Cyberspace Security 1

Cyber Security

Cyberspace Security and Governance

Damian Shull
University of Central Florida

Cyberspace Security and Governance

My Overall Research.

Cyberspace Security 2
The overall theme encompassing my research on cybersecurity was

there is an agreement for more effective cyberspace governance and solutions. Our politicians
have as much knowledge on cyber security and governance as does our general population. Not
only is there a lack of effective governance, there has been a lack of skill in the information
technology (IT) field of cyber security. (Popa, I. F. 2013) A review by Harvard stated Many
directors have openly shared that they feel unprepared to address cyber threats because they lack
necessary technical skills and do not understand cyber risk. (Cyber Security, Cyber Governance,
and Cyber Insurance) This will be a major problem in our next generation if we don't change and
ramp up education on cyber security.
Cyber Attacks.

Over the past years there have been many cyber attacks against the U.S.

private sector. Hackers have breached companies such as Sony and Target, and stolen a majority
of their customer database (Cyber Attacks on U.S. Companies in 2014). We know today
companies are vulnerable to continuous breaching. A good hacker doesnt leave a footprint when
carrying out cyber attacks. A company usually finds out only when the hacker/group decides to
publicly boast of their hacking, or when the FBI informs the company of a cyber attack. (Popa, I.
F. 2013) What Hacktivist groups usually want is to steal confidential information such as credit
card information, for the purpose of carding. Carding is basically credit card fraud. Hackers also
desire geopolitical gains or the ability to brag about their successes. There is a community among
hackers that encourages other hackers to initiate new and more sophisticated cyber attacks.
(Cybersecurity: Building Corporate Resilience, Encouraging Protective Transformation.)
General Solutions.

A good way to defend against these threats is to provide more education

on IT cyber security early in high school, technical trade schools, and at the college level. This

Cyberspace Security 3
will include training for our politicians and their staffs on cyberspace governance. Penalties for
companies with weak or non-existent firewalls suffering data breach will encourage compliance.
Proposals.

The Cyber Intelligence Sharing and Protection Act (CISPA) bill is a proposed law

in the United States which would allow for the sharing of Internet traffic information between the
U.S. government and technology and manufacturing companies. I believe if implemented, CISPA
would be a viable solution due to the fact the federal governments designated cyber security
organization (CSO) could monitor internet traffic and be able to pinpoint areas of malicious
activity. CISPA hasn't passed due to controversies of its efficacy. Some claim CISPA is written so
broadly that it allows companies to hand over large swaths of personal information to the
government with no judicial oversighteffectively creating a cybersecurity loophole in all
existing privacy laws (CISPA Is Back: FAQ). What the general public doesn't understand is that
cyberspace governance needs policies and laws like CISPA. CISPA would help the CSO track
down cyber crimes on the internet similar to how police patrol the streets. Most people don't want
to be spied on, even though the CSO will monitor and target cyber threats. In addition to
addressing problems, companies don't really get a slap on the wrist for when their data gets hacked
nor when they fail to report they have been hacked. Although the companies are the victims, they
are also supposed to be protecting our data. I believe there should be more heftier fines for when
incidents like these happen to companies in order for them to step up their security. It is not fair
that I could potentially get my information stolen all because I made a purchase, for example at a
Target because of their failure to protect our data. Another problem is the lack of knowledge
among our politicians. I think if we start electing politicians for their knowledge in cyber
governance better proposed laws would be the result with the general public in mind than the
infamous CISPA law.

Cyberspace Security 4
What I think is missing from the research I did is the advent of new software to protect
us and companies from cyber attacks. One solution I think the articles left out is the viability of
biomerics. As of today if you have a device with a fingerprint scanner, that is basically what
biometrics is using our unique body parts as passwords and keys. Implementing biometrics
instead of hard to remember passwords would in fact make a hacker's job a lot more harder.
(Biometric Technology Offers An Advantage Over Passwords) In addition to the articles I read
on cyberspace governance, the articles never touched up on the fact that websites of companies
and institutions should be heavily updating their firewalls, HTTPS browsers and antivirus
software to help prepare companies from denial of service attacks, malware, ransomware, trojans
and etc The lack of updating is what I think led to a lot of these cyber attacks on companies.
What needs to be studied more are effective types of cyber attack defenses and how
cyber attacks are carried out. Knowing what needs to be protected such as data is important in
the cybersecurity world. Acknowledging this will help prevent cyber attacks or help establish
laws that require companies to pay more attention to their computer and network infrastructures
more carefully. We humans take the internet and its networks for granted only realizing it in our
frustration when the internet is not working anymore for whatever reason.
One possible gap that's apparent is that cyber security is not well known among the
general population. I believe that if the general public was to be more informed that internet
needs to governed and protected we would in fact have less cyber threats. I think that we have
made a gap in society in the IT field and the cyberspace world as well. As of today, there is little
education in highschool that touches up on cyber security. I feel that there is not enough
inspiration that engages students to go into IT. I think that if we were to implement cyber

