Cyber
The Next Frontier

Become part of a critical layer of cyber defense. Cybersecurity positions will make up 45% of all US tech job openings.

View Full Curriculum

The National Security Agency designated the University of Arizona's Cyber Operations program as a Center of Academic Excellence in Cyber Operations (CAE-CO). With this designation, UA joins an extremely exclusive group of only 24 cyber programs in the nation. The NSA's CAE-CO designation demonstrates that UA's Cyber Operations program meets the most demanding academic and technical requirements.

Learn More

 

The Bachelor of Applied Science in Cyber Operations prepares graduates for cyber-related occupations in defense, law enforcement, and private industry.

Our curriculum includes both offensive and defensive cyber security content delivered within our state-of-the-art Virtual Learning Environment to ensure our students have extensive hands-on experiences to develop the knowledge, skills, and abilities necessary to succeed after they graduate.

 

Program News

DoD Cyber Scholarship Program (CySP)

The DoD CySP is a yearly scholarship program aimed at Juniors and Seniors pursuing a bachelor’s degree in cyber-related academic disciplines. The CySP is a 1-year scholarship, which grants selected Cyber Scholars tuition and mandatory fees (including health care), funding for books, a $25K annual stipend, and guaranteed employment with a DoD agency upon graduation.

Cyber News

Wednesday, June 7, 2023 - 02:00
White House needs to urgently fix nation’s approach to protecting critical...

U.S. government policies designed to protect critical infrastructure against hackers are woefully outdated and inadequate to safeguard sectors such as water and transportation against cyberthreats, according an influential congressionally mandated group of experts.

Furthermore, the Cybersecurity and Infrastructure Security Agency — the key agency inside the Department of Homeland Security responsible for helping defend critical infrastructure — is not set up to quickly and effectively facilitate rapid response to cyberattacks on the most sensitive systems, according to CSC 2.0, which is a continuation of the Cyberspace Solarium Commission that Congress established in 2019.

In a lengthy and detailed report released Wednesday, the commission pointed to the 2021 Colonial Pipeline ransomware attack, which crippled gas deliveries across the country, as a key example of how current policies and government agencies aren’t optimized for the nature of today’s threats.

“This incident illustrates the challenges faced by the national critical infrastructure system in a moment of crisis and the limits of the public-private partnership model that the government has tried to cultivate,” the group said.

The White House and many government officials have acknowledged there needs to be a different approach to protecting U.S. critical infrastructure. In November, the Biden administration announced it is in the process of rewriting presidential policy directive 21, which established in 2013 for how federal agencies engage with private critical infrastructure owners and operators.

The threat landscape has drastically changed over the past decade. Ransomware attacks have become a scourge for both the federal and private sector with criminals holding critical infrastructure in the U.S. hostage and Russian and Chinese hackers increasingly targeting sensitive U.S. networks.

Meanwhile, the full scope of cyberattacks in the U.S. remains a large question mark as most organizations do not have to notify anyone that they were the victim of a cyberattack. Recently passed legislation would require certain critical infrastructure owners and operators to report cyberattacks to CISA, but the agency is still in the rule-making process.

PPD-21 outlines the 16 critical infrastructure sectors — such as dams, chemicals hospitals and emergency services — as well as the agencies that are the federal go-to for support of incident management and mitigating vulnerabilities. But while the document outlines the overall responsibilities for federal departments such as DHS, it lacks guidance on how to carry out key cybersecurity responsibilities.

“Why is it so important to update this? It’s a 2013 era policy. It’s outdated. The security environment has shifted substantially over the past decade. Technologies have evolved, the risk environment has evolved. And as policies and regulations have evolved with those risks, it’s been done very frequently in an ad hoc way and not really in a systemic or holistic manner,” Mary Brooks, a public policy fellow at the Wilson Center and co-author of the report, said during a briefing on the report earlier this week.

The report comes amid major policy updates on federal cybersecurity such as the release of the Biden administration’s National Cybersecurity Strategy, a forthcoming strategy implementation plan and other documents such as a cybersecurity workforce strategy.

