UMUC Achiever Magazine, Spring 2013

www.umuc.edu | 1 | Achiever

UNIVERSITY OF MARYLAND UNIVERSITY COLLEGE | SPRING 2013

UNLOCKING THE SECRETS OF CYBERSECURITY

Achiever | 2 | university of mArylAnd university college

C O N T E N T S

Cover Story

6 UNLOCKING THE SECRETS OF CYBERSECURITY by gil klein industry experts discuss the challenges of hacking, tracking, and attacking in a virtual world.

17 State of emergency? by lt. gen. Harry raduege (uSaF, ret.)

19 big data: dream or Potential nightmare? by Mark gerenCSer

21 Cyberdefense: a retrospective by lt. gen. JoHn CaMPbell (uSaF, ret.)

26 uMuC and Cybersecurity by greg von leHMen

FeatureS

22 maRYLaNd, mY CYBERmaRYLaNd by bob ludwig the old line State is the epicenter of a new industry. 24 TEam PadaWaN by katHy Harvatt uMuC students, alumni, and faculty are making waves in the world of cybersecurity competitions.

newS and uPdateS

2 Matthew Senna named nCo of the year

2 new uMuC President Javier Miyares Shares His vision

3 uMuC at Quantico opens in northern virginia

4 uMuC Forges educational alliances with at&t, Smithsonian

4 Presidential debate Moderators, koppel Headline The Kalb Report

baCk oF tHe book

29 Class notes

30 Faculty kudos

6


Dear Friend:

welcome to a very special issue of uMuC’s Achiever magazine that focuses on cybersecurity and showcases a roundtable discussion by some of the industry’s leading minds. i am especially proud that this important discussion was sponsored by one of Maryland’s many fine public institutions.

in 2010, the Maryland department of business & economic development issued a report entitled, “CyberMaryland: epicenter for information Security & innovation.” in that report, i outlined how Maryland would respond to President barack obama’s call to defend and protect our nation’s information networks.

education represents a key component of the CyberMaryland initiative, and uMuC deserves highest praise for recognizing and responding to the critical workforce need for trained professionals in the field. the same year the CyberMaryland report was released, uMuC rolled out a comprehensive new online curriculum for degree programs in cybersecurity and cyberse-curity policy. the response from students and employers alike was immediate and overwhelming, and today, more than 5,200 students are enrolled and 232 have already graduated.

these men and women are vital to the large and growing pool of resources that support and protect this nation’s online infrastructure. not only isMaryland home to the national Security agency and the u.S. Cyber Command at Ft. Meade, but lockheed Martin, northrup grumman electronic Systems, and the defense information Systems agency represent just a few of the major players in cybersecurity that are headquartered in Maryland.

i am proud to count uMuC among those resources. not only do representa-tives from uMuC staff the Maryland Commission on Cybersecurity innovation and excellence, uMuC cybersecurity students, alumni, and faculty have also done Maryland proud, distinguishing themselves in national and international cyber competitions. one team, the Cyber Padawans, won gold at the north american Cyberlympics, then went on to a second-place finish at the global Cyberlympics, besting more than 200 competitors worldwide. More recently, they took third at the department of defense’s digital Forensics Challenge, and at the state level, earned first- and second-place honors in the four-year college category at the Maryland digital Forensics investigation Challenge, also sponsored by the department of defense Cyber Crime Center.

in short, it is an exciting time for cybersecurity, for the state of Maryland, and for uMuC, and i hope you find this issue of Achiever as important and thought-provoking as i do. there is no subject more worthy of attention in our 21st-century world.

Sincerely,

Martin o’Malleygovernor

MESSAGE FROM THE

G O V E R N O R O F M A R Y L A N D

6

Cover and table oF ContentS illuStration by adaM niklewiCZ; FroM toP: PHotograPH by SaM Hurd; illuStration by JoHn ritter; PHotograPH by MattHew PriCe

24

2619

3328


PreSident

Javier Miyares

Senior viCe PreSident, CoMMuniCationS,

and exeCutive editor

Michael Freedman

aSSoCiate viCe PreSident,

CoMMuniCationS

Heather date

editor

Chip Cassano

art direCtor and PHoto editor

Cynthia Friedman

Contributing writerS

kathy Harvatt, gil klein, bob ludwig

ProduCtion Manager

bill voltaggio

direCtor, Client ServiCeS

donna grove

Call 301-985-7200 with comments and sug-gestions, or e-mail [email protected]. university of Maryland university College subscribes to a policy of equal education and employment opportunities.

PaPer reQuireMentS: 22,488 lbs.

using this combination of papers saves the following:

treeS: 24

total energy: 10,000,000 btus

PurCHaSed energy: 1,000,000 btus

greenHouSe gaSeS: 2,462 Co2

waStewater: 11,100 gallonS

Solid waSte: 704 lbS

environmental impact estimates were made using the environmental defense Paper Calculator. FSC® is not responsible for any calculations on saving resources by choosing this paper.

Achiever text pages are printed on forest-friendly Centura Silk text and Centura Silk Cover FSC® paper.

��%

Cert no. XXX-XXX-000

10%

Cert no. SW-COC-2006

eco box

UMUC,” Senna said, “We had to take written examina-tions and write essays, and that experience and practice is what led me to where I am.” The sacrifice needed to pursue higher education is well worth it, he added. “In this time where the Army is changing, . . . getting an education will help you get promoted and also increase your ability to be a critical and adaptive thinker and an exceptional leader.” Many UMUC students credit family members with helping them maintain focus as they juggle classwork with careers or military responsibilities. Senna is no exception, and his wife, Danielle—who is herself a criminal justice major at UMUC—helped him prepare for the competition. “It’s the same thing we do before our exams at UMUC,” said Senna. “We work together, quiz each other, and collaborate.” At the awards ceremony, when it was announced that Senna had taken top honors, Danielle couldn’t hide her excitement. “They could hear me scream for joy from the back of the ballroom,” she said. “I know how hard he has

UMUC Student Named 2012 U.S. Army Noncommissioned Officer of the Year

UMUC CongrATUlATeS Staff Sgt. Matthew Senna, who won the 2012 U.S. Army noncommissioned officer of the Year award after com-peting against some of the Army’s top soldiers for four days in the Best Warrior competition. The award was announced at a special cer-emony on october 22, 2012, in Washington, D.C. “It was truly humbling and an incredible honor,” said Senna, an infantryman with Bravo Company, 7th Army nCo Academy in grafenwoehr, germany. The Sacramento, California, native recently completed his associate’s degree from UMUC and plans to pur-sue a bachelor’s degree in criminal justice. He credited higher education with help-ing prepare him for the Best Warrior competition, which added a new component this year—mental toughness—that tested cognitive and creative thinking abilities. “Part of the reason . . . I got here is my education with

N E W S & U P D A T E S

New UMUC President Javier Miyares Shares His Vision for the University

CITIng WHAT He TerMeD A “revolution in higher education,” UMUC’s new president, Javier Miyares, told a global town hall meeting January 8 that to survive and thrive, the university must “innovate, innovate, innovate.” The year 2013 “will set the course of UMUC for a generation to come,” said Miyares, speak-ing at his first town hall meeting since his appointment as UMUC’s president in october 2012. Speaking to faculty, staff, and students at UMUC’s Academic Center at largo, in Maryland, and to a global audience viewing online, Miyares talked about the coming disruptive impact of technology on higher education. Yes, UMUC pioneered online education, but it cannot rest on that achievement, he said. other universities, even the Ivy league, are now embracing online models. But online education “was simply the beginning,” he said. “Ten, 15 years from now, online education will be seen as a criti-cal pivot point, but what we do today will seem primitive.” The university should not seek a final way to provide education, he said. “The day we think we have arrived at a model is the day we are doomed. Change is constant and you have to adjust to it.”

worked, and I’m so proud.” For his part, Senna—who was recently selected for promotion to Sergeant First Class—leads by example, encouraging other soldiers to make education a priority. “By taking a little bit of time and sacrificing, you can get a lot of stuff accomplished,” he said.


Higher education is “fac-ing a perfect storm,” he said. enrollments are leveling off or falling. State support is shrinking in many areas of the country while tuition increases have become unsustainable. More students come from families with limited incomes. There is now more student loan debt than credit card debt in America. So many students are overwhelmed with debt they question whether the cost of learning justifies the return in higher salaries. Many of UMUC’s direct competitors—for-profit universities aimed at adult learners—are seeing steep declines in enrollment. “In today’s world, a com-bination of access, cost, and quality represents the holy grail of higher education,” he said. The need for higher educa-tion has never been greater, he said. The White House has set a goal that 55 percent of adults will have a college degree. The state of Maryland is counting on UMUC to expand its student population to meet that goal. The university should be open to anyone who “wants to take a shot at higher edu-cation,” he said. “UMUC will be the global leader in offer-ing working adults access to high quality education at a low tuition rate. That is needed; that is what is expected of UMUC; that is where UMUC can prosper.” But attracting more students is only one way to expand, he

said. Just as important is retain-ing enrolled students until they graduate. And that, he said, will mean radical changes to improve teaching methods. Faculty can no longer write off those students who are try-

ing but not succeeding, he said. Instead, we must ask, “What am I doing wrong that you cannot succeed?” That does not mean standards should be lowered, he said. It does mean that teaching practices must be improved.

evidence-based research is developing technology to improve the learning process, he said, and UMUC must be in the forefront of embracing it so that a greater number of students succeed. In addition, he said, the university must constantly review its programs to ensure it is offering an education that is in demand by employers. For example, UMUC’s undergraduate and graduate programs in cybersecurity are preparing students for employers desperate for qualified personnel. “If we don’t use our built-in advantage of a culture of 60 years of innovation, then shame on us,” he said. “I am not afraid of making mistakes. I believe if we don’t take risks, we will not succeed.” Disruptive technology has created scary times for higher education, he said. But it is also creat-ing opportunities. “If anyone tells you they know what higher education will look like

in 10 years, they are either lying or they are crazy,” he said. “nobody knows. It will be institutions like us that will be developing that future. I find that very exciting.” G

UMUC Opens New Academic Center at Quantico

UMUC at Quantico opened in September 2012, bringing the nation’s largest public univer-sity even closer for northern Virginia residents. The new academic cen-ter, located in the Quantico

Corporate Center, began offer-ing on-site classes in January 2013, focusing on in-demand undergraduate and graduate degree programs in technol-ogy, security, criminal justice, and management. Conveniently located in north Stafford, one mile from Quantico Marine Corps Base and near I-95, UMUC at

Quantico offers students the benefits of a full-service aca-demic center combined with UMUC’s digital resources and online course catalog. UMUC at Quantico builds on UMUC’s rich history of serving military students that began in 1947 when UMUC first offered classes at the Pentagon. Today, more than half of the institu-

Javier Miyares


enrolling in The Under-graduate School may be eligible to transfer credit from other institutions and may also be awarded credit for prior learning, if eligible under UMUC’s standard policies and procedures. “This represents a sig-nificant step forward for the Smithsonian and its employ-ees,” said James Douglas, the Smithsonian’s director of Human resources. “For the first time, we have a broad-based educational partnership that provides our employees, and their families, the opportunity to continue their education in a

tions’ 97,000 students world-wide are active-duty service-members, reservists, veterans, or their family members. “UMUC at Quantico is yet another outstanding example of our profound commitment to military students,” said UMUC President Javier Miyares. But UMUC at Quantico isn’t just for members of the military. The off-base location welcomes civilians, working professionals, and adult stu-dents from the surrounding community. UMUC has also streamlined the transfer pro-cess for students studying at nearby germanna Community College and northern Virginia Community College. To meet the needs of the local workforce, UMUC at Quantico will offer undergradu-ate courses in cybersecurity, homeland security, and crimi-nal justice, as well as graduate courses in business admin-istration, management, and information technology. The university already offers stu-dent support services—such as advising, financial aid counsel-ing, and testing—at 150 loca-tions, including more than 30 in Maryland, D.C., and Virginia. UMUC at Quantico comprises three classrooms, a computer lab with 30 stations, a confer-ence space for special events, a student lounge with a kitchen, and a lobby with two additional computer stations and a recep-

tion area. Classes will be offered weekday evenings beginning at 6 p.m. “our education coordinators are super advisors,” said Kevin Holmes, direc-tor of the new aca-demic site. “They’re versed in counseling a vast variety of stu-dents, both military

and non-military, on topics from admissions to transferring credits, registering, and explor-ing financial aid options.”

