5 questions for the security savant
The current pandemic has put the power and utility of technology on center stage. From homebound CEOs to kindergarteners kept away from school, nearly everyone lives increasingly in the virtual world.
Working to make that space safer is Brian Fonseca, director of Cybersecurity@FIU and a cybersecurity policy fellow at the Washington, D.C.-based think tank New America. He also directs the Jack D. Gordon Institute for Public Policy within FIU’s Steven J. Green School of International and Public Affairs. His career in national security began in 1997 when he served in the United States Marine Corps and facilitated the training of foreign military forces both in conflict zones and during peacetime operations.
Even with his experience at the highest levels, Fonseca cautions against thinking of security concerns only on a grand scale. Threats are as close as one’s pocket, backpack or nightstand.
1. What major security threats are we facing?
While there are several serious national security threats, both domestic and foreign, the most critical involve the technological shifts happening in cyberspace. The rapidly growing number of users and devices connecting to the internet is increasing cybersecurity risks to people, organizations and nations. Cybercriminals are using phishing and web-based attacks to steal money and information and disrupt networks and computer systems. These attacks can affect a major company, like in 2018 when Marriott had a data breach that compromised nearly 339 million guests.
And attacks on the U.S. government can be gravely dangerous. Most recently, at least six federal agencies, including Energy, Commerce, Treasury and State, were reported to have been breached as well as the National Nuclear Security Administration’s networks. This is being called the worst cyberattack ever perpetrated on the U.S. government, and it is believed to have come from Russia, as Secretary of State Mike Pompeo has publicly stated.
Technology is rapidly changing the nature of conflict, too. Data and networks are vital to militaries engaged in conflict, and the rise of autonomous weapon systems such as drones, fighter planes, tanks and even robot soldiers is changing the face of war.
2. Robot soldiers – yikes. But let’s backtrack. How can we protect ourselves against cyberthreats?
I think education and awareness are vital. Poor cyber hygiene and a lack of understanding contribute to most successful cyber attacks. People are familiar with two-factor authentication or CAPTCHA and find them bothersome, but these tools are incredibly useful against cyber attacks that could take personal information in a matter of seconds. And being aware, reading an email or a text fully before replying or clicking is important, too. Remember how Russian hackers got into John Podesta’s emails? It was through an email he thought was from Gmail. Professional hackers are smart – we must always be alert.
3. How has COVID-19 impacted cybersecurity and the overall global security landscape?
The global pandemic is exacerbating pre-existing socioeconomic and political fissures that could easily turn into widespread instability around the world. Also, the surge in internet connectivity due to social distancing is creating greater opportunities for criminals to exploit vulnerable communities around the world. We are already seeing an increase in cybercrime likely brought about by the pandemic disrupting traditional trafficking routes, pushing criminal organizations into cyberspace or taking up more violent crimes such as extortion and kidnapping for ransom. All this comes back to the need for education and awareness, and the need for a stronger national security workforce.
4. What should the future national security workforce look like?
It should look more like the composition of America. It is diverse and inclusive—in terms of both demographics and thought—and highly interdisciplinary. To get there, we need to engage younger generations and expose them to national security and cybersecurity education. The national security and cybersecurity workforces have high demand, and our students are well positioned to be competitive in pursuing those careers. Something I am proud of my team for executing was the IBM Cyber Day for Girls. More than 200 girls from seven different schools across Miami-Dade gathered on campus at the Frost Art Museum for “IBMCyberDay4Girls,” a one-day conference that educated young women about cybersecurity. It is up to us to facilitate these projects to bridge the cyber gap. Our team also hosts national security workshops every semester for high school students across South Florida.
5. What roles do institutions like FIU and the Gordon Institute play in the national security space?
I find that we are responsible for preparing workforces with the skills needed to combat existing and emerging national security threats. We do this by aligning skills development with prevailing issues and providing important context about the national security landscape. The Gordon Institute is doing this through the IC-CAE Intelligence Fellowship workforce development program that teaches fundamentals of national security, analytic writing and structured analytic methods or our cyber hygiene, cyber operations, and cyber policy courses. We also co-host the NICE Conference which brings together leaders from industry, government and academia to address the community's cybersecurity education, training and workforce needs.
And generally speaking, FIU is emphasizing security and cybereducation in the different colleges. The College of Engineering & Computing recently announced its bachelor’s in cybersecurity and the College of Law next year is launching a technology and law master’s. I would also be remiss if I did not give a shoutout to FIU’s Division of Information Technology team that keeps our systems protected internally. Some may find completing the various login steps that IT has put in place tedious, but trust me, it’s worth it.
Editor's note: This story has been updated to reflect the suspected Russian hacking of U.S. agencies and companies that was first reported in December of 2020.