A strategy intended for a different time

The inadequacies in the current framework for critical infrastructure date back years and are “not the fault of this administration,” said report co-author Mark Montgomery, senior director of the Foundation for Defense of Democracy’s Center on Cyber and Technology Innovation and former executive director of the Cyberspace Solarium Commission.

“This stretches back to the original setting up of all this in 2000 during the end of the twilight of the Clinton administration, but we are massively inconsistent across federal agencies in our performance as SRMA’s and across the sectors in their willingness to cooperate and participate,” he said.

PPD-21 has only been updated once since 2013 when officials added responsibilities to the sector-specific agencies in charge of those 16 critical infrastructure sectors. The Cyberspace Solarium Commission issued a recommendation that ultimately was signed into law in the 2021 defense bill that elevated those agencies to Sector Risk Management Agencies.

But while agencies were given new responsibilities, not all SRMA’s are up to the task, the CSC 2.0 report notes. Some agencies such as the Energy Department are largely known as among the most well-resourced and mature when it comes to collaboration with the private sector. Others, however, such as the Transportation Security Administration or the Environmental Protection Agency have either historically struggled or face many of the same issues as the private companies they are supposed to help protect: a lack of resources from funds to employees.

“While owners and operators bear some responsibility for the sector’s poor cybersecurity, an underlying cause is weak leadership and poor resourcing of the SRMA, for which both the EPA and Congress are to blame. Over the past 20 years, the EPA has not been organized or resourced to identify and support the sector’s cybersecurity needs,” the report reads.

The EPA’s efforts to issue cybersecurity standards using existing authorities has long been a point of contention with the private sector. Three states are suing EPA for the rule that they claim exceeded the agency’s authorities and two water trade associations have joined in as intervenor status. Furthermore, the EPA’s congressional request for a $25 million cybersecurity grant program for fiscal year 2023 was rejected by lawmakers, the report notes.

The gaps in the existing federal framework to protect critical infrastructure cybersecurity perhaps best exemplified in the Colonial Pipeline ransomware attack. While the incident was the largest to hit the energy sector, the federal government also had its own crisis of communication during the incident, the report notes.

Once Colonial Pipeline alerted the FBI about the attack, CISA should be informed since it’s the agency responsible for responding to these kinds of incidents and offering technical assistance and mitigation. But that didn’t happen, according to CSC 2.0. Neither Colonial Pipeline nor the FBI notified CISA, the Transportation Security Administration or the Transportation Department for hours.

“The whole process, the whole episode, really showed how the seams and the overlaps within the current framework means just the whole thing is poorly suited to speed and crisis response,” said Annie Fixler, director of the Center on Cyber and Technology Innovation at the Foundation for Defense of Democracies, one of the co-authors of the CSC 2.0 report.

But while Colonial highlighted the gaps in one area, the report notes that this isn’t an isolated incident. Federal agencies’ guidance for their sectors is not always easily available and it’s not clear how responsibilities are divided among the SRMA’s, the co-SRMA’s where multiple agencies are in charge of different portions of a sector, and CISA. The end result is a “complex and inconsistent web of responsibilities” the report notes.

Other strategy documents like the National Infrastructure Protection Plan, which outlines how government and critical infrastructure collaborate, hasn’t been updated since 2013, either. Sector specific plans that are statements of purpose identifying key assets, risks, and threats have similarly not been updated since 2015 even though the initial releases were little more than “cut and paste” versions of a template with little highlighting key differences.

CISA’s priorities and effectiveness

CISA, meanwhile, has its own share of issues as the national risk management agency, according to the CSC 2.0 report. “CISA is not, in many cases, serving as the leader that most interviewees said was needed to realize the full potential of the SRMA framework,” the authors note, going on to say that the agency has seemingly prioritized cybersecurity at the expense of physical security. DHS has warned that violent domestic extremist pose among the largest threats inside the U.S. and there has been a marked rise of physical attacks against substations and critical infrastructure in recent years.