Cyberspace Security 5
security education into programming courses in high school and more in college we could in fact
fill that gap.

References
Jaycox, Mark. "CISPA Is Back: FAQ." Electronic Frontier Foundation. EFF.org, 25 Feb. 2013. Web.
14 Nov. 2015.
Walters, Riley. "Cyber Attacks on U.S. Companies in 2014." The Heritage Foundation. Heritage
Foundation, 10 Oct. 2014. Web. 14 Nov. 2015.
Jolly, Ieuan. "Data Protection in United States: Overview." Practical Law. Thomas Reuters Legal
Solutions, 1 July 2015. Web. 15 Nov. 2015.

Cyberspace Security 6
Paul Ferrillo, Weil, Gotshal & Manges LLP. "Cyber Security, Cyber Governance, and Cyber
Insurance." The Harvard Law School Forum on Corporate Governance and Financial
Regulation Cyber Security Cyber Governance and Cyber Insurance Comments. Harvard, 14
Nov. 2014. Web. 15 Nov. 2015.
Popa, I. F. (2013). CYBERSPACE GOVERNANCE. NEW GOVERNANCE APPROACH IN
SUPPORT TO INTERNATIONAL SECURITY. Paper presented at the 369-378. Retrieved from
Rigby, Johnathan. "Cybersecurity: Building Corporate Resilience, Encouraging Protective
Transformation." Cybersecurity: Building Corporate Resilience, Encouraging Protective
Transformation. Alix Partners, 26 Dec. 2014. Web. 17 Nov. 2015.
Lee, Peter. "Biometric Technology Offers An Advantage Over Passwords."
ComputerHowtoGuide.com. Peter Lee, 08 Mar. 2015. Web. 17 Nov. 2015.
<http://www.computerhowtoguide.com/2015/03/biometric-technology-offers-an-advantage-overpasswords.html>.

Cyberspace Security 7

Familiarizing
Cybersecurity in
High School
11.15.2015

Project Proposal
Damian Shull

Cyberspace Security 8
University of Central Florida

Overview
This week we will establish a whole week dedicated to learning cyber
security in our AP Programming course.

Goals
1. Learn what cybersecurity is and how it is used effectively.
2. Be able create attacks and defend them and to acknowledge
which information needs to be encrypted in the event of an
attack.

Specifications
In order utilize cyber security, programmers will need to be familiar
with a computer language particularly Python or LUA. Students will also
need an aptitude to learn about cybersecurity as well.

Cyberspace Security 9

Week 1
Monday
The lecture will be a powerpoint based on what cyber security is and why it is essential to
our future. This hyperlink on what cyberspace governance will help give
http://search.proquest.com/docview/1497214966?accountid=10003 students and idea
why cyber security is important.
Tuesday

Teach students how to build different types of attacks such as malware, DDOS attacks
and the dangers of social engineering. Then teach students about different types of
protections used to thwart these types of threats.
Wednesday
Learn how half of the class builds a cyber threat such as malware and the other half of the
class builds some sort of firewall or protection against the attack.
Thursday
Continuation on building the group projects because it takes more time than one hour to
build certain malicious programs and firewalls. Both teams must complete their sides
before friday even if they don't finish in class then it is for homework.

Friday

Cyberspace Security 10
Test the two sides against each other in a similar scenario to how a regular attack would
take place. Team 1 is the malicious hackers and Team 2 is the cyber security. Whoever
effectively wins gets extra credit as well. Overview of why this happens and encourage
kids that they could prevent these types of attacks for the next generation.