UMUC Forges Educational Alliances with AT&T, Smithsonian

UMUC forged education alli-ances with two icons of the private and public sec-tors—AT&T Inc. and the Smithsonian Institution—late in 2012. The agreement with AT&T offers its employees—and their spouses and dependents—the opportunity to complete degrees or pursue continuing education at UMUC. Under the two-year agreement, students who are not Maryland resi-dents may also be eligible for significant discounts on out-of-state rates. Under a similar agreement, Smithsonian employees can take individual courses or enroll in any of UMUC’s undergradu-ate and graduate programs, most of which are available fully online. Students

N E W S & U P D A T E S

wide range of fields, not just a few specific programs.” “UMUC is pleased to sign these pioneering agree-ments with a global business leader like AT&T and with the Smithsonian Institution, an organization with its own proud history as one of the country’s great educational resources,” said UMUC Acting Provost Marie Cini. “These alli-ances fit well with our mission of providing quality higher education to working adults worldwide and build on our long tradition of helping to strengthen the federal work-force across the Washington, D.C., metropolitan region.”

Presidential Debate Moderators, Ted Koppel Headline The Kalb Report Bob Schieffer, CBS senior correspondent and the mod-erator of the final presidential debate in 2012, looked out at the packed audience at the national Press Club and explained why the debates are more important than ever. “The debates are the last political events that we have that you can get people from both sides to listen at the same time and watch at the same time,” Schieffer said. “republicans will sit through listening to Barack obama

UMUC President Javier Miyares cuts the ribbon, formally opening UMUC at Quantico

so they can hear what Mitt romney has to say. And Democrats will do the same.” With politics so polarized and so many people get-ting their political news from sources with which they agree, he said, the debates are “the last event you can say that is true.” In the first editions of the program since UMUC joined as sponsor and co-producer, The Kalb Report hosted moderators of the 2012 presidential debates on January 28, 2013, while on november 19, 2012, it featured ABC’s veteran newsman Ted Koppel, who discussed the quality of television news.

LEFT TO RIGHT: Jim Lehrer, Martha Raddatz, Marvin Kalb, and Bob Schieffer.

www.umuc.edu | 5 | Achieverwww.umuc.edu | 5 | Achiever

With CBS news legend Marvin Kalb asking the ques-tions, the award-winning series is produced before a live audience at the national Press Club in Washington, D.C., and aired on public television stations across the country as well as by C-SPAn and SiriusXM Satellite radio. Jim lehrer, of the PBS news Hour, moderated the first 2012 presidential debate and said that, while the debates may not

change a lot of minds, they are “hugely important” because they are “confirming exercises” that rouse and rally voters. ABC’s Martha raddatz, who moderated the vice presiden-tial debate, said she didn’t ask “gotcha” questions that have been used in previous years because “you don’t want to look like a complete jerk.” In an edition titled, “The Twilight of TV news: A Conversation with Ted Koppel

on Democracy and the Press,” the ABC news veteran told Kalb, “When Americans finally realize how bad things are and what political straits our sys-tem is in, they will turn back to good journalism.” Information is so ubiquitous and travels so quickly now that without reliable sources of information, “the system collapses,” Koppel said. The Kalb Report is pro-duced jointly by UMUC and

the national Press Club’s Journalism Institute with sup-port from george Washington University, Harvard University, and the Philip Merrill College of Journalism at the University of Maryland, College Park. now in its 19th season, the program is underwritten by a grant from the ethics and excellence in Journalism Foundation. To watch the programs in full, visit kalb.gwu.edu. G

support tomorrow'scybersecurity leaders

Copyright © 2013 university of Maryland university College

call cathy sweet, vice president, institutional advancement, at 301-985-7110 or visit umuc.edu/supportcyber.

invest in the nation's security.Today’s students are tomorrow’s leaders. Scholarship support is essential to ensure that highly trained cybersecurity professionals are available and prepared to keep our nation safe and secure. And your contribution will help fund these much-needed scholarships, enabling more students to continue their education. Support students like James and help tomorrow’s cybersecurity leaders achieve the educational credentials needed to protect our nation. Invest in the future of cybersecurity today.

“a career in the field of cybersecurity is a chance for me to join the fight against some of the most difficult challenges our society has faced since the cold war. . . . this scholarship has enabled my participation in this program despite difficult economic circumstances, and i am looking forward to graduating in the spring of 2013.” James sobel (shown above) UmUC GradUate stUdent

sales enGineer, molex

washinGton, d.C.


CyberseCurity

shortly After defense secretAry leon PAnettA wArned of A “cyber Pearl harbor,” three of university of maryland university college’s top advisers on cybersecurity agreed that he was wrong. A cyber Pearl harbor is not in our future, they said. it already happened—as long as 20 years ago. sneak attacks against the nation’s computer infrastructure occur daily—from personal identity theft, to “hacktivists” trashing targeted web sites, to thieves stealing corporate secrets, to foreign agents probing u.s. security weaknesses. but with these dangers come opportunities. for people willing to get the right education, cybersecurity offers unlimited possibilities for creative employment that will provide essential services to the nation. speaking were three members of umuc’s cybersecurity think tank, which has helped the university establish undergraduate and graduate programs in cybersecurity education:

Retired U.S. Navy Rear Adm. Elizabeth Hight, who was vice director of the defense information systems Agency and deputy director of Jtf-global network operations. she is now vice president of the cybersecurity solutions group, u.s. Public sector, of the hewlett-Packard co.

Marcus Sachs, vice president of national security policy at verizon communications, who coordi-nates cyber issues with federal, state, and local governments.

L. William Varner, president and chief operating officer of mission, cyber and intelligence solutions at mantech international corp.

they joined Achiever writer gil Klein at the national Press club in washington, d.c., to probe this unprecedented new security threat. they talked about the possibility of what Panetta meant by a cyber Pearl harbor—an overwhelming attack that shakes the nation’s security and economic system and warrants a military response.

ILLUSTRaTION BY adam NIKLEWICZ

PHOTOGRaPHS BY Sam HURd

Unlocking the Secrets of

Industry experts discuss the challenges of hacking, tracking, and attacking in a virtual world.

BY GIL KLEIN



very bad that’s unpredictable, and we only hear about it the next morning.

GIL KLEIN: And Bill, how about you? L. WILLIAM VARNER: my real fear is the consequences of a successful cyber attack anywhere in our critical infrastructure. i think we had a little taste last summer of what that might be like with the storms that came through the washington, d.c., area. many lost power for several days. i was fortunate to be able to find power sources nearby and keep my phone and laptop charged for the five days i was without power. but what would we have done had the power not come on in five days? what if it hadn’t come on for five weeks? i think our behavior as a society would change at that point, and it would be a much different place to live.

GIL KLEIN: Defense Secretary Leon Panetta, who probably doesn’t sleep at all given all his responsibilities, recently warned of a cyber Pearl Harbor. Now, let’s start with Marc. What do you think that would look like?MARCUS H. SACHS: well, fortunately, Pearl harbor has already hap-pened, and it probably happened about 20 years ago. the problem is that we don’t know what a Pearl harbor looks like. when was the first intrusion into our networks? when was the first actual loss due to cyber crime? A Pearl harbor is usually painted as an unex-pected attack, where the airplanes come in at dawn. cyberspace is a little different. we’re constantly being attacked; we’re constantly being penetrated. so, many would say that our cyber Pearl harbor moment is actually in our past. we just don’t recognize it; we’re still waiting for this big event, and we’re not paying attention to everything that has already happened. ELIZABETH A. HIGHT: most people equate Pearl harbor with the big bang. i mean, there were bombs dropping, there were people injured and dying. there was a lot of noise. so when professionals use that reference, we think there’s going to be a great big, loud bang somewhere. but that’s not the way cyberspace works.

1969arPanet transmission

1971 Creeper worm demonstrates mobility and self-replicating programs on arPanet

1972File transfer and tCP

1973arPanet virtual Communication with europe

1973Motorola invents the first cellular portable telephone to be commercialized

1974development of the graphical user interface (gui) paves the way for the intuitive design of Mac and windows oS

a BRIEF HISTORY OF CYBERSECURITYBY mELISSa E. HaTHaWaY,president of Hathaway global Strategies and a member of uMuC’s Cyber think tank. Hathaway served in two presidential administrations, spearheading the Cyberspace Policy review for President barack obama and leading the Comprehensive national Cybersecurity initiative for President george w. bush.

1969 1970 1971 1972 1973 1974

1970intel introduces the first 1k draM chip

‟A Pearl Harbor is usually painted as an unexpected attack, where the airplanes come in at dawn. Cyberspace is a little different. We’re constantly being attacked, we’re constantly being penetrated. So, many would say that our cyber Pearl Harbor moment is actually in our past. We just don’t recognize it. —MARCUS H. SACHS

but they were careful to emphasize that the situation is not totally dire. solutions are available and opportunities abound to expand them to meet the ever-changing danger. As marcus sachs said, “All is not bad. we may paint a very horrible picture here, but we want to make sure people under-stand it’s not the end of the world.”

GIL KLEIN: Betsy, what keeps you up at night?ELIZABETH A. HIGHT: the whole host of “unknown unknowns,” whether they be very well-meaning but poorly educated informa-tion security officers, those who believe that the current host of products will keep their systems well defended, or those who have found unique and still undiscovered exploits to get into public, private, or personal systems. All of those things are still unknown unknowns to most of us.

GIL KLEIN: And Marc, do you sleep well?MARCUS H. SACHS: generally, i do, because if you know what bad is out there and what good is out there, you can sleep well. but what bothers a lot of people is that one lucky person. this is one of the problems in cyberspace: somebody can make a mistake somewhere that we don’t know about, and somebody can get lucky—an unknown hacker, an unknown terrorist, an unknown criminal can get very lucky and do something very,

timeline content excerpted from a broader presentation and analysis.


1977emergence of smaller computers

1977Microsoft forms

19791g network (launched by nippon telegraph and telephone in Japan) allows the first cell-to-cell transmis-sion without dropping the call

1979intel introduces the8088 CPu and it is chosen to power ibM personal computers

1978tCP-iP becomes universally accepted global standard to supply network layer and transport layer functionality

1981ibM personal computer

1982at&t divestiture in return for the opportunity to go into the computer business

1983dnS registry lays foundation for expansion of internet

1983dod begins using Milnet—mandates tCP-iP for all unclassified systems

1977 1978 1979 1981 1982 1983

1983Fred Cohen authors the first computer “virus”—a term coined by his academic advisor, len adelman

so if we think about it that way, everyone will say, “oh, no, no, there’ll never be a big Pearl harbor.” but the consequences could be so severe that we would have exactly the same kind of mayhem, if in fact our critical infrastructure were destroyed or even penetrated in some way. L. WILLIAM VARNER: And the worst thing is, we might not know until such an attack is well under way. it might not be the big, explosive, kinetic activity that we think we would immediately recognize.MARCUS H. SACHS: it is, however, a fair analogy, because a lot of what led up to Pearl harbor, what actually allowed it to happen, was the misinformation sharing and the stove-piping of information. People knew what was going on. we had intelligence, but there was no sharing. And this is exactly what we see today.

GIL KLEIN: And in general terms, how is the United States military preparing for a cyber attack? Is it happening quickly enough? L. WILLIAM VARNER: we should look at the responsibilities of the u.s. cyber command and the department of homeland security. even more importantly, look at all of the aspects of our internet infrastructure that are not protected by either the cyber command or homeland security.

what that means is that a lot of our protection today is left up to private industry. in all honesty, companies like ours are, in large measure, responsible for protecting their own networks. And it’s a big challenge. the bad guys only have to be right once. we have to be right 100 percent of the time.

GIL KLEIN: Do you think the general public is aware of the threat? What more can be done to prepare the public for the possibility of a major cyber attack?MARCUS H. SACHS: i think the awareness is there that cyberspace has problems. but what’s missing is the “so what?” what do i do about that? in the physical world, we do a pretty good job of teaching people about looking left and right before crossing the street or about not slipping on the ice. we don’t do as good a job of teaching people what to do in cyberspace to make themselves secure. that’s the education gap.ELIZABETH A. HIGHT: People may be very aware of the threat, but they really don’t know how it impacts them personally. unless they—or a close friend or family member—have had their iden-tity stolen, for example, they won’t know the true impact on their credit report. they won’t know how long it will take to recover.

tiMeline illuStrationS by robert neubeCker

LEFT TO RIGHT: Gil Klein, Marcus H. Sachs, Elizabeth A. Hight, L. William Varner.


‟

1991national academy of Sciences: Computers at risk report

1991First gSM network launches in Finland, giving way to 2g cellular networks

1992oSd issues Policy 3600.2 information warfare

19922g networks make instant messaging possible

1989dod Corporate information Management (CiM) initiative to identify and implement management efficiencies in dod information systems

1990Cern develops HtMl code and software (world wide web is possible)

1990rise of internet innovation

1988Morris is internet’s first widely propagating worm

1988after Morris worm, deC white paper introduces the concept of firewalls and packet filtering; launches the market for security products

1988dod funds Carnegie Mellon Cert-CC as a result of Morris worm

1985Microsoft windows; utility of computer easier for consumer

1985generic top-level domains are officially implemented (.com, .gov, .mil, .edu)

1984 1985 1988 1989 1990 1991 1992

they won’t know that in fact what they put on social media is open to the world and will be there forever. i tell people all the time that we need to have a cyberspace ethics and civics class in elementary school to help teach our citizens from the very beginning what this cyber thing is. because children like to reach out and touch things, and they can’t do that in cyberspace.