Additionally, the report notes, CISA is not able to fulfill it’s responsibilities as “it does not receive the inter-agency support necessary to act effectively as the national risk manager.”

The report does offer a dozen recommendations for the administration to consider as they’re revamping PPD-21. For instance, it recommends that a new version of the policy identifies strategic changes such as improving the focus on resilience — keeping systems running when a breach happens — instead of just cyber defense.

The report also recommends that the government update responsibilities for key strategy documents and ensure accountability through clearly defined roles and expectations. Additionally, clarify CISA’s roles as the national risk management agency as well as the agency’s “ability to compel minimum security standards and to convene or require collaboration or engagement” such as information sharing.

The authors recommend that the updated PPD-21 document identify critical infrastructure sub-sectors and detail how additional sectors will be added or removed from the list of 16. Additional resources for agencies responsible for the sectors will likely be needed to properly serve various industries, the report notes. “Not all sectors need the same amount of support. Not all SRMAs need the same budgets. But all SRMAs should have sufficient resources to meet the needs of their sector,” it says.

CISA should have more “consistent organization roles and responsibilities, as well as clear operational doctrine, for its [national risk management agency] role,” which may include reviewing responsibilities so that the agency doesn’t have too wide of a remit. “CISA also must have the appropriate taskings to implement its authorities to update all policy documents and instruct SRMAs to update their SSPs,” the report notes.

Critical infrastructure is undergoing rapid transformation with the increase in digitization and interconnectivity, creating a complex web of risks that are not fully understood. As such, the White House should organize more collaboration to understand systemic and cross-sector threats, the report notes. And, among the many other recommendations from the CSC 2.0, industries need a single point of contact in the government when the next Colonial Pipeline attack happens.

The post White House needs to urgently fix nation’s approach to protecting critical infrastructure, group says appeared first on CyberScoop.

Monday, June 5, 2023 - 10:44
First in space: SpaceX and NASA launch satellite that hackers will attempt to...

On Monday at 11:47 a.m. at the Kennedy Space Center in Florida, for the first time ever, SpaceX and NASA sent a satellite into low-earth orbit hoping that it’ll get hacked.

Several small square-shaped satellites called cubesats were strapped to the SpaceX rocket launched for a resupply mission to the International Space Station. One of those cubesats — called Moonlighter — will be used as an experimental “hacking sandbox.” Security researchers will use that sandbox as part of a competition taking place at the annual DEF CON hacking conference in Las Vegas later this year. Teams will attempt to infiltrate it all in the service of identifying vulnerabilities in satellites to improve cybersecurity in space.

A collaboration between The Aerospace Corporation, the Air Force Research Laboratory and U.S. Space Systems Command, Moonlighter represents the latest iteration of the Hack-A-Sat competition. The Air Force has hosted Hack-A-Sat since 2020 as a multi-year effort to increase collaboration with cybersecurity researchers, but the past three capture-the-flag contests have all been simulations.

This year they wanted to take the competition to a whole new level. “We wanted a vehicle where the sole purpose was to understand how to do cyber operations in space,” said Aaron Myrick, senior project engineer at The Aerospace Corporation.

Securing space systems has become more of a focus for the space industry and the Biden administration as experts are growing increasingly alarmed about new commercial off-the-shelf products with potential vulnerabilities. Just last week, experts in the field launched a worldwide effort to create voluntary technical standards through the Institute of Electrical and Electronics Engineers to better secure commercial products by design.

“We’re really trying to wrap our heads around cybersecurity operations and how do we do cyber operations on a system that is starting to have a lot more commoditized hardware and software, but it’s also extremely remote,” said Myrick. “We can’t just go up there and flip the power switch or change a hard drive … it’s quite a challenging problem.”

The Moonlighter to be featured at Hack-A-Sat. Image courtesy of Aerospace Corporation.

