Colloquium on Cyber Security Awareness
The Marquette University Center for Cyber Security Awareness and Cyber Defense in cooperation with the Wisconsin Department of Public Instruction and the Waukesha County Technical College is contributing to National Cyber Security Awareness Month by sponsoring a Colloquium on Cyber Security Awareness.
Promoting awareness is an educational activity. We need to share our knowledge about enhancing awareness about cyber security threats and defenses. On October 20th, national leaders in cyber security awareness efforts will share their knowledge and experiences. We will convene as a group to share our knowledge about effective activities to understand risk, avoid problems, prepare for incidents, and respond to issues. The colloquium is divided into two halves. In the morning we will address the need for awareness in K-12 programs. In the afternoon we will look at programs that corporations can use to increase awareness of threats and defenses.
Our two themes:
- The workforce pipeline starts in K-12 education. You will learn about and share activities in the K-12 environment to increase awareness, advocate for career opportunities, and prepare students for further study.
- Effective employee training and awareness of risks. We will examine and discuss aspects of employee training for cyber security awareness and its effectiveness and explore what companies can do to be more aware of risks.
COLLOQUIUM ON CYBER SECURITY AWARENESS
OCTOBER 20, 2017
Marquette University Alumni Memorial Union
1442 West Wisconsin Avenue,
Milwaukee, WI 53233
8:00 AM to 4:00 PM
Registration is now open. Register at Evenbrite.
Details and agenda for the program can be found here.
Discussions about Blockchain are popping up everywhere. But what is it and what should we be doing about it? The Center for Cyber Security Awareness and Cyber Defense is helping plan and promote a special meeting about this technology on the Marquette Campus. The activity is being led by the College of Business Administration.
Milwaukee Blockchain Conference
Thursday November 9, 2017
8:00 AM – 12:00 PM CST
Registration in open.
SOME ADVICE FOR STUDENTS, FACULTY AND STAFF
As National Cyber Security Awareness Month approaches it is good to remind yourself of smart habits with respect to cyber security.
Keep a Clean Machine. Keep your software current, enable automated security updates. Protect all your devices (smartphone, routers, gaming systems, laptops, etc.). Scan USBs and other memory devices you plug into your digital devices. Marquette and other universities supply antivirus software. Get it and use it.
Protect Your Personal Information. Be careful with your logins. Use unique passwords and account names for all high priority accounts. Keep a secure list of IDs and passwords someplace away from your devices. Know and use the privacy options that you have available to you on social media sites that you use.
Connect With Care. Throw out what you do not need to avoid inadvertent clicking on a malicious email, tweet, post or advertisement. Be careful with using WI-FI hotspots. Be especially careful using any banking applications, and always look for “HTTPS://” to be sure your communication is safe through encryption.
Be Web Wise. Keep aware of new technology and scams. Think before you answer a communication that might be spoofed. Did that message really come from your department, your school, that bank, your friend? Fraudsters are getting incredibly good a spoofing. Hover your mouse over addresses to make sure a communication is really going to whom you think it is. Back up your important data and store it safely where ransomware can’t lock you out.
Be a Good Online Citizen. Remember that safer for you is safer for all. Don’t be the source of someone else’s problem. Report incidents that you become aware of. Be protective of others when you post items in social media.
Many of these ideas come from the National Cyber Security Alliance (NCSA). Visit the NCSA active website and consider signing up to receive updates.
New Safety Concerns on Social Media (July 10,2017)
Teens keep track of their friends on Snapchat but a new feature Snap Map is causing concerns, It reveals the location of users and their friends on a detailed map. In commenting on this feature to Fox New 6 in Milwaukee, Marquette Assitant Professor Debbie Perouli commented, "Your friends, or your local network, didn't used to know all this
detail. When you are installing an app, it is always wise to check what
kind of things do they need to have access to."
The bottom line is that privacy is a concern. As users of social media we need to understand the privacy agreements and app settings.
Insights into Cyber Security (June, 2017)
There was substantial news chatter in June 2017 about cyber incidents. Important threads in the conversation were discussions of the 2016 elections and outbreaks of what appeared to be ransomware. Faculty at Marquette who are active in the Center for Cyber Security Awareness and Cyber Defense were called upon to supply their expert opinion about these events.
Dr. Kaczmarek was interviewed by Wisconsin Public Radio to talk about the story that "Russian Cyber Attackers May Have Hacked Election Systems In 39 States." The secrecy that is wrapped around investigations of this type of incident prohibits the sharing of technical details of how the systems were attacked and in some cases breached. With more than 7,000 independent polling organizations, a total shutdown of the system is unlikely. However, the lack of commonality in the election systems and the absence of an authorized central control make the task of protection more complex.
The warning that emerges from the knowledge of the incidents in 39 states is clear. Some parties, likely sponsored by foreign governments, are willing to attach our election systems. We need to continue efforts in cyber security awareness and cyber defense to protect the election process, our infrastructure, our businesses, and all of our information. Of course that is the mission of this center.
In a second interview with Wisconsin Public Radio, Dr. Perouli provided insights into the story of 'How "Petya" Attacked Computer Systems In Europe.' This attack was initially reported as a variant of Petya. However, cyber investigations suggest a different motivation. Some experts have concluded this was not ransomware. Forensics following the attack indicate that the malware disguised itself as ransomware. Flaws involving the email address used in the attack and the bitcoin account indicate this was not ransomware. Ukraine was particularly hard hit by this cyber weapon suggesting political motivation. Continuing analysis is expected to provide more evidence about the likely perpetrator.
