Because the private sector is the most active online, Chertoff said, business lead- ers are essential to that effort. They must identify and share the attacks and threats they encounter.
That can be testy territory, with global reputations and proprietary information often at stake. No one—no industry, no university, no bank, no government agen- cy, no nonprofit or small business—wants to be named in headlines as the victims of such an attack, lest readers conclude they are unworthy of trust or the unwitting disseminator of sensitive personal and financial information.
But even the Pentagon has been hacked. UD has been hacked, major banks and corporations have been hacked, those with enormous security budgets and protective protocols have been hacked. Human error is a factor, software problems are a factor and, Chertoff said, no institution is immune.
So it’s essential to share “indicators of compromise,” said Chase Cotton, profes-
sor of electrical and computer engineering and director of UD’s Center for Informa- tion and Communications Sciences. “The IP address, the email, the file name it leaves behind in your machine—so you know that if you get attacked, you will see these.”
Breaches sometimes aren’t discovered for months, though, and not all are quick- ly disclosed. Some corporate victims went “radio silent,” he said, and some choose not to make problems known until they file SEC reports.
“But we’ve seen a sea change in the way industry is behaving this year, especially after the Target breach,” Cotton said.
UD’s program, which will help to develop effective corporate strategies, is drawing significant interest, Walker said. UD students can pursue a minor in cyber- security, and Walker hopes to expand course offerings to include research in human behavior, ethics and public policy.
Ralph Begleiter, former CNN world correspondent who directs UD’s Center for Political Communication, raised the issue of human behavior in a question to
Chertoff, who agreed it was an under- considered element of cybersecurity.
Chertoff pointed to a recent situation that emerged when a mid-level employee in the Department of Defense inserted a thumb drive into his computer, unleash- ing a major intrusion into the network.
Those portable memory sticks apparently are hard to resist. Chertoff cited a study that showed the majority of people who find a thumb drive lying in
a parking lot will put it into their laptop or computer to check it out, unaware or unconcerned that it may be delivering a payload of malware and viral code. If that same thumb drive has a logo on it—an Eagles logo, perhaps—studies show 95 percent of people will insert it into their computers, he said.
Chertoff said he sees good news in the increasing amount of cooperation and urgency around cybersecurity.
But difficult decisions must be made— where to strike the balance between civil liberties and public safety, protecting the values that define the nation.
UD launches cybersecurity initiative for business world
Starnes Walker has held leadership positions in the U.S. departments of Defense, Energy and Homeland Security, overseeing cyberwarfare programs and thousands of cybersecurity specialists. Now, as founding director of UD's Cybersecurity initiative (UDCSI),he is forming partnerships
across the corporate world, government and academia to develop practices and programs to strengthen cybersecurity at businesses of all sizes and grow a new generation of cyberwarriors to protect corporate America.
What efforts does the UDCSI already have underway?
UD has been selected to partic- ipate in the Federally Funded Research and Development Center (FFRDC) that is supporting the National Cybersecurity Center of Excellence in Montgomery County, Maryland. UD is among a small consortium of universities that will be called upon to assist with research and training tasks.
We also are pursuing grant op- portunities to support the training of master’s degree students, de- veloping a cross-college response to training opportunities, and exploring wireless testbeds for big data, increasing the bandwidth
of the data we can transmit. We’re learning how to do this more efficiently and effectively.
What other disciplines does cybersecurity work require?
Just as no one business has all the capabilities in this cyberconnect- ed world, academia can’t help de-
velop programs to counter future attacks without being informed by many disciplines. Understand- ing human behavior requires cyberanalytical tools that allow you to visualize data, enabling you to begin to see patterns. But you also need the benefit of the social sciences, as well.
What experiences will you draw on for this initiative?
I was privileged to be asked to stand up the U.S. Fleet Cyber Command and the U.S. 10th Fleet for the Department of Navy/ Department of Defense and create a workforce aligned to delivering technology to customers. I served as technology director and chief scientist of the Office of Naval Research and as the chief scientist at Argonne National Laboratory. In industry, I was involved in creating a very competitive nuclear fusion program with Phillips Petroleum. I’ve always taken chances—I’ve never been afraid to try some- thing new.
What do you want UD’s new Cybersecurity Initiative to be known for?
I want UD to become a go-to place for corporate America—a center for best practices and for strategic partnerships, offering the finest curriculum, research, and training in this field.
What are the industries most at risk in America?
There are risks to businesses
of every size. There are critical nodes in 17 different areas, from the banking industry, to trans- portation, and reaching all the way into the energy infrastruc- ture, where there are vulnerabili- ties in the power grid.
“Cybersecurity is serious business, and UD needs to be at the forefront of workforce development in this area.” —Starnes Walker
24 | UD RESEARCH