News

Cyber Florida Staff Director Dr. Ron Sanders Retires

July 18, 2022—TAMPA, FL: After helping to oversee a period of rapid change and dramatic growth at the Florida Center for Cybersecurity (also known as Cyber Florida), Staff Director Ron Sanders, DPA, has announced his retirement. Dr. Sanders first served as a member of the Board of Advisors upon the center’s founding in 2013. In 2020, he was brought on as staff director under former Executive Director Mike McConnell, VADM, USN, Ret., who has also recently retired. During his tenure as staff director, Dr. Sanders championed several new initiatives that garnered national recognition for the center and helped secure significant new funding for a series of efforts to improve the state’s overall cybersecurity posture.

“I am grateful to Dr. Sanders for his many notable contributions to this organization,” said the center’s new executive director, General (Retired) Frank McKenzie. He continued, “His leadership was instrumental in elevating Cyber Florida to national prominence, and together, he and VADM McConnell built an impressive legacy. I’m proud to carry on the remarkable momentum they created and wish Dr. Sanders well in retirement.”

Dr. Sanders’ career includes nearly three decades of decorated civil service. Among his many accomplishments, he helped lead the historic post-Cold War transformation of the U.S. Defense Department and the post-9/11 stand-up of the Department of Homeland Security and the Office of National Intelligence. He managed the recruiting, development, and deployment of thousands of new intelligence officers to fight the Global War on Terror and the restructuring of the IRS. He helped establish the United Arab Emirates’ cybersecurity and space agencies and China’s National School of Administration. He was also a presidential appointee, serving as chair of the U.S. Federal Salary Council from 2017 to 2020.

Dr. Sanders is the recipient of three Presidential Rank Awards (from DOD, IRS, and the U.S. Office of Personnel Management), two Teddy Roosevelt Distinguished Public Service Awards, and the National Intelligence Distinguished Service Medal. He is the author of four books and has served on the faculty of several distinguished institutions, including George Washington University, The Brookings Institution, and the University of South Florida.

During his tenure with Cyber Florida, he led the transformation of the University of South Florida’s online M.S. in Cybersecurity into four independent cyber-focused master’s degree programs to better align with employer needs. He advocated for the launch of the center’s highly successful Operation K12 program, and his passion for public service led him to create the Cyber Citizenship Education initiative, designed to teach K-12 students to navigate online misinformation and disinformation, among other accomplishments.

ABOUT CYBER FLORIDA

The Florida Center for Cybersecurity, also known as Cyber Florida, was established by the Florida Legislature in 2014 to help position Florida as a national leader in cybersecurity through education, research, and outreach. Hosted by the University of South Florida, Cyber Florida leads a spectrum of initiatives to inspire and educate future and current professionals, support industry-advancing research, and help people and organizations better understand cyber threats and what they can do to stay safer in cyberspace.

###

2022-07-18T09:43:13-04:00July 18, 2022|
Read More

Cyber Florida Says Goodbye to Executive Director, Welcomes New Leadership

After a highly distinguished career in public service spanning more than five decades, the Honorable J. Michael “Mike” McConnell, VADM, USN, Ret., has retired as executive director of the Florida Center for Cybersecurity at the University of South Florida (USF), also known as “Cyber Florida” as of June 30, 2022. General Frank McKenzie, USMC, Ret., has been appointed by USF President Rhea Law to be Cyber Florida’s new executive director. General McKenzie will also be leading USF’s new Global and National Security Institute [link to USF news article].

McConnell first served as chair of the board of advisors upon the center’s launch in 2013. He assumed the role of executive director in February 2020 at the behest of then-USF President Steven C. Currall. During his two-and-a-half-year tenure, McConnell elevated Cyber Florida from a regional center to a truly statewide entity, helping to guide policy at the state level and expanding the center’s reach beyond the State University System of Florida to include the Florida College System and the state’s public school districts, the state’s defense extensive defense industry, and several federal agencies. Under his guidance, the center also forged strong relationships with Florida’s military community, robust defense industry, and several federal agencies, including helping to bring in several million dollars in grants from the National Security Agency.

“We sincerely thank Vice Admiral McConnell for his decorated career of service to our country and his many important contributions to the success of Cyber Florida.  We wish him the best in a well-deserved retirement,” USF President Rhea Law said. “With the foundation Vice Admiral McConnell helped establish, I look forward to seeing Cyber Florida continue to strengthen the cybersecurity industry across our state and the nation in the future.”

General Frank McKenzie, who recently retired from the U.S. Marine Corps as commander of U.S. Central Command, has taken over as Cyber Florida’s new executive director as well as leading USF’s new Global and National Security Institute.

“Vice Admiral McConnell has set Cyber Florida on a solid trajectory to position Florida as a national industry leader and model state for cybersecurity, and I intend to carry on that mission leveraging the strong momentum he and his team have created,” said McKenzie.