Earlier this year, the White House held a space cybersecurity summit with some of the biggest players. Additionally, CSC 2.0 —a continuation of the congressional Cyberspace Solarium Commission — called for space systems to be designated as critical infrastructure.

While cyberattacks against space systems may not be common, the potential consequences for an attack was most recently seen during the start of the Russian invasion after state-backed hackers targeted U.S.-based Viasat’s satellite modems. The attack was aimed at impacting Ukrainian command and control during the start of the invasion, but also included cascading impacts that spread to thousands of German wind farms and satellite internet connections across Europe.

Myrick said the space industry understands many of the physical risks associated with space such as harsh radiation levels, but cybersecurity still presents many challenges that experts are just beginning to resolve. While simulating cyberattacks in a real-world environment will be helpful, Myrick explained, it won’t answer every question about how satellites could be affected in an attack outside the test environment.

“Moving to on-orbit actually introduces a lot of challenges, but it removes a lot of the sims you build into it,” Myrick said. For example, satellites actually spend much of their time disconnected from an operation center and are fairly automated, adding additional layers of complexity, Myrick said. Operators may simply not have full knowledge of what is impacting those space systems at particular periods of time.

Test-beds such as Hack-A-Sat allow for researchers to discover how hackers target networks in space systems they may not be familiar with, which will be mapped to a space-centric attack framework called SPARTA.

There will be limits to just how far Hack-a-Sat contestants can go. They will be able to hack at the Moonlighter’s cyber payload while in-orbit, but won’t be able to change the orbit.

“We are designing the flight software for the cyber payload to basically be able to operate the vehicle fully. So it will be able to change how the vehicle is pointed,” Myrick said. “There’s no orbit changes. That’s all pretty fixed, but where that vehicle was pointed that ability will be there.”

Myrick said that the Moonlighter has a supervisory layer that can shut off the cyber payload so if something “inevitably” goes wrong, they can “figure out what went wrong and how we can be better.”

Five teams have made to the finals at DEF CON this August to compete for the $50,000 grand prize.

The post First in space: SpaceX and NASA launch satellite that hackers will attempt to infiltrate during DEF CON appeared first on CyberScoop.

Friday, June 2, 2023 - 12:14
The White House says Section 702 is critical for cybersecurity, yet public...

Since the Biden administration came out in favor of reauthorizing Section 702 of the Foreign Intelligence Surveillance Act in February, the intelligence community has pointed to the growing threat of foreign cyberattacks on the U.S. as a key argument in favor of the controversial surveillance tool.

Officials have made broad and general declarations, pointing to wide-ranging applications that include thwarting multiple ransomware attacks against U.S. critical infrastructure, finding out a foreign adversary had hacked sensitive information related to the American military and uncovering a cyberattack against critical federal systems.

Yet, 15 years into Section 702’s history, declassified examples of thwarting cyberattacks are sparse. In the little over three months that the Biden administration has been publicly advocating for the renewal of Section 702, it hasn’t mentioned a single specific public incident where Section 702 was used, despite a term marked by both ample cyber attacks and well-publicized takedowns of foreign hackers.

That lack of transparency and specificity doesn’t appear to be helping the Biden administration in what will likely be an uphill battle for Congress to reauthorize the authority before it sunsets in December. Even some of the authority’s greatest supporters have expressed frustration.

“Whether it’s helping to identify victims so they can be notified of the attack or helping to identify ransomware actors, 702 has been invaluable over the past several years,” Sen. Mark Warner, D-Va., told CyberScoop in an email. “However, I am frustrated that more of these compelling examples have not yet been made public.”

Warner’s office confirmed that the intelligence community has shared examples of the tool’s cyber significance in classified settings but declined to elaborate.

“While it’s important that we do not risk sources and methods, it is also critical that we explain to the American people what will be lost and how they would be increasingly vulnerable to cybercriminals and foreign governments if this authority were allowed to expire,” the Senate Intelligence chairman wrote.