GIL KLEIN: What is the need for a trained cybersecurity workforce? Are universities producing the numbers needed? Are there enough students coming out of high school with the skills needed to begin learning this kind of complex information? And, of course, how intense is the compe-tition for these jobs? That’s a lot of questions. L. WILLIAM VARNER: those are easy questions, gil, because the answer to most everything is no. there are not enough people currently. there are not enough people coming out of high schools or being trained in our colleges. And there are just not enough people in the general stem—science, technology, engineering and math—curricula altogether. i know betsy and marc and i all share an interest in trying to increase the number of trained cyber professionals in the country, particularly those who are able to obtain the clearances that let them work closely with our government agencies. And we sponsor a lot of training programs. Just because someone graduates from college with a master’s degree in electri-

cal engineering or computer science does not necessarily mean he or she is ready to join the ranks of cyber warriors. MARCUS H. SACHS: cyber education is a lot like health and health-care. when kids are going through elementary, middle, and high school, we teach basic health principles. but not all kids grow up to be doctors and nurses. cybersecurity is the same sort of thing. we need to teach the basics of hygiene in cyberspace, the basics of what can go wrong. some can go on to become the professionals. but i think what we’re missing is that early education. we tend to think this is only for the little geeks and wizards. but it should be for everybody, just like health education is for everybody. ELIZABETH A. HIGHT: if ever there was a case for lifelong learn-ing, it is cyberspace. All three of us are digital immigrants; we did not grow up with this technology. our children and our grandchildren are very comfortable with it. but the technology is so complex and changes so rapidly, there is no one who can sit back and think, “oh, well, i understand it, and i don’t need any more education.”

GIL KLEIN: Are there enough university programs to do this? Or is this an open field for universities? And who do you get to teach this if everybody who knows it has to be working and protecting somebody?MARCUS H. SACHS: there’s a lot of opportunity there.L. WILLIAM VARNER: there is. umuc has a great program. i also work with almost every university in the area, as well as with some that are not local. but to me, one of the most important things is making our career field attractive to people who are of the age where they are thinking about what kinds of careers they want. MARCUS H. SACHS: it applies to all career fields. it’s not just for those who get a degree in cybersecurity. if your degree is in educa-tion, there needs to be a cybersecurity component, because you’re going to be the one talking to kids. you need to understand cyber-space at a level where you can talk about it, just like you talk about American history, just like you teach math.

And when you’re at UMUC, or in any college environment, that is the time to take your innovative ideas and tinker with them and mature them. And then offer them to the greater good. Because cyberspace is open to all of us. So when you innovate, you’re helping all of us. —ELIZaBETH a. HIGHT

1984Cisco Systems inc. forms


1993Milnet becomes niPrnet

1993Mosaic web browser makes the internet an everyday tool

1994$10 million stolen from Citibank; Steve katz becomes the first chief information security officer (CiSo)

1995aol phishing attacks for passwords and credit card information

1995evident Surprise wargame dePSeCdeF and iC agree to coordinate iw policy

1996itu works on stan-dard (H-323) for voice over internet Protocol (voice and data over single network reduces infrastructure costs)

1996defense Science board paper: information warfare-defense

1997Framework for electronic global Commerce policy (known as the “green Paper” in the u.S.)encourages international adoption of dnS

1997President‘s Commission on Critical infrastructure Protection leads to formation of iSaCs (information sharing and analysis centers)

1994vCJCS directs iw Joint warfare Capability assessment

1994nokia proof—sends data over cell phone (wi-Fi possible)

1996oSd issues 3600.1 information operations broadening the definition to engage during Peace

1996uS relaxes export controls on encryption products to foster global electronic commerce

1993 1994 1995 1996 1997

but other career fields—engineering, law—are also wide open. it doesn’t just have to be focused on technical skills. i think this is where umuc is really gaining an advantage, because they have a wide course curriculum, a big audience. L. WILLIAM VARNER: And in the position we’re in now, i don’t think all of the universities and colleges added together could produce enough people to meet the needs that we have today.

GIL KLEIN: Talk a little bit about the kinds of attacks that are going on right now. Who is making these attacks? And how much impact do they have?ELIZABETH A. HIGHT: there are basically three types of attackers. there are the hacktivists and the joyriders that we’ve seen for years and years. there are the state-sponsored attackers. And there are criminals. so each of them has varying degrees of support and education and training and opportunity. that creates a huge problem for the entire federal, state, and local government environment, because they have to protect against the entire continuum.MARCUS H. SACHS: there are some commonalities. it’s not machines that are attacking us; people are attacking us. the con-

versation we were just having about manpower—our adversaries have the same problem. there aren’t a lot of smart attackers out there, either. in fact, if i had the choice to work for one of us and have a beautiful, bright career, or to work for a terrorist organiza-tion and perhaps get blown up, i might decide that i don’t want to be a terrorist. this is an interesting quandary, because our adversaries do face the same problems. government targets are lucrative, but a government system is no different from a private sector system, or a university system, or a home system. it’s the same silicon, the same software, the same vulnerabilities. the information may be different; the value of the information may be different, but that is actually a strength, because lessons that you learn in the government can be applied to industry, to academia, or to home systems. And vice versa. so it’s a fairly level playing field in terms of defense. solutions work in multiple places. And that’s a strength we need to play to.

GIL KLEIN: Can any of you tell me a story about an attack, how it came about, and what was accomplished?

LEFT TO RIGHT: Marcus H. Sachs, Elizabeth A. Hight, and L. William Varner


2001launch of first pre-commercial trial 3g network (packet-switch) by nippon telegraph and telephone

2001dod Quadrennial defense review renews focus on information operations

2001wikipedia created

2000HtMl accepted as international standard iSo: 15445

2000national academy of Sciences: trust in Cyberspace

1999u.S. Space Command assigned military Cyber offense-defense Mission responsibility

1999Melissa virus sets stage for rapid infections

1997 1998 1999 2000 2001

1998internet Corporation of assigned names and numbers (iCann) established

1998Pdd-63 Critical infrastructure Protection Policy

1998Solar Sunrise dod penetrations realized

1999in-Q-tel established to help government innovate

1999dCi agrees to use same definitions signing out dCid 7-3

2000y2k

2000ddoS attacks againste-commerce affect amazon, ebay, Cnn

ELIZABETH A. HIGHT: we’ve had cases of government organizations dealing with their own bureaucracies. A recent state case involved the lack of a state information security officer for more than a year. the thing that held it up was the bureaucracy of finding someone with these critical skills who would accept the pay of a person in a government bureaucracy. here in washington, d.c., especially, i think the unemploy-ment rate for cybersecurity specialists is less than zero. they’re in great demand. And that’s true not just for government but for industry as well. GIL KLEIN: Bill, do you have a great story here?L. WILLIAM VARNER: when you are attacked you might not even know it; the data is still there. they take a copy of it; they don’t take the data. it’s a lot different from physically breaking into a building and stealing something, where you notice, “hey, my stereo system is gone.” you may not know that somebody has taken your valuable intellectual property. MARCUS H. SACHS: let me mention a real-world case here. the rsA corporation, as many of us are aware, is at the top of their game when it comes to cybersecurity. devices, software, consulting services, they’re all over. but yet they got breached. And it kind of reflects back on that very first question: what keeps you up at night? here you have the best, and they get broken into, even though they’re doing everything right. ELIZABETH A. HIGHT: so 10, 15, or 20 years ago, we thought if we could protect the outer perimeter, we could keep all the bad guys out. As a matter of fact, in 2005, the department of defense really cracked down on two-factor authentication and required everyone to log on to the network with their cAc cards—something that they knew, something that they held in their hands that could not be stolen by someone who was putzing around in a network looking at the password file. so those defenses were developed, and then we went on to phishing. And now we’re into spear phishing, and the human

‟Companies like ours are, in large measure, responsible for protecting their own networks. And it’s a big challenge. The bad guys only have to be right once. We have to be right 100 percent of the time. —L. WILLIAM VARNER

MARCUS H. SACHS: what we see today usually comes on one of two levels. there is the subversive attack that is very hard to see. the adversary is interested in targeting you because there is informa-tion that they want specifically from you. And they will take time to get it. they go in and grab what they want, they take it, and you may not realize that it’s gone. often we see this happen after the fact. we have forensics teams that will go in and investigate, and a company or organi-zation will realize that they have been breached. And it some-times turns out that the initial entry was more than a year ago and the adversaries have had that much access before they are finally noticed. then you have the class of attacks that are very noisy, like denial-of-service attacks or flooding attacks. the target may be an organization like a bank or a government, or it may just be any-body who happens to be connected to the internet. those are like a flash; here today, gone a few moments later. but they can still be very visible. And we face this all the time, particularly with high profile web sites. this is the hacktivist problem we’re talking about, where in the past you might go up to whomever you didn’t like and spray paint your message all over their glass wall. today, you go online and maybe deface their web site, or cause a denial-of-service attack so their customers can’t get there.

1997google search engine invented

1997802.11 international Standard agreed upon

1997eligible receiver exercisefocuses dod and iC on vulnerabilities of u.S. infrastructure and foreign io programs


2006Facebook forms

2006Congressional testimony nSa outlines closercoordination with dHS

2006Hengchun earthquake (taiwan) affects undersea cables and internet for 49 days

2003Ca State data breach law: businesses must report breach of Pii

2003linkedin: business applica-tion of social networking

2003dod transformation Planning guidance formalizes net Centric warfare

2003Skype (beta) debuts

2004dod io roadmap programs more than $1 billion in new funds to normalize io

2004ew roadmap to focus dod’s efforts to provide electronic attack options

2005Choice Point first breach of personal identifiable information (Pii)

2005nerC announces standards for cybersecurity for reliability of bulk-power systems

2002department of Homeland Security assumes Critical infrastructure Protection Mission

2002Social networking technology takes off with Friendster

2002 2003 2004 2005 2006

2001Council of europe, Cybercrime Convention (treaty)

2001nuclear Posture review calls for replacement of nuclear weapons with non-kinetic weapons

2002u.S. Strategic Command assigned military Cyber offense-defense Mission responsibility

2002dod 3600.1 policy is reissued with new definition for information operations

Cyber-Speak Glossary

element is so unpredictable. A very well-documented case that involved an effort to hack into an international company was really engineered around calling a system engineer overseas and claiming to be a member of the company. it was very late in the evening, and the system admin overseas said, “sure, i can reset your pass-word.” And the hacker actually got into the system that way.

GIL KLEIN: Is there a level of cyber attack that you think would warrant a traditional military response? Or could we even figure that out?ELIZABETH A. HIGHT: i think with technology today, there are some who can figure that out. And as a citizen of the united states, if an organization or an individual actually turned off my power, or poisoned my water, or caused an airplane to crash, i certainly hope the united states would respond somehow. MARCUS H. SACHS: that somehow is the question. is the somehow diplomacy that ultimately finds its way into the military? or is

the somehow trade sanctions? or is the somehow just a demarche or a public outing? i think that’s a public policy problem we have here in washington. we don’t have that answer.L. WILLIAM VARNER: of course, that brings up the whole issue of attribution, which, in my opinion, is the most difficult problem in cybersecurity. you need to be pretty certain who launched the attack before you strike back. in reality, many attacks originate right here in the united states; they are just routed through other countries. MARCUS H. SACHS: we have a very clear policy about the use of nuclear weapons, for example. there is no ambiguity about what the united states’ response would be if somebody fired a nuclear weapon at us. we have a very clear policy on invasion. but we don’t have a clear national policy that says, “it is the policy of the united states to do the following if there is a cyber attack that meets such-and-such a threshold.” i think we have to have that.

CAC Card is a common access card issued by the Defense Department that allows entry to government buildings and computer networks. About the size of a credit card, it has an embedded microchip that has a digital image of the card- holder’s face, two digital fingerprints, Social Security number, and other identifying data.

DARPA is the Defense Advanced research Projects Agency, an independent research branch of the Department of Defense created in 1958 that funded a project that led to the creation of the Internet. Its mission is to think independently of the rest of the military and to respond quickly and innovatively to national defense challenges.

Exfiltration, also known as extrusion, is the unauthorized transfer of data from a computer or network.

Hacktivists are people who break into computer systems for politically or socially motivated purposes. Their motives are usually not to steal infor-mation but to alter a targeted Web site or hamper the organization’s ability to operate online.

Spear Phishing is an attempt to gain unauthorized access to an organization’s information by targeting specific individ-uals in that organization. Unlike regular phishing, which is typically carried out by random hackers, spear phishers know exactly what information they want and who can provide access. They send mes-sages that appear to be from authorita-

tive sources asking for passwords and other information that will grant them access to classified information.

