theconversation.com/what-is-the-national-cybersecurity-strategy-a-cybersecurity-expert-explains-what-it-is-and-what-the-biden-administration-has-changed-201122https://dev.my.umbc.edu/api/v0/pixel/news/131959/guest@my.umbc.edu/975503950b19171f7192e9452da1902b/api/pixelcybersecurityComputer Science and Electrical Engineeringhttps://dev.my.umbc.edu/groups/cseehttps://assets3-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/xsmall.png?1314043393https://assets1-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/original.png?1314043393https://assets1-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/xxlarge.png?1314043393https://assets4-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/xlarge.png?1314043393https://assets3-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/large.png?1314043393https://assets1-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/medium.png?1314043393https://assets2-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/small.png?1314043393https://assets3-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/xsmall.png?1314043393https://assets3-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/xxsmall.png?1314043393Computer Science and Electrical Engineering20trueSun, 26 Mar 2023 11:36:47 -0400Prof. Sherman & colleagues win SIGSCE best paper awardPaper presents an assessment of cybersecurity education
Test information curve for the CCA and curves for other validated CIs calculated from 2PL model fit parameters provided in the studies. Compared to other CIs, the CCA gives more information about students who performed above average.
CSEE Professor Alan T. Sherman and colleagues won best paper at the 2023 ACM SIGSCE conference in Toronto on computer science education, from among 474 submissions. Their research paper, Psychometric Evaluation of the Cybersecurity Curriculum Assessment, validates a concept inventory for cybersecurity that they created. This inventory, the first of its kind for cybersecurity, provides scientific evidence to evaluate the effectiveness of various approaches to teaching cybersecurity.
The Cybersecurity Curriculum Assessment (CCA) was completed by 193 students from seven colleges and universities. The CCA builds on the group's prior work developing and validating a Cybersecurity Concept Inventory (CCI), which measures students' conceptual understanding of cybersecurity after a first course in the area. The CCA deepens the conceptual complexity and technical depth expectations, assessing conceptual knowledge of students who had completed multiple courses in cybersecurity. The paper reviews the development of the CCA and presents an evaluation of the instrument using Classical Test Theory and Item-Response Theory. The CCA is a difficult assessment, providing reliable measurements of student knowledge and deeper information about high-performing students.
Sherman's coauthors include CSEE Ph.D. student Enis Golaszewski, Dr. Linda Oliva (education), Dr. Geoffrey Herman and Shan Huang (University of Illinois), and Dr. Peter Peterson (University of Minnesota Duluth).
Support for this research was provided in part by the National Science Foundation (NSF) and the Department of Defense. Applying their assessment tool, under another NSF grant, Sherman and his group are studying and improving how the Navy and Army Military Academies teach cybersecurity.
]]>
Test information curve for the CCA and curves for other validated CIs calculated from 2PL model fit parameters provided in the studies. Compared to other CIs, the CCA gives more information about...https://dl.acm.org/doi/10.1145/3545945.3569762https://dev.my.umbc.edu/api/v0/pixel/news/131900/guest@my.umbc.edu/78e10ed8060a3faf2337f2ec62d8e90f/api/pixelcaaccicybersecurityeducationComputer Science and Electrical Engineeringhttps://dev.my.umbc.edu/groups/cseehttps://assets3-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/xsmall.png?1314043393https://assets1-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/original.png?1314043393https://assets1-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/xxlarge.png?1314043393https://assets4-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/xlarge.png?1314043393https://assets3-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/large.png?1314043393https://assets1-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/medium.png?1314043393https://assets2-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/small.png?1314043393https://assets3-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/xsmall.png?1314043393https://assets3-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/xxsmall.png?1314043393Computer Science and Electrical Engineering00trueMon, 20 Mar 2023 12:39:55 -0400Mon, 20 Mar 2023 20:43:08 -0400Talk: Analysis of FIDO UAF Authentication, 12-1 ET Fri 3/3Cryptographic Binding Should Not Be Optional
The UMBC Cyber Defense Lab presents
Cryptographic Binding Should Not Be Optional: A Formal-Methods Analysis of FIDO UAF Authentication
We present a formal-methods analysis of the FIDO Universal Authentication Framework (UAF) authentication protocol, and we present a case study that highlights the pitfalls of optional cryptographic binding by illustrating a man-in-the-middle attack against UAF authentication when cryptographic channel-binding is absent. We carry out our analysis using the Cryptographic Protocol Shapes Analyzer (CPSA) on two significant variations of the protocol: one using the four available channel-binding mechanisms, and one without channel binding. In our case study, we confirm the presence of a harmful protocol interaction in which an adversary, by transferring information from one protocol context to another, can compel a UAF client and authenticator pair to act as confused deputies that help authenticate the adversary to an honest server. Also, we demonstrate the feasibility of such an attack against existing, open-source FIDO implementations, and we suggest potential mitigations.