Adam Hickey, former assistant attorney general of the Justice Department’s national security division, echoed Warner’s concerns. “I think they’re fighting with one hand behind their back,” said Hickey, now a partner at the law firm Mayer Brown. “On the one hand, you don’t want the very people who pose a threat to understand your capabilities, because they will work around them … On the other hand, you don’t want to be so careful to avoid that risk that you lose the very authority itself.”

The reticence also isn’t helping the civil liberties community, either, who have challenged the intelligence community’s persistent claims that any reforms to Section 702 that slow down investigators would imperil America’s national security.

“If that’s what the FBI is going to say — not only is it useful for cyber, but it’s useful in this preventive way, this very rapid way — I think this claim needs to be able to be backed up with some examples,” said Jake Laperruque, deputy director at the Security and Surveillance Project for the Center For Democracy & Technology.

Section 702 was first passed in 2008 as an amendment to FISA, pitched initially as a key tool in America’s fight against terrorism. The authority allows the U.S. government to collect the U.S.-based communications of non-Americans outside the country. The collection of the data of U.S. citizens using Section 702 is prohibited, but such data is often swept up in the surveillance in “incidental collection.” This data can be searched by the FBI under certain statutory requirements.

While the amount of FBI searches of 702 data has fluctuated over time, the amount of those searches related to cybersecurity has steadily increased. In a recent interview with CyberScoop, a senior FBI adviser confirmed that “about half” or a “plurality” of Section 702 database searches made by the agency today relate to the investigation of malicious, state-sponsored cyber attacks. While the adviser couldn’t say how much of an increase that was from previous years, they said it was reflective of an overall shift in the agency’s work toward more cyber investigations.

“Our use of the authority in the FBI and across the intelligence community is weighted a lot more heavily towards cyber now than it was five years ago,” the senior FBI adviser said. “Part of that use of this authority is reflective of its value, and the fact that we are just doing more work in this field and we’re seeing cyber threats increase over time.”

While the FBI adviser couldn’t share any specific examples, there is some limited data about how Section 702 data has shown up in cyber investigations. For instance, in its 2022 annual transparency report the ODNI wrote that of the 3.4 million searches made by the FBI in 2021, nearly two million were related to an investigation into an alleged attempt by Russian hackers to break into critical infrastructure. The searches helped to identify potential victims, officials said at the time.

The number of FBI searches declined dramatically in 2022, in part due to a new methodology used by the FBI to count searches.

“Cyberattacks happen at a larger scale. And therefore, the amount of information collected and queried on cyber attacks is just proportionately larger,” said Tom Bossert, the former United State Homeland Security adviser under the Trump administration. “You can imagine hundreds of thousands of attempted cyber attacks in any given period of time, and perhaps only five terrorist phone calls in that same period.”

In its early days, Section 702 was branded as a powerful counter-terrorism tool, reflecting the intelligence community’s focus at the time. In fact, some of the program’s biggest declassified successes involve foiling terrorist plots and taking down their leaders. Most recently, last summer Section 702 intelligence led to a successful operation against al-Qaeda leader Ayman al-Zawahiri.

It was only in 2017 amidst the last renewal debate that cybersecurity began to take a more leading role, with examples of thwarted ransomware attempts eclipsing references to ISIS and other terrorist cells. Now, it often takes top billing when discussing the threats that nation-states pose to the homeland. In its 2023 annual threats assessment, the Office of the Director of National Intelligence put China, Russia, North Korea and Iran and their cyber capabilities among the leading threats to the nation.

Bossert, who was in charge of the Trump administration’s efforts to secure a reauthorization in 2017, sees the new strategy in part as reflective of the national security community’s shifting focus. “I think a lot of people will perceive the cyber threat to be real and ever-present. And fewer people find the terrorist threat to be as urgent,” he said. “And I’d like to think that’s because we’ve spent 20 years confronting that problem and putting controls in place.”