In this interview, the commentator asked about the rise of cyber incidents. Dr. Perouli provided three contributing factors. First, the rise of anonymous payment systems allow attackers to hide their identity. Second, "cyber crime kits," which reduce the need for expertise, are available to novice hackers. Third, awareness of safe practices is not not pervasive. We need to increase cyber security knowledge and awareness and build strong defenses.
Ethics of Big Data II (April, 2017)
Because of issues with privacy, security and risk to reputation, we sponsored a symposium on the Ethics of Big Data. This event focused on medical data and issues with collecting, securing and analyzing it. The agenda for the event is available on the MSCS website: Ethics of Big Data II.
Katherine Rickus, a faculty member in the Philosophy Department at Marquette, who holds degrees in Psychology, Medicine, and Philosophy introduced the day with a thoughtful explanation of the issues facing the attendees, Ryan Spellecy, a faculty member in Bioethics and Medical Humanities in the Center for Bioethics and Medical Humanities, in the Institute for Health and Society at the Medical College of Wisconsin, explained the current and future state for collecting medical records and preventing accidental disclosure of information. He explained various methods for achieving consent for sharing medical information for research. Samuel Volchenboum, who is an Associate Professor of Pediatrics, Associate Chief Research Informatics Officer, Director, Center for Research Informatics, and Associate Director, Institute for Translational Medicine at the University of Chicago Medicine, related ethical issues arising from his own practice and the genetic and genomic results rapidly becoming available. Michael Zimmer, the Director, Center for Information Policy Research in the School of Information Studies at the University of Wisconsin-Milwaukee, addressed the need for a ethical approach that includes recognition of contextual integrity.
An exercise for the attendees drew lively discussion and thoughtful conclusions. The attendees were divided into nine groups. Each group was tasked with discussing and presenting the ethical concerns arising in nine different cases drawn from the news.
The morning concluded with a panel discussion. The panel included business interests, representatives from the legal community, and academics. The panelists focused on the importance of ethics as various organizations begin to employ big data.
Nonprofit Center of Milwaukee Workshop/Training (April, 2017)
Security issues can cause extensive inconvenience, damage to reputation and worse. Cyber attackers don't care who they target. To help Milwaukee area nonprofit organizations we presented a workshop at the Nonprofit Center of Milwaukee on April 4. 2017.
We presented this in the context that a small Milwaukee nonprofit ($1.5 Million) was recently an intended victim of a wire transfer scam that came through e-mail phishing. Small or large any organization can be a target. Could a nonprofit afford to pay a ransom or send money to a cyber criminal? Can anyone go on unprepared? Do organizations know the risks? Are they ready to react to a problem?
The National Institute of Standards and Technology (NIST) has provided an easy to understand framework that any organization including nonprofits can apply to help understand what it takes to protect the organization. This approach to prepare for an attack has been adopted by companies and government agencies of all sizes. In this workshop we introduced participants to the NIST Cybersecurity Framework to start them on the process of developing a cybersecurity plan. We also introduced them to the principle of, "If you collect it; you need to protect it," and provided suggestions for simple steps to take such as training of staff and encryption of data.
The Workshop was led off by Thomas Kaczmarek, Director of Graduate Studies for MS in Computing, and Director of Center for Cyber Security Awareness and Cyber Defense. He was assisted by four graduate students in our specialization for Information Assurance and Cyber Defense and Mr. David Kliemann, VP, Cyber Threat Management, Fiserv and adjunct faculty in the the MS in Computing program. This was a great experience for the students who played a key role in the workshop by presenting materials and helping participants work on spreadsheets for the various functions found in the framework.
Respecting privacy, safeguarding data and enabling trust are the themes of Data Privacy Day which is celebrated internationally on January 28 each year. The Center for Cyber Security Awareness and Cyber Defense and the student cyber security organization together sponsored a presentation on data privacy issues on January 30.
As the holiday shopping season arrived in December, the Center for Cyber Security Awareness and Cyber Defense and the student cyber security organization sponsored a campus wide meeting to discuss cyber security threats and defenses. With a recognition that more consumers now choose the convenience of online shopping and cyber criminals are looking to take advantage of the increased use of online shopping, awareness of threats and defenses has growing importance.
October is National Cyber Security Awareness Month. Marquette University worked with the Waukesha County Technical College to sponsor a Cyber Security Summit on the WCTC campus on October 28 2016. This event featured parallel tracks that included presentations about cyber security technology and discussions of measures to enhance cyber security awareness.
It is a little-known fact that Wisconsin is a major player in the aerospace and aeronautics manufacturing industry. Marquette University is participating in a coalition studying the feasibility of a southeast Wisconsin center for aerospace/aeronautics development and testing that would feature security testing, the first of its kind in the nation. This effort is coordinated in part by the Wisconsin Economic Development Corporation and involves local industry and academia.
Marquette has published an Information Security Policy, as well as a policy related to security for Cell Phones and Mobile Devices, Encryption, Network Disruption/Computer Quarantine, and Passwords.
Awareness about security threats and counter measures on campus is led by Information Technology Services. They offer do's and don'ts to faculty and staff in an effort to promote Cyber Security Awareness and Safe Computing.
In April 2016, a symposium on the ethics of big data was sponsored by the Helen Way Klingler College of Arts and Sciences. Privacy and security issues loom large in the discussion of ethics.