Stuxnet is a computer worm believed to have been developed by the United States and Israel that was used in 2010 to attack the supervisory control and data acquisition systems of Iran’s nuclear development program.

U.S. Cyber Command was created in 2009 in the Department of Defense to plan, coordinate, integrate, synchronize, and direct activities to operate and defend the department’s networks. When directed, the Cyber Command con-ducts military cyberspace operations to ensure the United States and its allies freedom of action in cyberspace while denying the same to its adversaries.


2008rbS world Pay $9 million stolen in 30 min., 49 cities

2008President announces modernization program (Smart grid, next gen Faa, Health-it, broadband to america)

2008georgia-russia conflict demonstrates cyber in warfare

2009Heartland Payments breach demonstrates that compliance does not equal security

2009Cyberspace Policy review: Cyber is eco-nomic and national security priority

2007 2008 2009

2007uSaF establishes a Cyber Command

2007Comprehensive national Cybersecurity initiative (CnCi)

2007tJ Maxx breach (exploits wi-Fi)

2007estonia ddoS highlights use of force (wartime applications with con-scripted computers)

2007Joint Staff, national Military Strategy for Cyberspace operations

2008Cable cut(s) in Mediterranean dramatically slow down internet and egypt affected badly

2008Conficker worm requires unprecedented international cooperation and operational response

2009Move to cloud computing

2009national research Council report: Cyber attack Capabilities

20094g offered via wiMax standard (Sprint) speed improvement of 10-fold

2009operation aurora coordinated attack on many high-profile companies targeting intellectual property

ELIZABETH A. HIGHT: And i think that is one of the great things about the umuc curriculum. there are courses where students are challenged to think critically about those policy issues. And that area is ripe with opportunity, whether you’re a student, a private citizen, or a member of the legislative or judicial branch. those discussions need to happen before we actually wake up one day and discover the catastrophic effect of a cyber attack.L. WILLIAM VARNER: And the interesting thing we’re all saying here is that cyber technology is more advanced than cyber policy.MARCUS H. SACHS: And of course cyberspace doesn’t belong to anybody. it belongs to everybody. it’s really a metaphor; it’s not really a thing. it’s not like dirt or air. it’s this made-up and synthetic thing that humans have built. so when we ask the question, “what should the military do?” it really depends on whom you’re asking. because a network owner and operator would say, “the military has no role here, other than perhaps protecting my physical assets. the actual essence of cyber-space is a business; it’s not a military battleground.”

so this is an ongoing debate here in washington. maybe we need to just keep talking about this, not wrapping it up behind classified doors, because it is a very serious policy matter that we have to start discussing openly.ELIZABETH A. HIGHT: i think one of the things to consider is the foundation of our own country. i mean, individualism and privacy and all of those concepts that our country was founded on really fly in the face of cyberspace. because a lot of people would say there is no privacy in cyberspace, and others would say that there is all kinds of privacy, it just depends on how you use cyberspace.MARCUS H. SACHS: if you start with the constitution, everybody understands the first Amendment. freedom of speech, we want that; so, okay, we check that off. then you get to the second Amendment and things get very awkward. what does it mean to have the right to bear arms in cyberspace? what is an arm? And we’re only on the second Amendment! we haven’t even gotten to three or four. [Laughter.] so, again, this is the debate we have got to have. what does this stuff mean?

LEFT TO RIGHT: Marcus H. Sachs, Elizabeth A. Hight, and L. William Varner at the National Press Club in Washington, D.C.


2010intel Corporation SeC Filing

2010texas bank sues customer over cyber-theft

2010uk data Protection law: $500,000 fine for lost protected data

2010Stuxnet worm strikes iran’s nuclear facilities

2010 2011

2010STANDUP OF U.S. CYBER COMMAND

2010Smokescreen, online virtual reality game, guides teenagers through dangers of social networking

2010Court rules in favor of Comcast; net neutrality debate heats up on internet regulation

2010nato Strategic Concept review highlights cyber

2010nato declares cyber defense a priority

2010Market shift: Proliferation of handheld wireless devices

201188 percent of egyptian internet cut off from citizens

2011naSdaQ penetrated

2011libya cuts off internet and social networking sites from citizens

2011the netherlands, France,and germany publish cybersecurity strategies

2011iPv-4 address allocation exhausted

2011Hackers break into Canada’s treasury system

2011uk states that cyber-attacks and cybercrime are among its top five security issues

2011epsilon breach: High profile customers exposed

2011rSa/eMC Corporation SeC filing (Secureid breach)

2011g8 discusses that laws need to apply to the internet

GIL KLEIN: The United States and Israel apparently launched a success-ful cyber attack known as Stuxnet against Iran’s nuclear development program. Is that the type of low-level warfare we can expect to see that avoids actual firepower? Do you see an offensive use for the U.S. military? ELIZABETH A. HIGHT: well, i wouldn’t call trying to disable a coun-try’s nuclear arsenal “low level.” i think that as we evolve in this arena, we will continue to see operations of certain types until we have case law or legislation that defines that. i think one of the most important things to realize is that it’s not just u.s. citizens that are thinking about conducting defensive or offensive operations. this is a global domain; there is no state line or national border. And these conversations need to be held globally. MARCUS H. SACHS: it’s hard for the united states because we’ve always been ahead of this game when it comes to technology—from airplanes to spaceships to nuclear weapons. but enter cyberspace, and we just assume we’re in charge. we assume we have more capabilities than others. that may not be the case. And that’s very awkward for us, because now we have worthy adversaries. but they’re not necessarily countries like china or russia. An adversary could be an individual, a corporation, a loosely affiliated group or a terrorist group. it could be a cause. that’s what makes cyberspace so interesting. when we say what offensive is, we try to go back to our classic industrial think-ing of tanks and planes and ships and invasions. but offensive in cyberspace may be completely different. And i think stuxnet is a great example, but it’s like a biplane compared to a strike fighter. this is so basic, to do a stuxnet-type thing. And the history books will record this. Play this tape back even 10 years from now. look at how we will refer to stuxnet and say, “wow, in its day that was pretty cool. but that’s so simple. we issue that capability to our kids; we show them how to do that to each other.” [Laughter.]

GIL KLEIN: So is this asymmetrical warfare taken to a new level?L. WILLIAM VARNER: that’s an excellent question, because it is

asymmetrical warfare, and the barriers to entry are small. they’re the cost of a laptop or a Pc and an internet subscription; that’s all it takes. it’s just an inordinate cost to defend against what an attacker can do almost for free. MARCUS H. SACHS: but do you know the good news in all of this? there really are basic, simple things people can do to protect themselves. oftentimes we do get wrapped up in the, “oh dear, cyberspace is so dangerous; i think i’ll just unplug and go farm for the rest of my life.” but it turns out there are a lot of very simple things that any-body can do to reasonably protect themselves, much like in the real world. we’ve learned that as humans and as part of society. i think that’s the piece that we’re hunting for with cyberspace: what are those basic things individuals can do? because you’re always going to have threats, and you’re always going to have attackers.

GIL KLEIN: What is the responsibility of the private sector in providing a level of security? And what is the responsibility of the federal govern-ment in making sure that it is meeting that responsibility? ELIZABETH A. HIGHT: i think cybersecurity has moved out of the computer operations center and into the boardroom. the boards and senior management teams who take the time to become educated in the risks associated with cybersecurity realize that there is a real reason to understand cybersecurity. A wonderful sec guidance came out recently saying that if you have a significant risk to a public company, it has to be reported, and that includes cyber risks. so i think that’s a step forward in educating both the boards and the senior management teams of industry.MARCUS H. SACHS: cybersecurity is now emerging as one of those areas where you’re actually better off if you’re outsourcing it and using what’s emerging as managed security services. this has become so complex and so technical and so specific that it may be better as a business leader not to try to do it all yourself.L. WILLIAM VARNER: this calls for a public/private partnership, along with a way to share information about attacks that may be

‟We’ve pushed the government right now not to regulate us, but to let us innovate. Let us find our way out of this security problem by being creative. That’s what Americans do best. We are the world’s best innovators. —MARCUS H. SACHS


2011

2011Sony PlayStation net-work breached; initial clean-up, $170 million

201165 percent of Syrian internet removed from routing tables (40/59 networks)

2011Microsoft acquires Skype for $8.5 billion

2011austria declares cyber defense a national priority

2011new Zealand publishes cybersecurity strategy

2011iMF penetrated and severs connection to world bank as a precaution

2011eu increases penalties for cybercrime

2011Citigroup breach; 200,000 accounts accessed

2011Syrian electronic army (Sea), a pro-government computer attack group, actively targets political opposition and western web sites

2011anonymous targets nato

2011Federal Financial institutions examination Council (FFieC) issues supplemental guidance on risk management: “authentication in an internet banking environment”

2011diginotar certificate breached

2011Singapore announces it will stand up a national Cyber Security Centre headed by the Singapore infocomm technology Security authority

2011Cert–eu opens

2011international Code of Conduct for information Security brought to the 66th un general assembly

occurring so that both government and industry can benefit. in fact, there are activities like that under way that we’re all part of, and they are having some success. ELIZABETH A. HIGHT: i think we have been talking about public/private partnerships for years. but in my view, most of these discussions are just far too general. they are not taken seriously by most people who are in control. those individuals may like control, but they don’t understand that in fact they don’t have the expertise to keep up with this incredibly, remarkably dynamic, complex space.

GIL KLEIN: Along that line, former CIA Director James Woolsey said hackers are stealing us blind by breaking into company databases and taking secret development plans. How big a threat is this to U.S. busi-ness? And how adequate is the response?MARCUS H. SACHS: that’s probably the number one threat to our country right now. it’s death by a thousand paper cuts. we are leaking—what’s the estimate?—trillions of dollars annually, intellectual property that’s just going out the door. we look at our current economy, which is kind of sputtering, and one of the factors we never talk about is cyberspace. what about the leakage of all this intellectual property that’s gone to other countries who can now compete against us because they stole all of our know-how?

GIL KLEIN: Is it possible to give an example?L. WILLIAM VARNER: one estimate by people who are generally well regarded in the intelligence community is that at least one tera-byte per day of u.s. intellectual property is being exfiltrated to other countries. so to put that in perspective, the written material in the library of congress comprises about 10 terabytes. general Keith Alexander, the director of nsA and head of the u.s. cyber command, has stated publicly that he believes this is the largest wealth transfer in the history of the world.

GIL KLEIN: So how much rigorous scientific experimentation is going on now that will lead to security breakthroughs? ELIZABETH A. HIGHT: i think there’s a lot going on, both in govern-ment and in industry. As a matter of fact, dArPA [the defense Advanced research Projects Agency] has recently released a fraud area announcement for some really exquisite defenses. And dArPA has hired some of the best-known hackers in the united states to turn their tradecraft into a defensive mechanism. so this is a well-recognized problem that academia, govern-ment, and private industry are all trying to solve. MARCUS H. SACHS: often when we say cyberspace, we really mean the internet. but the internet is just a piece of cyberspace. Air traffic control and interbank transfers don’t go over the internet, for example, but they’re part of the communication infrastructure. the internet today is largely based on the explosion of per-sonal computers back in the 1980s, followed by the explosion in the 1990s of the internet itself, as everybody became familiar with it and as faster networks and laptops came along. in the past five to 10 years, a new wave known as wireless has come along. we’re beginning to see a different type of device, different applications, different ways of thinking. And in fact, that wireless world is now bleeding into home security systems. it’s in your car, thanks to bluetooth. so there’s opportunity here. where the old internet is largely built on a string of wired Pcs and hard drives, we now have a new cyberspace that’s coming out, largely internet-centric, but with pieces that aren’t the internet. And in fact, right behind that is this new thing called cloud computing. so just like any other technology, we have waves of innovation.And what i think some are seeing is that each wave gives us the opportunity to add security that wasn’t there in the previous wave. so cyberspace can in fact get more secure as we go forward.because we tend to build in new resiliency. we build in new safety features. we kind of build on previous mistakes. continued on page 18

‟I use this phrase: “Hug an ethical hacker.” Start thinking about how to protect your systems by thinking like a bad guy. One of the new industries that has sprung up is ethnical hacking courses for senior government and industry executives. —ELIZABETH A. HIGHT


cybersecurity is A growing concern at the state level, and cybersecurity breaches are costing state governments large sums of unbudgeted money to fix and accommodate. like many who file state income tax returns electronically, i received official notice on december 22 from a state government that my social security number, tax identifi-cation number, payment information, bank accounts, and credit cards may have been exposed due to a security breach that took place three months earlier and was not discovered until a month afterward. in this particular case, which involves the state’s department of revenue, the potential breach of stored information goes back more than 10 years and involves millions of state income tax filers—both businesses and individuals. in addition to hiring outside forensic experts, putting new policies and procedures into practice, and installing new technology, this state government is paying an outside security firm for one year of credit monitoring and fraud resolution services for each tax payer who may have been violated (and who chooses to register for the offered services). this is just one example from our increasingly cyber-connected world, but it serves to illustrate how cybersecurity has become a new problem for individuals and businesses to worry about and for state governments to deal with on a comprehensive, cross-functional, statewide basis. the national Association of state chief information officers (nAscio) continues to identify cybersecurity as a critical con-cern for state governments. the recently released “2012 deloitte-nAscio cybersecurity study” notes that cybersecurity does not fail gracefully. cios and chief information security officers (cisos) must worry that if they don’t get security right and

systems are breached, the state’s cybersecurity program may be per-ceived as ineffective and the state’s citizens may suffer direct harm. cybersecurity threats to state government—like threats to all sectors—are growing in sophistication and frequency. A new breed of cybercriminal and hacktivist is emerging with a nar-rowed focus on monetary gain or on making political statements. According to a recent rapid7 report on the “data breaches in the government sector,” government agencies have lost more than 94 million citizen records since 2009. remarkably, the average cost per lost or breached record is $194, according to the Ponemon institute’s 2011 cost of data breach study. from the deloitte-nAscio study, 92 percent of state officials feel that cybersecurity is very important for the state, yet only 24 percent of cisos are very confident that they can protect state assets against external threats. further, 70 percent of state cisos have reported a breach, but only 32 percent feel that their staff has the required cybersecurity competency. most noteworthy is that the increasing need for cybersecurity education and training is repeat-edly identified in all sectors of government, business, and society. within state government, security breaches may be far more costly than cybersecurity programs, especially when considering the cost of regaining lost citizen trust. At the heart of an effective state cybersecurity program are properly educated and trained cybersecurity professionals. i am pleased that umuc continues to work to meet this need through its cybersecurity degree programs and by producing trained cybersecurity professionals to meet growing workforce demands. G

STATE OF EMERGENCY? bY LT. GEN. HARRY RADUEGE (USAF, RET.)