2023-04-05T17:28:31-04:00July 11, 2022|
Read More

United States Cyber Command TECH TALK #2

Join Subject Matter Experts Dr. Natalie M. Scala and Colonel Paul L. Goethals on Thursday, July 14 for the Tech Talk Forum on Analyzing Security Threats to Mail-Based Systems for Electoral Processes”.

Welcome and Opening Remarks:

  • COL Scott Nelson, USCYBERCOM Director of Academic Engagement
  • LTC Travis Trammell III, NSA Election Security Group
  • Dr. Travis Derico, USCYBERCOM J2 Elections Defense Lead
2022-08-19T09:04:36-04:00July 6, 2022|
Read More

Defense Contractors: DoD Updates CMMC Timeline

The Department of Defense recently provided some clarity on the timeline for implementation of its Cybersecurity Maturity Model Certification (CMMC) program. The DoD now expects to complete documentation to submit to the Office of Management and Budget for its rulemaking process by July 2022. And, it plans to issue interim final rules by March 2023. If DoD sticks to this new timeline, the CMMC requirements could begin appearing in solicitations for government contracts as early as May 2023 (60 days after the rules are published).

DoD plans to roll out the CMMC requirements in solicitations under a “phased approach.” During phase one, when the CMMC requirement first starts appearing in solicitations, all offerors will be required to conduct a self-assessment and provide a positive affirmation of compliance. This stands in contrast to having a third-party certification, which will eventually be required for some contractors under CMMC. In phase two, solicitations will require either self-assessments or third-party certifications. Which approach is required depends on the type of information involved, and the required certification level. The timing of phase two is still to be determined.

DoD also has confirmed that the third-party CMMC certification will be good for three years once the certification is issued (while not required until phase 2, contractors may choose to secure certification early), but contractors will be required to provide an annual affirmation confirming compliance. The third-party certification is for those associated with critical programs and contracts involving information critical to national security. Self-assessments required for contractors not handling information critical to national security will need to be performed on an annual basis. The assessment will need to be accompanied by an associated affirmation by a senior company official.

Putting it Into Practice: It seems the time finally has come for DoD contractors and suppliers to prepare their information systems for a CMMC assessment, if they have not already. Now is time for DoD contractors to consider (1) comprehensive self-assessments, (2) appropriate remediation, and (3) updating any reported cybersecurity scores to ensure they reflect the current posture of the system.

Retrieved from https://www.natlawreview.com/article/updated-timeline-dod-s-cybersecurity-certification-program

2022-06-27T09:25:36-04:00June 27, 2022|
Read More

FIU Awarded $2 Million to Develop Artificial Intelligence Cybersecurity Tools

Florida International University’s College of Engineering and Computing researchers have received a $2 million award from the U.S. Department of Energy (DOE) to help develop technology to prevent, detect, analyze and mitigate cyberattacks against U.S. energy systems.

“Our FIU team is very experienced in cybersecurity and smart energy grids. We are proud to lead the project to advance state-of-the-art methods in cyberattack detection and to harden our power grids,” said Mohammad Ashiqur Rahman, the lead principal investigator and assistant professor and the director of the Analytics for Cyber Defense (ACyD) Lab. “Protecting the security of America’s power is crucial as we face increasing cyber threats.”

The project, entitled “Artificial Intelligence-Enabled Tools (ArtIT) for Cyber Hardening of Power Grids,” involves developing artificial intelligence techniques and analytics that identify attacks in real-time and creating intelligent controllers to enhance the bulk power system’s attack resiliency. The team will then validate and test the tools in collaboration with utility and industry partners.

LEARN MORE
2022-06-15T12:54:09-04:00June 15, 2022|
Read More

UCF Professor’s Research Helps Inform Policy, Laws Surrounding Intimate Partner Cyber Abuse

There are various positive aspects to living in a time in which technology is more prevalent and accessible than ever, but there are also many shadows in the realm of the cyberspace.

This is why Erica Fissel’s goal is to illuminate the interpersonal victimization that occurs in cyberspace in hopes that her work will be used to help inform policy and help these victims.

Fissel, an assistant professor in the Department of Criminal Justice, doesn’t consider herself a particularly technology-savvy person but was fascinated with the way people behave online versus offline. From there, she began to look at what use or abuse of technology looks like in an intimate partner relationship. A member of UCF’s Violence Against Women faculty cluster, she focuses on the impact it has on women.

Although she didn’t intentionally seek to make women the focus of her research, Fissel says she quickly discovered that women are the most likely to experience such forms of interpersonal victimization. She also works with the Cybercrime Support Network to help serve those affected by the growing impacts of cybercrime.

“This area is so interesting to me because it’s so underdeveloped, and there are so many ways that people can use technology to abuse their partners that I would have never thought of,” she says.

Such technology can include smart-home systems like video doorbells, which can be used to track or monitor an intimate partner. Even reading a partner’s text messages without their permission can fall into the category of technology-based abuse under certain circumstances.

She adds that it’s important to realize that intimate partner cyber abuse is not illegal. There may be laws applicable to cyberstalking or cyber harassment, but intimate partner cyber abuse extends beyond those behaviors.