Our work aims to promote the importance of cryptographic binding in mitigating protocol interactions within the Dolev-Yao intruder model to mitigate man-in-the-middle attacks that exploit flaws in a protocol's structure. Protocol designers and policy makers must be aware that, if cryptographic binding is an optional feature of a protocol standard, then serious vulnerabilities may result. Additionally, we discuss the groundwork for incorporating cryptographic binding into network protocol specifications automatically. Cryptographic binding is a vital tool for resisting adversarial protocol interactions, and many existing and emerging standards, including UAF, do not bind adequately.
Ennis Golaszewski (golaszewski@umbc.edu) is a computer science PhD student at UMBC under Alan T. Sherman, where he studies, researches, and teaches cryptographic protocol analysis.
Host: Alan T. Sherman, sherman@umbc.edu. Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681. The UMBC Cyber Defense Lab meets biweekly Fridays 12-1pm. All meetings are open to the public.
]]>
The UMBC Cyber Defense Lab presents Cryptographic Binding Should Not Be Optional: A Formal-Methods Analysis of FIDO UAF Authentication Ennis Golaszewski, UMBC Cyber Defense Lab 12-1pm...https://dev.my.umbc.edu/api/v0/pixel/news/131367/guest@my.umbc.edu/f23547d99284c2ffca572a224be11d3f/api/pixelauthenticationcybersecurityfidoComputer Science and Electrical Engineeringhttps://dev.my.umbc.edu/groups/cseehttps://assets3-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/xsmall.png?1314043393https://assets1-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/original.png?1314043393https://assets1-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/xxlarge.png?1314043393https://assets4-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/xlarge.png?1314043393https://assets3-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/large.png?1314043393https://assets1-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/medium.png?1314043393https://assets2-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/small.png?1314043393https://assets3-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/xsmall.png?1314043393https://assets3-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/xxsmall.png?1314043393Computer Science and Electrical Engineering00trueWed, 01 Mar 2023 18:14:11 -0500Wed, 01 Mar 2023 18:36:54 -0500Talk: Reconnaissance and Reverse Engineering, 12-1 Fri 2/17Study of the Cyber-physical Systems in UMBC's ILSB building
The UMBC Cyber Defense Lab presents
Reconnaissance and Reverse Engineering: A Case Study of Cyber-physical Systems in the UMBC Academic Building ILSB
Andrea Ferketich, UMBC and JHU/APL
Joint work with Zachary Amoss, Leo Brown, Kevin Chen, Will DeStaffan, Brandon Hill, and Kathleen Koerner. This work was carried out in fall 2022 as part Alan Sherman's INSuRE cybersecurity research class, with Zachary Birnbaum (APL) serving as technical director.
We present our security analysis of three cyber-physical systems in UMBC’s new smart Interdisciplinary Life Sciences Building (ILSB): the access control system, the surveillance system, and the atrium's electrical system. Supported by reconnaissance and reverse engineering, we identify potential vulnerabilities, attacks, and risks, and make recommendations. Conducting reconnaissance and reverse engineering activities on academic cyber-physical infrastructure is currently an insufficiently researched area, unlike critical infrastructure such as smart power grids and the Industrial Internet of Things (IIoT). This project identifies how susceptible three cyberphysical systems in ILSB are to cyber attacks, and the significance of each attack to the relevant system. Without completing a full analysis and reconnaissance of the building, the DoIT and facilities manager cannot be sure how the online sensor infrastructure interacts with the physical infrastructure. Typically, academic spaces are more physically accessible than are industry equivalents, primarily due to the public nature of universities, which encourages unfettered access to buildings for the sake of collaboration and student freedom. This level of access, however, also expands the potential attack surface by opening up the university to cyber attacks performed via physical methods. Our group discovered multiple attacks on the three cyber-physical systems, produced recommendations to the university, and identified additional analysis that can be performed to secure the cyber-physical infrastructure further. Our group additionally created mappings of target systems that include interface details and connection types. After creating reconnaissance artifacts, we identified vulnerabilities within the target systems and vulnerabilities within the target system configurations.