Lt. Gen. Harry Raduege (uSaF, ret.) is a four-time military Cio and former director of the defense information Systems agency (diSa). He currently serves as chairman of the deloitte Center for Cyber innovation.

illu

Stra

tion

by

JoHn

rit

ter


2011iSo formally ratifies iSe/ieC 27035:2011, an information security best practices process for incident reporting

2011blackberry outage affects millions of customers

2011nCix report: Foreign Spies Stealing u.S. economic Secrets in Cyberspace

2011SeC guidance to public companies: Cybersecurity is a Material risk

2011kenya launches informa-tion security master plan to safeguard public infor-mation on the internet

2011united kingdom publishes new Cyber Security Strategy

2011eu tld registry makes it easier for registrars to use internet secu-rity protocol domain name System Security extensions (dnSSeC)

2011Cyclone dagmar affects power supplies to elec-tronic communication net-works in nordic countries; millions of users left with-out telephony or internet for up to two weeks

2011South korea leads the world in iCt development and peer-to-peer botnets

2011 2012

2012weF ranks cybercrimes as #1 technological risk

2012interPol announces stand up of global Complex for innovation in Singapore focused on digital security and cybercrime

what i’m trying to say is that all is not bad. we may paint a very horrible picture here, but we want to make sure people under-stand it is not the end of the world. As new technologies come along, new vulnerabilities are introduced—don’t get me wrong there—but we are making some remarkable changes. but for anybody who is interested in this area, the field is wide open for new ideas, new concepts. my company and your com-panies, we all have open doors for innovators, for new ideas, for fresh concepts and fresh ways of doing things. And to kind of wrap this up, we’ve pushed the government right now not to regulate us, but to let us innovate. let us find our way out of this security problem by being creative. that’s what Americans do best. we are the world’s best innovators. ELIZABETH A. HIGHT: And when you’re at umuc, or in any college environment, that is the time to take your innovative ideas and tinker with them and mature them. And then offer them to the greater good. because cyberspace is open to all of us. so when you innovate, you’re helping all of us.

GIL KLEIN: So if you could get the ear of President Barack Obama or of Congress, what would you tell them?MARCUS H. SACHS: if the president were sitting right here, i would like to know, first, what he does to protect himself as the leader of the most powerful nation in the world. what does he do personally in cyberspace? it may be a bit of an embarrassing question, because it catches a lot of people off guard: what do i do? because i can pontificate all day long about what everybody else should do, but what do i do? that might lead to a very interesting discussion. now, the president might get it right, and might actually have a lot of insight. in which case, mr. President, please stand up in front of the bully pulpit and start preaching. [Laughter.] but we don’t know where the president comes down on this. ELIZABETH A. HIGHT: i think what you’re really saying is, “be a role model.” that’s one of the barriers to getting our young people really excited about these careers.

i think it would be wonderful to shine a light on some of our heroes in cyberspace. And i think keeping everything behind the classified green door is a mistake. i guess if i were across the table from the president, now that he has won a second term, i would say, “take a chance. look at the issues that need to be developed. look at the lack of case law. let’s think about what that means to our econom-ic future and our personal privacy. let’s look at those issues, now that you’re in a position to take that risk.” And i would say, “go for it!” L. WILLIAM VARNER: right, so we would stress just exactly how important it is to develop that cybersecurity policy to the level of the policy and the doctrine we used to have, for example, in the days of the cold war. we don’t have that for cyberspace.

GIL KLEIN: You mentioned cybersecurity heroes. Can you give me a case study or a story? Can you tell me a story about cybersecurity, or is it all still classified?ELIZABETH A. HIGHT: well, i know a lot of heroes who man network and security operations centers around the world for the united states military and for the department of homeland security, and for some of our industry partners. i know local and state government heroes that are doing that job every day. they’re sort of like firefighters and policemen. until something terrible happens, you just don’t know about them. GIL KLEIN: I was hoping you could give me a real name here.MARCUS H. SACHS: there was a book called The Cuckoo’s Egg, by cliff stoll. cliff was an astronomer in a university and recognized that there was a problem in one of his computing systems, where the accounting was off by a few pennies. now, computers are precise. they should be exactly correct. And when he found that they were off by a few pennies, he began to ask questions. come to find out, there were intruders in there. And the intruders were changing the logs.

continued on page 20

‟One estimate by people who are generally well regarded in the intelligence community is that at least one terabyte per day of U.S. intellectual property is being exfiltrated to other countries. —L. WILLIAM VARNER

2012an israeli idF team launches an attack against a Hamas web site (qassam.ps), knocking it offlline to protest the site’s anti-israeli stance


the Amount of informAtion about us—the products we purchase, the processes we use, and the businesses that surround us—has grown exponentially. we now generate more data every two days than we did in aggregate from the dawn of early civilization through the beginning of the 21st century. And this information explosion accelerates each year by 40 percent. this is called the “big data revolution” and it is not only big in volume; it is also big in vari-ety and velocity—meaning different types of data at a wide range of input speeds and refresh frequencies. big data has very big implications for business. big data offers a company numerous opportunities to enhance its value across entire product and service lines based on advanced analytics. for example, an airline might dynamically optimize fares based on customer preferences and behavior, or an electric utility might optimize power genera-tion and distribution based on consumer needs and living habits. some challenging questions revolve around data rights and ownership, and it will take some time for a consistent legal frame-work to emerge. in the interim, though, big data’s business advan-tages are offset by each company’s responsibility to protect private, personal, and sensitive corporate information. leaders must know the answer to several key questions: where does your company stand amongst your peers with respect to data security? Are you leading with best practices or lagging behind? do you understand and appreciate your liability? do you have a plan to address deficiencies? because the cyber threat environment is rapidly advancing, traditional security methods are not just incredibly expensive; they no longer work. “Attack surfaces”—the ways a company’s data can be exploited—are increasing, even as attack methods are becoming

more sophisticated. responsible corporate leaders must understand their attack surfaces and the effectiveness of their security measures.we have found many companies don’t get the most for their secu-rity expenditures, and some spend more than their peers but get less in return. since there are no absolutes in security, peer benchmarks provide the best measures of effectiveness. companies need to think and act differently to get the most for their data security investment. this includes collaborating with others in their industry, even competitors. every enterprise needs to understand the risks they assume and what they mitigate relative to one another. companies that lead in this area will be advantaged as trusted partners and providers, which in turn will benefit sales and customer retention. it also promises to reduce liability in the event of data spills, insider disclosures, or remote data theft or destruction. through collaboration, companies can create reasonable standards that may serve to head off more restrictive governmental regulations. but peer collaboration can provide more than just reasonable stan-dards for an industry; it might also identify opportunities to share security investments and approaches. for example, the electric utility sector could develop a cooperative to monitor and identify imminent attacks on the power grid, spending less on static security and instead focusing resources when and where they are needed. while iwcA (indication and warning and counterattack) capability has proven effective, it is seldom affordable for an indi-vidual company; however, a shared cost approach could provide high value at significant savings. our experience shows that once an iwcA capability has been established, adding companies in the

big data: dream or potential nightmare? by mark gerencser

Mark Gerencser is chair of uMuC’s board of visitors and co-author of the best-selling book, Megacommunities. He is managing partner of booz allen Hamilton’s global Commercial business, the leader in enhancing company operating performance, regulatory compliance, and security.

illu

Stra

tion

by

JoHn

rit

ter


PHot

ogra

PH b

y da

nut

a ot

Fin

owSk

i


2012google announces new privacy policy

2012iSo/ieC 27032 publishes international guidelines on cybersecurity

2012Shamoon used against Saudi aramco and damages some 30,000 computers (attack aimed at stopping oil and gas production at the biggest oPeC exporter)

2012Presidential Policy directive 20 establishes national guidance for operations in cyberspace

2012distributed denial-of-Service against u.S. financial institutions peaks at 60 gigabytes/second.

2012Hurricane Sandy affects power supplies and com-munication networks in northeastern u.S. for up to four weeks

2012world Conference on international telecommunications (wCit) updates and revises the international telecommunication regulations (itr)

2012

2012u.S. Congress releases a report on national security issues posed by Chinese telecom companies

2012Syria shuts off internet access across the country

so an entire book has been written about this. it would make a fascinating movie.

GIL KLEIN: Bill, have you got any heroes out there?L. WILLIAM VARNER: i think of some of the former directors of some of our major agencies—general Kenneth minahan, for example, the former director of nsA [national security Agency] and diA [defense intelligence Agency]. he was involved in the very early beginnings of the internet and working with microsoft when some of the early vulnerabilities were discovered. bill crowell is another cyber hero, i think. he’s now a venture capitalist, but he was a former deputy director of the nsA. i think there are numerous people who have taken advantage of the positions that they had to make enormous strides in getting us to where we are today.

GIL KLEIN: Just to wrap up here, what I’m reading about is the next phase of the Internet; it’s so unbelievable, when you get into the cloud and you get into artificial intelligence. Do you see greater threats here? At some point you were saying, “No, this could actually be better for us.” We’ve come through 20 or so years of the Internet and the world’s still here. What are we doing right?L. WILLIAM VARNER: in my opinion, gil, we’re in a wonderful position. we have more technology than anybody ever dreamed we would have. we’re using it. my car sends me e-mails just to let me know how it’s doing. And i do think we have the opportunity to make it even more secure, especially when we move into cloud environments. because when the internet was developed, security was just not a consideration; it was about communication and convenience. we have tacitly made the assumption over all of these years that we value the convenience and the efficiency that we get from today’s internet and all of cyberspace, and we’re willing to work really hard to develop the security that we need to be able to con-tinue to use it.

but i think it’s a system that the entire world depends on. it would be very difficult to imagine living without it. so i think we’ve made tremendous strides, and we just have to continue to work very, very hard to deal with all the security issues that come up.ELIZABETH A. HIGHT: this is a journey. A secure cyberspace is not necessarily a destination. with technology comes vulnerabilities. our ability to recognize them is incredibly important. i use this phrase: “hug an ethical hacker.” start thinking about how to protect your systems by thinking like a bad guy. one of the new industries that has sprung up is ethnical hacking courses for senior government and industry executives. this is a continuum that we will be on forever, long after we’re no longer here.

GIL KLEIN: Marc, do you have any final thoughts?MARCUS H. SACHS: cyberspace being a metaphor, it is also an extension of the human mind and human society, what we think and what we do. there’s opportunity for the bad guys to take advantage of it, and there’s opportunity for the good guys to do it right. And there are opportunities for governments, for the private sector, for academics. right now, we’re at the beginning of something really, really cool. And we’re the only generation that gets the first bite of the apple. subsequent generations have to put up with our thinking. when historians look back on our legacy, i hope they will say, “these guys got it right. facing this complex challenge, they got it right.” shame on us if hundreds of years from now they’re still fixing the problems that we come up with here. i think that’s our challenge. that’s a challenge we can meet. but can we lead? can we cause these changes so that future generations can build on what we’ve done?