Officials say part of the reason Section 702 has become so valuable in thwarting foreign actors is the complicated nature of cyberattacks. In the majority of cases, attackers use U.S. infrastructure as a lily pad into domestic targets. Intelligence officials have often pointed to this as a challenge when trying to follow the activity of foreign actors onto domestic soil, noting it as a “blind spot” that contributed to the failure to detect Russian hackers during the SolarWinds attack.

Section 702, they say, fills restores that visibility. “It is an authority that lets us do collection against a known foreign entity who chooses to use U.S. infrastructure,” NSA director of cybersecurity Rob Joyce told a crowd at the RSA Conference in April. “And so it makes sure that we don’t afford the same protections to those foreign malicious actors who are on our infrastructure as we do the Americans who live here.”

“I can’t do cybersecurity at the scope and scale we do it today without that authority,” he added.

The FBI and NSA aren’t alone in praising the tool. This week a senior state department official spoke about how the tool is instrumental in informing the work of U.S. diplomats, including cybersecurity issues such as North Korean IT fraud.

One potential stakeholder the Biden administration has yet to seriously court in the fight to renew Section 702 is industry. The senior FBI adviser stressed how failure to renew the authority would hurt its ability to advise chief information security officers, inundated with warnings about vulnerabilities, about which specific threats are most urgent.

“This is one of those things that lets us reach out to specific sectors and even specific companies to say, look, this specific vulnerability is one you want to take care of right now because we’re seeing certain types of actors targeting companies, companies like you, using that,” the senior FBI adviser said. “We’re going to have a severely constricted optic in all those things if we’re forced to rely solely on other tools.”

Former general counsel of the National Security Agency Stewart Baker has made the case that the intelligence community should do more to demonstrate to industry how they can benefit from Section 702. “If I were a CISO, I’d want to weigh in on the kinds of warnings, the kinds of uses of this intelligence in real-time, that would be particularly useful to me.”

Businesses need to understand that if Section 702 goes away, so does that intelligence, says Bossert. “They shouldn’t just think of this as a national security threat. They should think of this as an enterprise threat to their company. And they should view the US government as a potential partner,” he said. “If they expect the US government to continue to be a reliable partner…they have to understand that the underlying information that they have to share is in the government’s holdings because of authorities like 702.”

The senior FBI adviser told CyberScoop that the agency is looking at ways to increase industry engagement on the subject. “There’s a variety of different stakeholders here. And industry, particularly when we’re talking about cyber, is a very important one,” the senior FBI adviser said “So that is something that we are going to take a look at going forward about how we can start getting them engaged now that this is really starting to bubble up to the top of the public conversation as well as the conversation on Capitol Hill and in other stakeholder constituencies.”

Even if there were more examples, it’s unclear if Section 702’s purported value in preventing these attacks can overcome the program’s many criticisms, both from lawmakers wielding the power to reauthorize it and civil liberties groups seeking to reform the program. Most of the political pushback against the authority centers around concerns about well-documented abuses of America’s civil liberties, public examples of which have nothing to do with ransomware or foreign actors infiltrating critical infrastructure.

For instance, a recently declassified 2022 U.S. court ruling found that the FBI had improperly searched for information on Americans in the FISA database 278,000 times, including to spy on political campaigns and protesters. The report sparked outrage from both leading Democrats and Republicans who insist that the program can’t be reauthorized without reforms.

(The FBI argues that it has implemented new compliance measures since those searches occurred to cut down on misuse.)

Officials advocating for Section 702’s reauthorization have been vague about what reforms they would be willing to discuss, instead emphasizing that changes should not diminish the tool’s effectiveness. The reforms sought by advocates and lawmakers may do just that, at least in the eyes of the intelligence community. For instance, the senior FBI adviser said a warrant requirement, one of the top asks from reformers, would make it difficult for the agency to act swiftly to notify ransomware victims.

CDT’s Laperruque noted that courts have long recognized emergency exceptions to the warrant process. Reforms such as adding a warrant requirement to Section 702, which CDT and other groups are advocating for, wouldn’t change that.