Vulnerabilities we found include an authenticated command injection attack, and an unauthenticated denial of service on the webserver that hosts the physical access control system. Both vulnerabilities could be conducted by an adversary with a moderate level of effort and would enable the adversary to control the access control system, approving or denying access outside of normal operations. On the camera system, one attack we found is an incomplete client-side validation. Exploitation of this vulnerability requires more effort and would allow the adversary to inject arbitrary commands, including deleting camera footage.
Andrea Ferketich is an employee at JHU APL, working as a task leader for US Navy combat systems cybersecurity integration with tactical systems. She is a computer science PhD student at UMBC who is proficient with various cybersecurity tools, cyber network security, cyber risk assessment, cyber-physical security, policy and requirements writing, project management, executive-level presentations, and Android programming. Andrea served as her INSuRE group's technical project manager, coordinating with DoIT, and ensuring the overall project success with technical writing and resolving technical issues. Email: andrea.ferketich@umbc.edu
Host: Alan T. Sherman, sherman@umbc.edu. Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681. The UMBC Cyber Defense Lab meets biweekly Fridays 12-1pm. All meetings are open to the public. Upcoming CDL meetings: March 3, Enis Goleszewski (UMBC), Channel binding in FIDO should not be optional,
]]>
The UMBC Cyber Defense Lab presents Reconnaissance and Reverse Engineering: A Case Study of Cyber-physical Systems in the UMBC Academic Building ILSB Andrea Ferketich, UMBC and JHU/APL...https://dev.my.umbc.edu/api/v0/pixel/news/130870/guest@my.umbc.edu/d90e3600b498c77cd60ecc05003f76b5/api/pixelcyber-physicalcybersecurityComputer Science and Electrical Engineeringhttps://dev.my.umbc.edu/groups/cseehttps://assets3-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/xsmall.png?1314043393https://assets1-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/original.png?1314043393https://assets1-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/xxlarge.png?1314043393https://assets4-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/xlarge.png?1314043393https://assets3-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/large.png?1314043393https://assets1-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/medium.png?1314043393https://assets2-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/small.png?1314043393https://assets3-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/xsmall.png?1314043393https://assets3-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/xxsmall.png?1314043393UMBC Cyber Defense Lab10trueMon, 13 Feb 2023 14:31:11 -0500Wed, 15 Feb 2023 08:04:07 -0500Cybersecurity Scholarships to UMBCApply by Feb 15
Cybersecurity Scholarships to UMBC
We are seeking new applications for UMBC's CyberCorps: Scholarships For Service (SFS) cohort. Based on available funding on our grant, we hope to make 10-15 awards over the next year or so. Applications are due by 2/15. The SFS program is a fantastic opportunity for students who wish to work in cybersecurity for government.
Benefits
Full-time UMBC tuition and mandatory fees paid.
Personal Stipend $25,000 - $34,000/yr depending on academic level.
Professional Development: $6,000/yr for certifications, equipment, conferences, and more.
Easier access to exciting and challenging cybersecurity jobs in the federal government.
SFS Scholars will also engage in at least one paid summer internship with a federal government agency.
Additionally, SFS Scholars have opportunities to carry out mentored research projects at UMBC research labs, including our Cyber Defense Lab (CDL), to expand their knowledge in the field. After graduation, SFS scholars must serve in a cybersecurity role for a federal agency in a cybersecurity position for each year of their SFS funding.
Application Criteria
Applicants must be US citizens or lawful permanent residents (citizens preferred)
Full-time rising juniors, MS, MPS, or Ph.D. students in cybersecurity-related programs at UMBC (including CMSC, CMPE, IS, CYBR). CMSC students (both BS and MS) must be enrolled in the CMSC cybersecurity track.
Minimum cumulative GPA of 3.0.
Must agree to comply with NSF, OPM, SFS, and UMBC policies regarding the SFS program.
Must agree to conduct at least one summer internship with the federal government while an SFS Scholar.
Must agree to work for the government after graduation for each year of scholarship funding received. Failure to obtain government employment will result in having to pay back the entire amount. Government is broadly defines as federal, state, local, or tribal (federal preferred).
Must not have anything in their background that would disqualify them from obtaining a federal government security clearance.
Action
If you're interested in cybersecurity, have a GPA of 3.0 or more, want to be part of an elite industry-centric nationwide scholarship program, and pursue a career in cybersecurity with the federal government, we want to hear from you!