GIL KLEIN: That is a terrific way to end this. Marc, Bill, and Betsy, thank you so much for being here. We certainly appreciate all the time you’ve given us. Thank you. G

‟But enter cyberspace, and we just assume we’re in charge. We assume we have more capabilities than others. That may not be the case. And that’s very awkward for us, because now we have worthy adversaries. But they’re not necessarily countries like China or Russia. An adversary could be an individual, a corporation, a loosely affiliated group or a terrorist group. It could be a cause. —MARCUS H. SACHS


it is AlwAys temPting, but usuAlly wrong, to mark the beginning of an era from when you showed up, but i think there’s a pretty good argument that the Pentagon’s exer-cise eligible receiver 97 (er97) in June 1997 marked the point where the department of defense (dod) began to get serious about cyberdefense and cybersecurity. er97 was one in a series of periodic exercises designed to test dod’s crisis action capabilities, and the scenario included intru-sions into different parts of dod’s command and control systems, as well as simulated disruptions of civil critical infrastructure. the intrusions into dod’s c2 systems were authorized by the secretary of defense and were real. the red team left behind non-malicious marker files to document their success, and the exercise play incorporated effects the red team could have caused given the level of access they achieved. while the critical infrastructure attacks were simulated, they were based on well-understood systems, known vulnerabilities, and openly available tools. er97 played out over a two-week period in a realistic operational scenario in the Pacific region, with the realism enhanced by a daily cnn-like news broadcast detailing the developing crisis, characterized by ambiguous infor-mation, confused lines of authority, and loss of confidence in command and control systems. while some inside observers had long recognized dod’s growing cyber vulnerabilities, it was not a problem on most people’s front burner; however, to quote one senior dod offi-cial, er97 “scared the hell out of a lot of people” and got the attention of senior leaders like deputy secretary of defense John hamre, who provided the top cover to set up a formal structure with operational authority to organize for cyber defense. i happened to be newly assigned to the Joint staff and had the opportunity to help respond to the findings of er97. later, i would serve as the first commander of the Joint task force–computer network defense, which had, for the first time, the single mission of defending dod’s networks from attack. from its origin in 1998, this fledgling organization grew through several iterations into the Joint task force–global

network operations, which was absorbed into the u.s. cyber command in 2010. so i think a case can be made that June 1997 marked the beginning of dod’s widespread awareness of its cyber problem and the point from which the present cyber defense structure dates. over the years, we have come to divide the cyber disciplines into defense, exploitation, and Attack, with exploitation and attack closely linked because the network access which enables exploitation can also be used for attack. (to paraphrase former nsA director general mike hayden, “attack is a lesser included form of exploitation.”) computer network attack has long seemed to have tremen-dous potential to support or even replace kinetic action, and some examples have emerged, most notably the stuxnet attack on iran’s nuclear enrichment plants. but because much of the discipline is highly classified, it is difficult to judge how well it has delivered on that promise. still, cyber attack is an exciting tool with a growing target set.

Lt. Gen. John Campbell (uSaF, ret.), is chairman, government advisory board, iridium Communications inc. during a 32-year career with the u.S. air Force, he served as associate director for Military Support for the Cia, vice director of the defense information Systems agency, and the first commander of the Joint task Force–Computer network defense, as well as completing a variety of flying assignments around the world.

cyberdefense: a retrospective by Lt. Gen. John campbeLL, (Usaf, ret.)


illu

Stra

tion

by

JoHn

rit

ter


BY BOB LUdWIG

Maryland,My Cyber Marylandthe nAme of the mArylAnd stAte song—“maryland, my maryland”—hasn’t changed. but today, it seems the title of the old battle hymn ought to include cyberspace, as maryland quickly evolves into the epicenter of the nation’s booming cybersecurity and information assurance industries. the state is uniquely situated to lead a cybersecurity industry that has exploded in the past 10 years, and it is no surprise that maryland was chosen as home of the national cyber security hall of fame. At the federal level, maryland is home to key cybersecurity-related agencies like the national institute of standards and technology (nist), the national security Agency (nsA), the defense information systems Agency (disA), and the intelligence Advanced research Projects Activity (iArPA). And as a result of the defense department’s base realignment and closure (brAc) commission, maryland added the u.s. cyber command, which relocated to ft. meade in 2011, and the Army’s communications-electronics command (cecom), now based at Aberdeen Proving ground. maryland’s colleges and universities are integral to the industry, as well, graduating students from some of the country’s first academic programs in cybersecurity. umuc is one of 13 maryland universi-ties—more than in any other state—designated as national centers of Academic excellence in information Assurance education by the nsA and department of homeland security (dhs). “maryland has a phenomenal ecosystem,” said Jeani Park, director of cyber development at the maryland department of business and economic development (dbed). “with our unique cluster of cyber-related government, academic, and business entities, we have the building blocks to be a dominant player in the cybersecurity industry.” Park’s comments echo some of the key points laid out in a com-prehensive report that dbed released in 2010. that report, entitled, “cybermaryland: epicenter for information security & innovation,” outlined maryland governor martin o’malley’s blueprint for the state’s role as the national leader in cybersecurity and launched the cybermaryland initiative. “our state has tremendous assets to keep the country safe and advance innovations in cybersecurity,” o’malley wrote in an introduction.

According to market research cited in the report, the federal infor-mation technology market is estimated at $98 billion in 2013, and federal demand for information security products and services alone is projected to total almost $12 billion in 2014. the commercial market is expected to be even larger. lockheed martin, the aerospace and defense giant headquar-tered in bethesda, employs 9,200 in maryland and 140,000 worldwide. in 2009, the company opened its nexgen cyber innovation and technology center, a cyber research and develop-ment facility, in gaithersburg. cyberPoint international, a company that is developing innovative cybersecurity products for the consumer market, is an example of another company that is fueling commercial job growth. the baltimore-based firm opened just three years ago and now employs about 300, most highly trained engineers and it professionals. Karl gumtow, cyberPoint’s co-founder and ceo, is a member of umuc’s board of visitors. he located his company in baltimore as a way to give back to the city and to spotlight the increasingly important role that cybersecurity plays in our society and economy. rick geritz, the general manager of product services at cyberPoint, also serves as chair of the cyber Advisory board, an informal group that includes representatives from leading systems integrators, cyber firms, and federal institutions, along with academi-cians and investors. the group helped organize the highly successful cybermaryland 2012 conference last fall in baltimore. umuc was a major sponsor of the conference, which featured michael daniel, special Assistant to the President and cybersecurity coordinator, and other prominent speakers, spotlighting maryland’s position as the national epicenter of cybersecurity. A jobs report released in January identified 20,000 unfilled cybersecurity jobs in the state. contributing to that demand is growing commercial activity that is drawing attention from venture capitalists and wall street investors who are increasingly bullish about maryland. investmaryland, for example, has raised $84 million in venture capital to support commercial growth in key high-tech sectors, including cybersecurity. in an initiative to boost technology transfer, the nist is creating centers of excellence that will put $20 million up for grabs through a grant program aimed at research and development and the com-mercialization of cyber-related technologies.


At the same time, a multitude of business incubators in the state already exist, and many are heating up with cyber-related activity. university of maryland, baltimore county-based bwtech@umbc, for example, has about 25 startup companies in its cyber incubator and another 16 that are slightly further down the path. As technology advances and the federal government works to pass comprehensive legislation on cybersecurity, the maryland legislature has been proactive, doing what it can to prevent cyber attacks internally while also fostering the continued development of the cybersecurity industry in maryland. state delegate susan lee (district 16-montgomery county), whowas instrumental in creating and served as co-chair of the identity theft task force, spearheaded the creation of the maryland commission on cybersecurity innovation and excellence. the com-mission’s twofold mission is to review the state’s cyber laws and poli-cies and to develop strategies that protect against future cyber attacks, while also helping spur cybersecurity innovation and job creation. senator catherine f. Pugh (district 40, baltimore city) is the senate co-chair of the commission. the commission draws on the expertise of the cybersecurity indus-try, higher education institutions, consumer and victim protection groups, and other state and federal officials to accomplish its goals. umuc was chosen to staff the commission and support its work. “technology is advancing very quickly, but so are the people involved in cyber crimes and terrorism,” said lee. “we need to move just as fast, or faster, than they do. we will work with congress to fill in the gaps that exist in federal and state laws and to advance state and federal cyber protection issues.” the university system of maryland (usm) has also taken a lead-ership role in ensuring that higher education is adding to the state’s research and development environment, developing workforce- relevant cybersecurity programs, and producing the intellectual capital needed by industry. A cyber security task force convened by usm chancellor william e. “brit” Kirwan generated a report in 2011 that serves as a roadmap for the system’s institutions. As the industry evolves, the task force recommended that usm expand the number of cybersecurity and information assurance offerings and establish more government and private-sector partnerships, while continu-ing to strengthen research and support innovation and technology

transfer in cybersecurity. these goals have been incorporated into usm’s 2020 strategic plan, “Powering maryland forward.” Among usm institutions, umuc has been at the forefront of responding to urgent workforce needs in cybersecurity. umuc’s cyber think tank, which includes experts from the military, govern-ment, and industry, was created to guide the development of cyber programs that are now some of the most popular academic offerings at the university. most of these courses are taught online by adjunct faculty who are professionals in the field. not surprisingly, enrollments in cybersecurity studies at umuc have seen exponential growth in the past two years, and more than 5,200 students are currently enrolled. Quality and talent are out-standing, as evidenced by the team of umuc cybersecurity students who have won numerous competitions that demand skills in network defense, data forensics, and more [see story, p. 24]. “cyber is a ‘big tent’ term,” said greg von lehmen, senior vice president at umuc and staff director for the state commission on cybersecurity innovation and excellence. “it covers a range of prob-lems, from those involving individual security (i.e. protecting various types of personal information) to larger ones affecting our economic competitiveness and national security. when creating a workforce, we have to think about the variety of specializations that come together to do the work, from mathematics to any number of computer, net-work, and software-related disciplines.” umuc, which recently added a new program in digital forensics, is working with the defense cyber crimes center (dc3), the largest digital forensics laboratory in the united states, to develop a pipeline of trained investigators. “it’s an exciting time to be part of higher education in maryland,” said von lehmen of the developments at umuc and other usm institutions. while umbc houses the cybersecurity incubator, the university of maryland, college Park, is home to the intelligence Advanced research Projects Agency and in 2010 created the maryland cybersecurity center (mc2), which partners with gov-ernment and industry to provide educational programs and develop innovative cybersecurity technologies. “come! for thy shield is bright and strong,” exhorts one verse in “maryland, my maryland.” it may not have been written with the cybersecurity industry in mind, but it seems fitting as maryland establishes itself as the epicenter of the industry today. G

The Old Line State is the epicenter of a new industry.


UMUC students, alumni, andfaculty are making waves in the world of cybersecurity competitions.

Team PadawanBY KaTHY HaRVaTT

Although university of mArylAnd university college (umuc) doesn’t field a football or basketball team, one group on campus is nonetheless making a name for itself in national and international competition. meet the cyber Padawans, a team of competitive cybersecurity experts. their team name—a nod to the Jedi apprentices from the movie Star Wars—isn’t the only thing that has garnered attention. in fact, matt matchen and five of his fellow Padawans—students John Arneson and Armando Quintananieves, alum-nus chris Kuehl, and faculty members Jeff tjiputra and rob murphy—recently topped some 80 university and corporate teams to take first place in the north American cyberlympics finals. representing north America at the global cyberlympicsin miami, the team stepped up to the challenge, finishing second overall. soon after, the Padawans took first- and second-place honors inthe four-year college category at the maryland digital forensics investigation challenge. they went on to place third out of 18 u.s. undergraduate teams—and fourth out of 27 worldwide competitors—in the department of defense cyber crime center’s year-long digital forensics challenge (or dc3). these achievements are made more significant by the fact that umuc is still relatively new to the world of cybersecurity competition. itall began about two years agowhen tjiputra—academic director of cybersecurityand computer networks and security for umuc’s undergraduate school—began looking for ways to

help his students apply the theories and concepts they were learning in class. “having competed myself as an undergraduate, i know that these challenges are a great learning tool and an incentive to study even harder,” said tjiputra. “in my experience, those who get involved in competitions tend to go on to bigger and better things, because it makes the field all the more exciting.” to recruit players, tjiputra created a special online class and invit-ed all interested comers. At first, only 10 students signed up; just two years later, the class has grown to include 75 students who, tjiputra said, are quickly moving into the “best of the best” category. for Arneson, the opportunity to compete has given him a tre-mendous advantage in his cybersecurity bachelor’s degree program. “i chose this major because i’ve always wanted to work in intel-ligence,” he said. “but when i got to umuc after two years of com-munity college, i had never even taken a computer class. i caught up fast, though, when i joined the team, because you learn a lot just pre-

paring for competitions. i also love the major adrenaline rush you get when you’re powering through a challenge.” during some of the more gru-eling competitions, adrenalinewas all that kept the team going. “At the [global] cyber-lympics challenge, we were on our computers for six hours straight, working in tight quarters and taking restroom breaks one at a time,” said Quintananieves. “so once the rush of playing wore off, all that any of us wanted to do was eat and sleep.” like any good team, the Padawans have developed a strong rapport, along with a

