By EDDIE MIKUS & DYLAN DEMARTINO
STAFF WRITERS
Fordham University, along with Columbia University and New York University, has been selected to participate in the rollout of a new cyber security framework sponsored by the federal government.
The framework originates from Executive Order 13636, entitled Improving Critical Infrastructure Cyber Security, which defines cyber threats as one of the most serious challenges that the United States must confront. Accompanied by Presidential Policy Directive 21, these executive initiatives are designed to integrate information across the public and pirvate sector to secure vital American digital assets. According to the Department of Homeland Security website, the department is specifically interested in “securing the cyber ecosystem” through educating the public, investigating cyber criminals and partnering with owners of major cyber infrastructures.
Recent headlines about the increasing threat of cyber-related sabotage and damage inflicted on public assets and corporate holdings have prompted a dedicated response to the changing nature of crime, espionage, and terrorist activities. This year, Target experienced a massive security breach between November 27 and December 15. Hackers stole credit cards and debit card accounts as well as names, phone numbers, emails and mailing addresses from around 70 million customers. This breach represented a massive failure of cyber security for the company and exactly the sort of issue the Federal Government is trying to prevent.
The goal of the government’s new policies is not to create more unnecessary regulation, but rather to harmonize sector-specific risk-based approach with best practices. The Department of Homeland Security also launched a voluntary Critical Infrastructure Cyber Community, or C3. The program is designed to support businesses and organizations involved in critical infrastructure such as energy and transportation protect themselves from cyber risks. Persuading businesses across a wide variety of industries to pay attention to cyber security in order to minimize risk is challenging. But, some industries like the financial services industry have already made some serious strides.
Fordham held a public speaking engagement on March 11 in the Corrigan Lounge at Lincoln Center on the policy changes to the cyber security framework. Several professionals from the cyber security fields gathered to discuss the structure and ramifications of the policies for the industry landscapes.
Dr. Frank Hsu, a computer and information science professor who directs Fordham’s Laboratory of Informatics and Data Mining, said that Fordham was selected to participate in the rollout because it is well-known in the field of cyber security and specifically in cyber security education.
“Fordham is very visible in cyber security education and research,” Hsu said. “Fordham has hosted and organized an international conference called ICCS [The International Conference in Cyber Security].” This conference has been held four times at Fordham in each of the past five years.
“Right now, Fordham Professional and Continuing Studies and the department of computer and information science are establishing a master degree of science in cyber security, which recently received New York State Education Department approval,” said Hsu. “The department of computer and information science is establishing a minor in cyber security, which we’ll offer in September 2014. So at Fordham, we have been having many courses related to cyber security already. We have been at the forefront of education and research in cyber security.”
According to Hsu, the complexity of cyber security and the infrastructures involved at prevents an accurate assessment of when the framework discussed at the conference might be put into effect.
“It’s a very long-term project,” Hsu said. “It’s a very big project, and it’s not easy to get a very good outcome of it, but at least we have to try. The challenge is that this collaboration, cooperation, the network has to be inter-operatable. The network has to be resilient.”
Despite the complexity of the project, Hsu expressed his belief that Fordham students would benefit from the new framework and need to be aware of cyber security on a more individual scale. For example, students need to protect their PCs and email accounts.
David J. Youssef, one of the panelists who was part of the rollout, is a cyber incident investigator for Citigroup and a teaching fellow in the department of computer and information science at Fordham. He noted that students interested in employment in the financial services industry need to understand the importance of seeking to foster the productive sharing of information when it comes to critical security infrastructure.
Risk management and cyber security are complex topics, but Fordham is at the cutting edge of the field.