]]>
Cybersecurity Scholarships to UMBC We are seeking new applications for UMBC's CyberCorps: Scholarships For Service (SFS) cohort. Based on available funding on our grant, we hope to make 10-15...https://cybersecurity.umbc.edu/scholarships/https://dev.my.umbc.edu/api/v0/pixel/news/130650/guest@my.umbc.edu/aa93e02f8d8c6289b410084e75e0ea71/api/pixelcybercorpscybersecurityscholarshipComputer Science and Electrical Engineeringhttps://dev.my.umbc.edu/groups/cseehttps://assets3-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/xsmall.png?1314043393https://assets1-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/original.png?1314043393https://assets1-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/xxlarge.png?1314043393https://assets4-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/xlarge.png?1314043393https://assets3-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/large.png?1314043393https://assets1-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/medium.png?1314043393https://assets2-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/small.png?1314043393https://assets3-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/xsmall.png?1314043393https://assets3-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/xxsmall.png?1314043393Computer Science and Electrical Engineering10trueSun, 05 Feb 2023 15:24:03 -0500talk: Validation of the Cybersecurity Curriculum Assessment12-1 Fri February 3, Dr. Geoffrey Herman, Univ. of Illinois
The UMBC Cyber Defense Lab presents
Validation of the Cybersecurity Curriculum Assessment
Joint work with Alan T. Sherman, Linda Oliva, Peter Peterson, Shan Huang, and Enis Golaszewski. This work earned the designation of one of the best papers in the Computing Education Research Track at the 2023 SIGCSE Technical Symposium.
Since 2015, the Cybersecurity Assessment Tools (CATS) project has been developing two research instruments to measure how well students learn cybersecurity concepts: the Cybersecurity Concept Inventory (CCI) and the Cybersecurity Curriculum Assessment (CCA). The CCI measures student conceptual knowledge after a first course in cybersecurity, whereas the CCA measures student knowledge after a full curriculum on cybersecurity. In this talk, we will discuss our development process of both assessment tools. We will discuss how we identified the critical subset of cybersecurity topics to include on the assessments and how we constructed the items on the assessment. We will then focus on our administration of the CCA to 193 students from seven colleges and universities across the United States. We present qualitative and statistical evidence for why the CCA can be validly used for measuring student knowledge of cybersecurity. In particular, we will show how items on the CCA identify common student misconceptions and how the CCA is the most informative assessment tool developed by computing education researchers.
Dr. Geoffrey L. Herman is the Severns Teaching Associate Professor in the Department of Computer Science at the University of Illinois at Urbana-Champaign. He was the 2020 recipient of the IEEE Education Society Mac Van Valkenburg Early Career Teaching Award and the 2022 recipient of the Scott H. Fisher Computer Science Teaching Award. He helped found the Grainger College of Engineering's Strategic Instructional Innovations Program, which has been empowering faculty innovation in teaching for over ten years and has provided seed funding that has led to several millions of dollars in external grant funding and hundreds of research papers. His research focuses on how students learn engineering and computing concepts and studying processes for creating systemic change in how engineering and computer science are taught in college settings. His research on student misconceptions in programming was awarded the best paper in the first 50 years of the ACM Special Interest Group, Computer Science Education. Email: glherman@illinois.edu.
Host: Alan T. Sherman, sherman@umbc.edu. Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681. The UMBC Cyber Defense Lab meets biweekly Fridays 12-1pm. All meetings are open to the public. Upcoming CDL meetings: February 17, Andrea Ferketich (UMBC), Security of cyber-physical systems in UMBC's ILSB; March 3, Enis Goleszewski (UMBC), Channel binding in FIDO should not be optional. May 5, CSEE Research Day (Library 7th floor)
]]>
The UMBC Cyber Defense Lab presents Validation of the Cybersecurity Curriculum Assessment Geoffrey L. Herman Severns Teaching Associate Professor Department of Computer Science...https://dev.my.umbc.edu/api/v0/pixel/news/130368/guest@my.umbc.edu/c5b0988e4694672db7c62278f21ca783/api/pixelcybersecuritytalkComputer Science and Electrical Engineeringhttps://dev.my.umbc.edu/groups/cseehttps://assets3-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/xsmall.png?1314043393https://assets1-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/original.png?1314043393https://assets1-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/xxlarge.png?1314043393https://assets4-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/xlarge.png?1314043393https://assets3-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/large.png?1314043393https://assets1-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/medium.png?1314043393https://assets2-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/small.png?1314043393https://assets3-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/xsmall.png?1314043393https://assets3-dev.my.umbc.edu/system/shared/avatars/groups/000/000/099/d117dca133c64bf78a4b7696dd007189/xxsmall.png?1314043393Computer Science and Electrical Engineering00trueWed, 25 Jan 2023 21:11:02 -0500
The federal government has a lot of cybersecurity resources, but the private sector plays a key role in national cyber defense.
U.S. government