PHotograPHS by MattHew

PaCeThe Cyber Padawans in action at the Global CyberLympics in Miami, Florida.


number of war stories. matchen laughed as he recalled the team’s rather unconventional practice routine for the cyberlympics final rounds in miami. “we decided to go down a week early to get in some much-needed practice time,” said matchen. “Problem was, the only wi-fi at our motel was in the lobby. luckily, there was a starbucks next door where we could set up, using my cell phone as a router for connecting into the practice program. looking back, i guess we owe the folks who worked there a pretty big thanks.” while the cyber competition field is still, for the most part, male-dominated, tjiputra is also happy to see a growing number of women

umuc extends special thanks to cyber Padawan matt matchen and his employer, braxton-grant technologies inc. (bgtech), for providing a unique practice opportunity. using his company’s it resources, matchen set up a private cloud with some 20 virtual machines, allowing the Padawans to log in remotely and practice together for competitions. bgtech is a small, woman-owned systems integration con-sulting firm that provides cybersecurity solutions to clients in government, healthcare, education, and finance.

signing on to the team, including Jean costello, one of four Padawans to take first place in the maryland dfi challenge. “i wanted to work with really bright people who have a passion for cybersecurity like me—and i wanted to have some fun while doing it,” said costello, who is pur-suing a bachelor’s degree in cybersecurity. “i decided [the cyber Padawans] are the best of the best—and i wanted to get to know those people.” meanwhile, tjiputra looks forward to creating a umuc-sponsored competi-tion in the future that will help to raise even greater awareness around the univer-sity’s cybersecurity programs. “we’ve come a long way in a fairly short time, competing against some of the bright-est minds in the world,” said tjiputra. “And the momen-tum just keeps building.” G

CLOCKWISE FROM TOP LEFT: John A. Arneson, Christopher Kuehl, Jeff Tjiputra, Matt Matchen, Robert Murphy, Armando Quintananieves. OPPOSITE PAGE, TOP: The team created avatars—through the South Park Web site—to represent their online personas.


AmericA hAs An urgent need for trained professionals in the field of cyber-security—and umuc has emerged as a pathfinder in meeting that critical need. neither fact is surprising. we live in a digital age; vast quantities of valuable intellectual property and sensitive data now reside on networks or in the cloud, and financial transactions are conducted over the internet. national communications networks, our electrical grid, and rail and pipeline infrastructure are all controlled online. while these developments have yielded great consumer and economic benefits, they have also created new kinds of vulner-abilities—and opportunities for those who seek to exploit them. the stakes have never been higher, with national security and the very competitiveness of the American economy at risk. compounding that risk is the fact that demand for trained cybersecurity professionals far outpaces supply. that reality served as impetus for umuc to launch some of the first online degree and certificate programs in cybersecurity in 2010. the role of pathfinder is not a new one for umuc. the uni-versity is well known for being the first to offer academic programs to active-duty military servicemembers on military installations around the world. it has also distinguished itself as a pioneer in online higher education and is the largest public provider of dis-tance education degrees in the united states. At the same time, umuc developed a deep portfolio of applied technology-related undergraduate and graduate degree programs. it has offered degrees in information systems and information assurance and is certified by the national security Agency and the department of homeland security as a center of Academic excellence for information Assurance education.

cybersecurity was a logical next step in umuc’s ongoing efforts to respond to the country’s most critical workforce needs. in the fall of 2010, the university launched master’s, bachelor’s, and certificate programs in cybersecurity and cybersecurity policy. the response was immediate and overwhelming. more than 5,200 students are currently study-ing cybersecurity, with another 3,300 enrolled in related programs like infor-mation assurance, computer science, and network security. to date, 232 stu-dents have graduated with degrees from the cybersecurity programs alone. And last fall, the univer-sity added another master’s program, this one emphasizing digital forensics. the program’s success is no acci-

Greg von Lehmen is senior vice president of external relations and initiatives at uMuC and previously served as the university’s provost and chief academic officer. as provost, he led the university’s effort to bring uMuC’s cybersecurity programs to fruition. among his current respon-sibilities, he staffs the legislative Maryland Commission on Cybersecurity innovation and excellence.

umuC AND CYBERSECuRITY BY gREg voN lEhmEN

UmUC CYBER SUPPORTERSCORPORATE AND INDIVIDUAL DONORS at&trichard F. blewittbooz allen HamiltonCiSCoCitiCoPt Creative information technologyCyberpointdelldeloitte gerencser FamilygoogleHylandl-3 StratiSlockheed Martin Mantech international McafeeMicrosoftnJvCnorthrop grummanopen System Sciencesdr. don orkandPearson

SaiCSaSSotera defense, inc.telecordiauMuC alumni associationurS apptisverizon

EDUCATIONAL PARTNERS aFCeaarinCboeingbooz allen HamiltonCaCiinfragard national Members alliancel-3 StratiSlockheed MartinlunarlineMantech internationalnorthrop grummanSaiCtaSC

illuStration by JoHn

ritterPH

otog

raPH

by

katH

erin

e la

Mbe

rt


dent. members of the university’s cybersecurity think tank—compris-ing distinguished leaders from busi-ness, government, and the military—have informed both the design and content of each program, helping to ensure that students graduate with job-ready skills. And umuc’s commit-ment to addressing the human capital crisis in cybersecurity goes beyond creating degree programs. for example, the university helps build the pipeline of skilled pro-fessionals by forming educational partnerships with business and gov-ernment agencies, allowing those organizations to develop their own cyber talent. more than 80 com-munity college alliances in maryland and nationwide allow students who graduate with a two-year degree in a computer-related field to transition smoothly into a umuc bachelor’s degree program in cybersecurity or a related field. And the university con-stantly seeks scholarship support for cybersecurity students—often from the very firms poised to hire them when they graduate. today, umuc’s cybersecurity students perform impressively in cyber competitions [see the story on p. 24]. its faculty regularly pres-ent at major conferences of the national institute of standards and technology (nist) and the Armed forces communications and electronics Association (AfceA), among others. And umuc was asked to staff and now actively supports the maryland legislative com-mission on cybersecurity. in short, cybersecurity has become an integral part of umuc—even as umuc has become integral to the field of cybersecurity. G

the academic leadership of umuc’s cyber-security programs reflects a rich background of experience and scholarly achievement.

Dr. Alan Carswell, chair of cybersecurity and information assurance in the graduate school, began teaching for umuc in 1989, having served most recently as direc-tor of advancement operations for howard university in washington, d.c. he holds an mbA from harvard business school and a Phd in infor-mation systems and strategy from the robert h. smith school of business at the university of maryland, college Park. he currently serves as a member of the advisory boards of the national university technology network and of the cyberwAtch consortium.

Dr. Amjad Ali is director of the center for security studies and associate chair of the department of cybersecurity and informa-tion assurance in the graduate school. he served previously as dean of the Keller graduate school of management–new york region. he received an ms and Phd from the george washington university in washington, d.c., and is a member of the advisory board of the center for strategic cyberspace and security science. Previously, he served on the cybersecurity

LEaRNING FROm THE BEST

Advisory council at the maryland higher education commission.

Dr. S. K. Bhaskar is assistant dean, computer information systems and technology department, in the under-graduate school. he joined umuc in 1998 after serving as senior programmer and analyst at srA technologies, inc., in falls church, virginia. he holds an ms from the school of Automation, indian institute of science, in bangalore, india, and earned his Phd in computer science from the university of maryland, college Park. he has published articles in a variety of scholarly journals, including Pattern Recognition and Com-puter Vision, Graphics, and Image Processing.

Dr. Jeff Tjiputra, who joined umuc in 2010, is academic director of computer networks and security and of cybersecurity in the undergraduate school. Previously, he chaired the business and technology division at the college of southern maryland. he earned his master of liberal studies in internetworking management from fort hays state university in Kansas, and his dsc in systems engineering from the george washington university. he currently serves on the advisory board for the upcoming govsec conference in washington, d.c. G

LEFT TO RIGHT: Drs. Alan Carswell, S. K. Bhaskar, Amjad Ali, and Jeff Tjiputra


mystery solvedwho was the airman-scholar on the cover of the fall 2012 issue of Achiever? for 15 yeArs it hAs been A mystery. the photograph of the Air force staff sergeant studying while propped against a nose wheel first appeared in print in the history book that commemorated umuc’s 50th anniver-sary. despite repeated inquiries, the book’s editors could not identify the sergeant and settled for a generic caption: “military students had to do their homework wherever and whenever they could find a place to study.” flash forward 15 years. Achiever’s editor decided the photo best illustrated the cover story on umuc’s long history of service to the military. Again, the young man was unidentified. then, shortly after the magazine reached subscribers, the editor received an e-mail—and the mystery was solved. “i received my issue of Achiever yesterday,” wrote April gower-getz, a 1998 graduate of umuc who lives near the university’s Adelphi, maryland, headquarters. “what a wonderful surprise to see my uncle fred r. thomas on the cover.” April said that her uncle had passed away in 2010, and the cover photo was one of her favorites of him. unfortu-nately, the original was lost in a fire in 1973. And although she knew that her uncle attended school while in the

military, she hadn’t known until she saw the Achiever that he, too, attended umuc. umuc President Javier miyares was honored to share with April a copy of the photo, a copy of the history book, and three framed copies of the Achiever cover—one for her, and one each for fred’s sister (April’s mother) and his widow (April’s aunt). G

looking back 15 years to er97, how-ever, it seems clear to me that defense is by far the most important of the cyber disciplines, because the consequences of mission failure are so enormous. despite the stuxnet example, computer network attack is mostly a supporting capability, and if we don’t do it well—or at all—our military and national objectives are unlikely to be compromised. on the other hand, if we don’t do passably well at defense, we are at risk in many ways. on the battlefield, almost everything we do to plan, execute, and

CYBERdEFENSE: a RETROSPECTIVE continued from page 21

support military operations depends on networks of networks. At home, much of our critical infrastructure is vulner-able in varying degrees to cyber attack. And in the private sector, industrial cyber-espionage siphons off much of the investment in research and devel-opment. while it is hard to place a precise dollar value on these sorts of thefts, the similarities between the lockheed f-22 and f-35 jet fighters and the chinese J-31 and J-20 offer one example, suggesting that years of work and billions of dollars of intellec-tual property have gone east. harnessing the power of computer networks helps create social, economic,

and military advantage, but it also makes us the world’s most attractive cyber tar-get. secretary of defense leon Panetta recently warned of the possibility of a “cyber Pearl harbor.” interestingly, deputy secretary of defense John hamre used almost the same words in testimony to congress in 1998, and it’s instructive that the assessment of our senior leaders hasn’t changed all that much in almost 15 years. if we want to avoid being the world’s most vulnerable cyber target, we need to incentivize world-leading technology, develop and empower a responsive public/private cyberdefense organizational structure, and invest in a skilled cyber workforce. G


C L A S S N O T E S

same industry category increases value at only a slight increase in operating cost. this makes a community or shared services approach practical, affordable, and effective. in short, big data presents corporate leadership with new business opportu-nities—and new responsibilities. the opportunities vary greatly by industry, but the responsibilities are fundamentally the same: the protection of personal, cor-porate, and sensitive data. data security strategies must shift from the expensive static approaches of the past to the more cost effective, dynamic, and collaborative approaches of the future. the market will ultimately reward those companies that capitalize on opportunities and take the necessary steps to ensure data security. G

BIG daTa: dREam OR POTENTIaL NIGHTmaRE?continued from page 19

Anthony “Tony” Tomasello ’85ijamsville, maryland, was sworn in as gaithersburg city manager on december 4, 2012, following a competi-tive search. he has worked for the city since 1996, first as

economic development director and later as deputy city manager. he had served as acting city manager since his predecessor resigned in June 2012. before joining the city of gaithersburg, he served as program manager for the maryland department of business and economic development from 1988 to 1996 and worked for the wells fargo credit corporation from 1985 to 1987.

Jack Kushner ’90Annapolis, maryland, a neurosurgeon and consultant, has been appointed hon-orary director general of the international biographical centre of cambridge, england.

Juan Carlos Gachet ’02fort campbell, Kentucky, is a u.s. Army staff sergeant with headquarters and headquarters company, 2nd battalion, 502nd infantry regiment, 2nd brigade combat team, 101st Airborne division. After earning his undergraduate degree from umuc and an mbA from hawaii Pacific university, he went on to gradu-ate with honors in october 2012 from california intercontinental university with a doctorate of business Administration in global business and leadership. he intends to retire from the military in may 2013 and return to the fort lee, virginia, area, where he plans to serve either as a logistics instructor or a contractor.

Thomas Hyde ’06olney, maryland, vice president of miller & smith—an award-winning homebuilder

and real estate development company— has been installed as president of the frederick county building industry Association. he also served on the board of directors of both the maryland national capital building industry Association and the maryland state builders Association.

