Managing tomorrow’s threats today

To combat cybercrime, we need to stay one step ahead of hackers. That's why three new academic concentrations and certificate programs in cybersecurity will be added to our curriculum soon to give students the knowledge to fight back.

By Raghu Santanam

Chair, Department of Information Systems

ASU’s Global Security Initiative (GSI) hosted a one-day cybersecurity conference on Aug. 23, 2017. In addition to attending the conference, I was on a panel that discussed the cybersecurity workforce needs of today and the future. U.S. Sen. John McCain (R-AZ) gave the keynote address. It was good to hear about all the research and educational initiatives at ASU related to cybersecurity.

On my panel, I outlined how cybersecurity threats have evolved. For example, many of you may not know that the first “internet worm” was written by Robert Morris in 1988. This worm resulted in damages ranging from $200 to $53,000 on networks it infected, and it affected about 6,000 computers (10 percent of the internet in 1988). By the way, Robert Morris did not intend for the worm to be malicious (he is a professor at MIT now).

Fast forward to today, the recent “WannaCry” ransomware is estimated to have inflicted damages worth $4 billion, and it affected computers in more than 150 countries. Marcus Hutchins, a software engineer from Britain, helped stop the ransomware’s spread. However, authorities arrested him for propagating another malware — Kronos — that stole credit card information from infected computers.

The trend we can expect for the future is more attacks and more importantly, more severe and broad-based attacks on computer networks. Given this reality we need to recognize the following:

1. The cybersecurity workforce needs multi-disciplinary training. This includes business acumen, a prudent risk-management approach, technical skills, and interpersonal skills. I am happy to say that my colleagues (both in the business school and at ASU) recognize this need and are collaborating to put together multi-disciplinary programs for cybersecurity education at all levels.
2. Cybersecurity experts of the future have to wear a “black hat” when needed. That is, they need to think like hackers. To inculcate this, we need more experiential learning labs for cybersecurity. We are working to expand the opportunities for hands-on training at ASU.
3. Managers at all levels need crisis management skills as it relates to technology. There are too many examples of botched responses to security incidents. This is where our master’s programs excel. We are training managers at all levels to understand the reality of cyberrisks and the need to develop crisis management practices as it pertains to cybersecurity.

We expect to announce details of new concentrations and certificate programs in cybersecurity soon. I can confidently say that these certificates and concentrations will be multidisciplinary and will leverage the broad range of talent available at ASU from different schools and colleges.