“That’s not going to stop Section 702 from being used for cyber,” said Laperruque. “It’s going to stop 702 from being used on Black Lives Matter and members of Congress, which is what we’ve seen 702 used for in recent years.”

The post The White House says Section 702 is critical for cybersecurity, yet public evidence is sparse appeared first on CyberScoop.

Friday, June 2, 2023 - 06:47
How university cybersecurity clinics can help cities fight ransomware

When the Royal ransomware group struck computer systems in Dallas earlier this month, the attack disrupted public safety systems, 311 services, municipal courts, and other city departments and services. The attack forced courts to close. Police struggled to access internal share drives. The city library system’s database and catalogue went down. And city officials estimate it will take months to recover.

Ransomware groups are increasingly targeting U.S. municipalities, and the difficulties Dallas officials face in getting back up and running illustrate just how vulnerable U.S. cities are to ransomware attacks. The fact that a relatively well-resourced city like Dallas is struggling to recover from a ransomware attack hints at the far greater difficulties smaller municipalities face when their IT systems come under attack.

In the aftermath of ransomware attacks, cities frequently turn to the federal government for assistance, but such aid is mostly reactive. It would be better if cities were positioned to prevent these breaches in the first place. But all too often municipalities lack the resources and human capital to defend themselves.

Today, university-led cybersecurity clinic programs are trying to fill this gap by building local cyber capacity. At institutions like the University of Texas at Austin, MIT, the University of Georgia and UC Berkeley, cyber clinics are working to protect local institutions from cyber threats by training and deploying students to government and community groups to provide free cyber risk assessments and give simple, step-by-step recommendations. In some clinics, students are designing and implementing custom cybersecurity solutions to bolster client defenses and guide future incident response.

Clinics such as these are well-positioned to help local institutions better protect themselves online. As Sarah Powazek of and Marc Rogers recently wrote for CyberScoop, universities are typically deeply embedded in their local communities and have the trusting relationships required to assist critical city departments with onsite cyber resources. The university clinic model has existed in medical and law schools for decades to train the next generation of leaders in these fields with hands-on, real-world experience. Extending the clinic model to cybersecurity gives students experience while offering municipalities access to valuable expertise. Town-gown clinic partnerships like these advance university goals, provide necessary public services back to their host cities and help to fill a nationwide cybersecurity workforce gap.

The Applied Cybersecurity Community Clinic at The University of Texas at Austin launched this year as one such partnership. The fruit of discussions with the Cybersecurity and Infrastructure Security Agency’s Cybersecurity Advisory Board, the city of Austin and UT Austin’s Robert Strauss Center for International Security and Law, the clinic provides pro bono cybersecurity services to community organizations and small businesses that cannot afford such services on their own, while giving students hands-on cybersecurity experience.

Given Austin’s burgeoning tech ecosystem and staggering urban growth, the city provides a perfect testbed for delivering cybersecurity services via a university clinic. Austin is home to a large number of disruptive tech start-ups, many of which are more focused on growth than cybersecurity and in need of the clinic’s services. And as the city grows, Austin’s nonprofits and city services are in need of robust digital services as they support underserved Austinites who have been adversely impacted by cost-of-living increases. Between these sectors, the UT Austin cybersecurity clinic’s inaugural student cohort will deploy to serve a mix of small business, nonprofit and public sector clients in the 2023-2024 school year.

Due to the transitory nature of college students and the legal risks involved in incident mitigation, university clinics are not especially situated to provide boots-on-the-ground incident response services. But by serving as force multipliers, university cybersecurity clinics help to accomplish cyber defense goals across local, state, and federal governments. Clinics alleviate requests for state and federal resources by emphasizing a hyper-local preventative approach to cybersecurity. By tracking students into the cybersecurity workforce, clinics may ease the shortage of cybersecurity expertise by providing a talent pipeline and internship-like experiences to bridge existing gaps.