Sara Hopkins ’07norco, california, who has worked at the norco library for eight years, recently earned her master’s degree in library and information science from san Jose state university. she began taking courses online in 1999 at ivy tech university in indiana, and went on to earn her bachelor’s and master’s degrees online, as well.

David W. Carter ’09wichita, Kansas, is a military historian, author, and educator. his recent book—Mayday Over Wichita: The Worst Military Aviation Disaster in Kansas History—will be released for publication in fall 2013. it tells of the day in 1965 when an Air force Kc-135 tanker carrying 31,000 gallons of jet fuel crashed into a congested African American neighborhood in wichita, killing 30 civilians—many of them chil-dren—and injuring dozens more. the disaster has been largely forgotten, and the book explores the causes of the crash and examines the community’s response in the context of Kansas’s role in the civil rights movement. carter was interviewed by cindy Klose from Kwch 12 for Klose Up and by Kansas Public radio’s J. schafer. for more about carter and the forthcom-ing book, visit dwcarter.wix.com/dwcarter.

Danielle Ahmad Hayes ’12reno, nevada, completed her studies at umuc and has been accepted to medical school at the university of nevada, reno.

Steve Klitsch ’12germantown, maryland, has more than 30 years of experience as a remodeler and owns creative concepts remodeling. he

enrolled in umuc’s master of distance education program with the express purpose of learning how to develop and disseminate college-level coursework in an asynchronous environment to peers in the remodeling industry, and soon purchased the domain name, www.remodelersinstitute.com. one of his instructors was also involved in work-force development for Anne Arundel community college (AAcc), in maryland, and she suggested that he con-sider offering the four-course curriculum he developed through AAcc’s estab-lished learning management system. the school began offering the first business course developed by Klitsch’s remodelers institute for lifelong learning in the fall of 2012. in a profile published in Remodeling magazine, the author dubbed Klitsch the “Professor of remodeling.” G


F A C U L T Y K U D O S

THOMAS C. BAILEY, program director for psychology in the undergraduate school, presented (with JENNIFER L. W. THOMPSON) “designing an e-online course, with options” at the eastern Psychological Association Annual meeting, in new york city.

LISA BERNSTEIN, who teaches women’s studies in the undergraduate school, presented two papers—“creating class, race and gender conscious futures in the feminist classroom,” and “feminist

transformations of online discourse: decolonizing 21st-century Pedagogy and Practice”—at the national women’s studies Association annual conference in oakland, california, november 8–11, 2012.

CHERIE BUTTS, who teaches natural sci-ences in the undergraduate school, recently accepted a new, full-time post as associate director of immunology research at biogen idec, a leading biotechnology company, in cambridge, massachusetts. she also coauthored a chapter in the sev-

enth edition of dubois’ systemic lupus erythematosus textbook.

CYNTHIA DAVIS, acting provost and dean of the undergraduate school, presented a speech on outcomes-based curriculum design at the international summit on education, catholic university of chile, in santiago, chile, January 9, 2013.

ELENA GORTCHEVA, program director for database systems in the graduate school, coauthored a chapter, entitled “Artificial

copyright © 2013 university of maryland university college

attend an Nli "lunch and learn" program at umuc at dorsey station or umuc at Quantico.

learn more about Nli at umuc.edu/nli

National Leadership Institute (NLI) programs and one-day workshops can help your organization’s most promising employees develop new skills and leadership competencies through assessments, experiential exercises, and one-on-one executive coaching. NLI is a network associate of the Center for Creative Leadership (CCL) and a GSA/MOBIS contractor (GS#10F-0357N).

NatioNal leadershipiNstitute

turN your risiNg stars iNto leaders.

Choose from these programs:

• Maximizing Your Leadership Potential• Leadership Development Program (LDP)®

• Executive Coaching• One-Day Workshops• Customized Leadership Programs


intelligence: methodology, systems, and Applications,” in Lecture Notes in Computer Science, vol. 7557 (2012).

MELISSA HYATT, who teaches criminal justice courses in the undergraduate school and holds the rank of major in the baltimore Police department, recently graduated from the fbi national Academy and was promoted to central district commander.

RUTH KASTNER, who teaches philosophy in the undergraduate school, published The New Transactional Interpretation of Quantum Mechanics: The Reality of Possibility (cambridge university Press, 2012).

KELLY KNIGHT, who teaches natural sciences in the undergraduate school, was elected biology section chair of the mid-Atlantic Association of forensic scientists in 2012. she was also awarded the American Academy of forensics sciences regional Award for contributions by a young forensic scientist.

LINDA LAMACCHIA, who teaches anthropology and humanities in the undergraduate school, presented “basic buddhism in songs: contemporary nuns’ oral traditions in himalayan Kinnaur district (h.P.), india” at sakyadhita international Association of buddhist women 2013 conference in vaishali, bihar, india, January 5–12, 2013.

BRUCE LUBICH, program director of accounting in the graduate school, was appointed in december 2012 by the gov-ernor to a two-year term on the financial education and capability commission.

KATHY MARCONI, program director forhealth care administration and health administration informatics in the graduate school, in december 2012 was appointed chair of the distance education committee of the healthcare information management society.

RUTH MARKULIS, a project coordinator in instructional services and support, present-ed “effective course design,” november 2, 2012, at the western interstate commission for higher education (wiche) cooper-ative for educational technologies in san Antonio, texas.

DEBRA McLAUGHLIN, academic director of natural sciences in the undergraduate school, presented “staging Project-based Assignments to support Academic integrity and student retention” to the international forum for women in e-learning as part of the u.s. distance learning Association. she was invited by the American council on education (Ace) to serve as a reviewer for various emerging science and allied health programs around the united states.

IRMAK RENDA-TANALI, program direc-tor for homeland security management and emergency management in the graduate school, wrote a chapter for david Kamien’s Homeland Security Handbook (mcmcgraw hill, 2012), entitled “higher education in homeland security: current state and future trends.”

RICHARD SCHUMAKER, assistant director of faculty development, workshops, and training in umuc’s center for teaching and learning (ctl), co-presented (with AMITY HALL, ctl faculty training specialist, and RICH POWERS, ctl senior trainer) “teaching military learners Around the world: A holistic Approach,” october 9–12, 2012, at the sloan-c international conference on elearning in orlando, florida.

BARBARA SCHWARTZ-BECHET, program director for the master of Arts in teaching in the graduate school, published “can course design in an online mAt Program Promote Personalized learning through e-teaching and e-learning Practices?” in the International Journal of Advanced Corporate Learning, vol. 5, no. 4 (2012).

BARRY SPONDER, who teaches in the master of education in instructional technology program in the graduate school, gave a keynote address at the 18th

ciAed-Abed international congress on distance education in são luis–maranhão, brazil.

MERRILY STOVER, collegiate professor of anthropology in the undergraduate school, presented (with DARLENE SMUCNY, collegiate professor and academic director for social sciences) two papers—“serving those who serve: Anthropology and the military learner,” and “Anthropology and the online Adult learner: building bridges for successful teaching and learning for nontraditional students”—at the 111th

Annual meeting of the American Anthro-pological Association in san francisco, california, november 14–18, 2012.

JENNIFER L. W. THOMPSON, who teaches psychology in the undergraduate school, presented “crossing the divide: bridging the distance between online faculty and students” at the conference on higher education Pedagogy, in blacksburg, virginia; and “using multimedia strategies to enhance student engagement in an online classroom,” at the mid-Atlantic teaching of Psychology Annual meeting, in largo, maryland.

PING WANG, program director for cyber-security in the graduate school, pub-lished a chapter entitled, “decision under uncertainties of online Phishing,” in Electrical Engineering and Intelligent Systems (springer science, 2012).

DENNY WHITFORD, who teaches natural sciences in the undergraduate school, served as guest speaker on cunard’s Queen Mary 2 for its inaugural circumnavigation of Australia. whitford presented an eight-part series of science lectures on topics such as tsunamis, coral reefs, ocean ownership, whales, tropical cyclones, and more. G

Achiever | 32 | university of mArylAnd university collegeCONNECTING ALUMNI | BUILDING OUR NETWORKS | STRENGTHENING UMUC

Meet tHe aluMni aSSoCiation’S 2012–2013 board oF direCtorS

Standing, leFt to rigHt:

vice President, Student relations and external affairs Joan W. Lee ’97 & ’06advisory Project ManageribM Corporation

Secretary/treasurerFran Volel-Stech ’89Manager, Service delivery operationsPresidio

Member-at-large Kemisola Lofinmakin ’05Managing ConsultantibM Corporation

immediate Past PresidentNathaniel “Nat” Alston Jr. ’77President/Ceothe Horizons group, llC

Member-at-large Sheryl E. Banks ’00 & ’11account Manager/billing SpecialistHarte-Hanks, inc.

Senior vice PresidentCheryl Adams ’90 & ’91Course Chair, edCP 100, and Collegiate associate ProfessoruMuC

Seated, leFt to rigHt:

vice President, Membership LaTonya (L.T.) Holland ’03office ManagerCatholic university of america

vice President, Programming Yolanda E. Dowe ’03 & ’11Chief of Physical Securityu.S. department of Health and Human Services

PresidentCleveland “Joe” Broussard ’05executive directorMantech Systems engineering Corp.

vice President, Foreign relations Melissa M. Penn ’04Management and Program analystu.S. Citizenship and immigration Services

Member-at-large M. June Taylor ’03 & ’10office Manager Prince george’s County Hospital Center

the board of directors is the 11-member leadership body of the uMuC alumni association. the board is made up of alumni volunteers who are exceptional examples of uMuC excellence, successfully representing the vast array of academic programs

available. all board members are elected for two-year terms and serve on a number of committees and task forces.


www.umucalumni .orgSTAY CONNECTED! JOIN TODAY!

above: nat alston, Javier Miyares, nancySlomowitz, Joe broussard. rigHt: theresa Poussaint

UMUC Library Research Databases: Alumni Edition

now the uMuC alumni association can connect you to the uMuC library research databases: alumni edition. this exclusive alumni benefit puts relevant content from top academic and business databases at your fingertips. you’ll have access to current news, market research,

company profiles, the latest information on scholarship availability, and more from

• ABI/Inform:AlumniEdition

• AcademicSearch:AlumniEdition

• BusinessSource:AlumniEdition

• Emerald

• JSTOR

• ProjectMuse

• RefWorks

all these resources can be accessed from the convenience of your own computer—for just $75 a year with your Free membership to the uMuC alumni association.

Alumni Travel Program

want the fun and enrichment of world travel—without the worries? the uMuC alumni association now makes it easy for you to experience new cultures, see the scenic wonders you’ve always dreamed about, and share the camaraderie of your fellow alumni and peers.

the unique itineraries of goHagan, our approved travel vendor, offer the advantages and discounts of group travel with the comforts of first-class accommodations and stimulating educational components.

Two itineraries are already scheduled for 2013, cruising aboard the deluxe M.S. LeBoreal:

• CelticLands(May)

• BalticSea—TheChangingTidesofHistory(June)

Stay Connected—Online

the uMuC alumni association has a variety of ways to keep you virtually connected to the association, the university, and your fellow alumni.

• Register as an Alumni Association member at www.umuconnect.org and become part of our fast growing, secure alumni online Community

• JointheAlumniAssociation’sofficialLinkedIngroupandnetwork with fellow professionals

• FollowtheUMUCAlumniAssociationinrealtimeonTwitter

• JoinourconversationonFacebook

• ShareyouruniqueUMUCstory

taP into tHe Power oF uMuC aluMni networkSNetwork at Alumni Events

expand your personal and professional horizons by tapping into our growing global alumni network. attend one of our events or activities in your region, such as

• AlumniAssociationAnnualMeetingandAwardReception

• AlumniAssociationregionalevents

• Field-specificnetworkingevents

• Socialmeet-upsinyourcity

• Regionalalumninetworkactivities

www.umucalumni.org

AND FOLLOW US ONLINE

leFt: elethress wilson-knights, Shannon o'brien. below: kirk Clear, Patricia toregas.

new aluMni aSSoCiation beneFitS

NONPROFIT ORG.

U.S. POSTAGE

PAID

UMUC3501 University Boulevard EastAdelphi, MD 20783-8003 USA800-888-UMUC (8682) ■ www.umuc.edu

Visit the new UMUC Global Media Center for the latest news about students, faculty, and alumni, along with profiles, features, and links to resources: www.umuc.edu/globalmedia

To learn more about UMUC’s cybersecurity programs, the achievements

of our students, industry news, and much more, visit www.umuc.edu/cybersecurity. this new site provides informa-tion for prospective and current students, faculty, partners, and potential employers.

UMUC Achiever Magazine, Spring 2013

Documents

umuc cybersecurity students

umuc staff

maryland proud

cybersecurity innovation

maryland commission

kathy harvatt umuc students

cybermaryland report

lehmen features22 maryland