The cybersecurity clinic network is growing, and clinics represent a sustainable, scalable and long-term presence in the areas they serve. As we seek to grow the cyber workforce, clinics serve as a valuable resource to leverage the expertise of university students and faculty to address the immediate needs of communities with their unique forms of cyber mutual aid. As the workforce catches up and more skilled professionals enter the field, clinics can evolve and adapt their services, offering advanced cybersecurity solutions, specialized consulting expertise and research collaboration. In the future, clinics working together could standardize research and reporting on cyber incidents that affect their clients to better inform the defense of U.S. computer systems. The sustained presence of cyber clinics will be essential in supporting the ever-changing cybersecurity landscape and ensuring small, local organizations have resources to combat emerging threats.

Incorporating university-led cybersecurity clinic programs into local cyber planning and prevention offers a proactive and free third-party solution to ransomware attacks on under-resourced U.S. cities. Municipalities in areas with active clinics should seek clinic assistance to foster local cyber resilience and reduce reliance on reactive state and federal intervention. Municipalities interested in more information about cyber clinics should consult the Consortium of Cybersecurity Clinics for resources and contact information.

Francesca Lockhart leads the Applied Cybersecurity Community Clinic at The University of Texas at Austin.

The post How university cybersecurity clinics can help cities fight ransomware appeared first on CyberScoop.

Thursday, June 1, 2023 - 13:58
The 2024 race promises to be ‘very, very active’ in terms of foreign and...

The former head of the U.S. Cybersecurity and Infrastructure Security Agency who President Trump fired over his comments about the 2020 election said he fully expects American adversaries such as Russia and China to meddle in the next election through a range of activities to disrupt or influence the vote.

“If we thought 2020 was active, there are more motivations for foreign actors to muck around from an influence perspective, certainly, but perhaps even from an interference perspective,” Chris Krebs, currently a partner at the consulting firm Krebs Stamos Group, told CyberScoop in an interview on Thursday. Drawing a distinction between what he sees as “influence” (the shaping of public opinion) and “interference” (attacking election infrastructure), Krebs said he’s “fully expecting a very, very active threat landscape.”

Given the state of Russia’s faltering military campaign in Ukraine, he wouldn’t be surprised if Russia didn’t once again try to interfere in the vote and attempt to “muck it up.” He also said that increased geopolitical tensions between Washington and Beijing could be enough reason for China to reengage with influence operations. Furthermore, he said, Iran could take “another whack at it” since it was actively involved in 2020.

Krebs comments come on the heels of a New York Times report that Jack Smith, the special counsel investigating Trump’s effort to overturn the 2020 election, has subpoenaed Trump administration officials involved in Krebs’ firing from his position leading CISA. Following the 2020 election, Krebs’ agency, which was responsible for overseeing election security issues, issued a statement attesting to the integrity of the election results. That statement infuriated Trump, who fired Krebs five days after it was issued.

Prosecutors in Smith’s office are examining efforts by Trump aides to test the loyalty of government officials to the president, and Krebs has testified before the inquiry, according to the Times.

Krebs would not discuss the special counsel’s investigation on Thursday but said that he expects the 2024 election will feature similar narratives that marked the 2020 contest. “We’ve got a very hypercharged political environment, and I would expect to see some of the same sort of misbehavior — to put the term lightly — that was on in 2020 return in ‘24,” Krebs said. 

As the election ramps up, Krebs said that he expects domestic political actors — ranging from political action committees to militia groups — to embrace some of the tactics used by foreign groups to meddle in the election. “What we’re seeing is some of the playbooks of foreign adversaries are being adopted by domestic actors,” Krebs said.

Amid widespread conspiracy theories about the integrity of the 2020 election, poll workers have been subjected to violent threats, and Krebs said many of these workers choosing to leave their jobs as a result represents perhaps the greatest threat to the 2024 election. 

Asked what messaging he expects Trump will adopt regarding the integrity of the 2024 election, Krebs demurred: “Don’t even want to think about it.”

The post The 2024 race promises to be ‘very, very active’ in terms of foreign and domestic meddling, says former CISA chief appeared first on CyberScoop.