“Because of that, people don’t know what they’re experiencing is abusive or problematic,” Fissel says. “They don’t know that they should be able to get help for it. I want my work to be able to inform policies and laws. I want to help individuals experiencing these behaviors access helpful resources, realize that they’re experiencing problematic behavior and get out of those situations.”

In her Women and Crime course, Fissel often finds herself teaching survivors and others who have experienced intimate partner cyber abuse. She’s even had students realize through the class that they are either currently being victimized or have been in the past.

“It’s very heavy material for students, but what I try to do is have a very open dialogue and safe space within the class where people are able to share their ideas,” she says. “We can talk about these types of behaviors and experiences because they’re important to understand.”

Defining the Cyber Abuse Spectrum

Although statistics show that women are generally more likely to be victims of intimate partner violence, Fissel says she is seeing more parity between men and women engaging in cyber-based abuse.

One of the projects Fissel has been working on examines the normalization or societal acceptance of behaviors that could be considered cyber abuse. She and a team of researchers from other universities collaborated on the study, which was funded by a faculty enrichment grant from the University of Cincinnati’s Criminal Justice Research Center. They collected data from 1,500 adults currently in an intimate partner relationship and asked about their experiences with intimate partner cyber abuse, perpetration and victimization within the past six months.

“We did a pilot test, and 100% of people experienced intimate partner cyber abuse as we defined it in the past six months,” Fissel says. “We thought, ‘This is a much bigger problem than we thought or we’re measuring it wrong.’ We talked to people about it, and some of the behaviors that we were defining as abusive aren’t abusive in all contexts.”

For example, tracking a partner via GPS would be considered abusive if it was being done without consent. However, Fissel says, many participants later indicated they tracked each other’s locations for safety reasons.

“That’s one of the tricky things with intimate partner cyber abuse, because it’s totally relationship specific and dependent on whether the boundaries developed with your partner were agreed upon without coercion,” she says.

In addition to looking at intimate partner cyber abuse on the victimization side, Fissel also is working on it from the perpetration side. That entails trying to understand why people engage in such behaviors, which is vital to being able to prevent them from happening.

Fissel also is working on another study with Jackie Woerner, an assistant professor in UCF’s departments of sociology and psychology, that focuses on the perpetration side. The two surveyed 544 people and followed up with nearly 300 of them a month later to examine their intimate partner cyber abuse behaviors over time. Part of this research involved asking participants about the factors that motivate their behavior. Fissel says many cited personal insecurities such as lack of trust.

“There’s almost a range within intimate partner cyber abuse,” she says. “There are things like checking someone’s text messages without their permission, which I would say is probably on the lower end of the spectrum. Then you also have people who are opening bank accounts in your name and ruining your credit, or people who are sending you threatening text messages. We’re also trying to figure out where the line that society draws is, because that’s going to help with trying to determine laws, too.”

Fissel received her doctorate in criminal justice from the University of Cincinnati. Her primary research interests focus on various types of interpersonal victimization that take place online, including cyberstalking, intimate partner cyber abuse and cyberbullying. She joined UCF’s Department of Criminal Justice, part of the College of Community Innovation and Education, in 2019.

Retrieved from UCF.edu. To see the original article, visit: https://www.ucf.edu/news/ucf-professors-research-helps-inform-policy-laws-surrounding-intimate-partner-cyber-abuse/

2022-05-09T14:33:22-04:00May 9, 2022|
Read More

Password Tips to Help Keep Your Information Secure

Passwords are an essential part of protecting your personal information from cybercriminals. We all know that passwords can be a source of endless frustration in the digital world, and you’ve probably asked yourself, “do I really need to set a different password for each of my accounts?” Well, the short answer is yes.

Imagine that you are the ruler of a village, and your enemies are making their way to attack. Would you employ a single guard to protect every building and person across the land? No! You would send out an army of guards, each with a specific post to protect to increase your chances of a successful defense.

Your passwords work in the same way. Each of your online accounts needs its own unique password to ensure that your personal information is protected from potential attacks. If you reuse the same password for every account, all your personal information is at risk in an instant if that password is exposed by a cybercriminal seeking to infiltrate your accounts. Using an individual unique password for each account helps ensure that even if one password is exposed, your other accounts will remain protected.

In honor of World Password Day today, consider the following suggestions to help ensure that your passwords are successfully protecting your personal and confidential data from prying eyes.

Tips for Good Password Hygiene

Passwords vs Passphrases

Passphrases are a form of a password that is composed of a sentence or a combination of words. Often, passphrases can be more secure than normal passwords because they are longer yet easier to remember, reducing the likelihood that you will reuse the same password across multiple accounts for convenience.  

In contrast to passwords, passphrases are often created by using random words or phrases that are significant to the user but would hold no meaning to any other person. An easy way to create a passphrase that is simple to remember, yet secure enough to protect your account, is to select three to four words that are relevant and significant to you.  

It’s recommended not to use common greetings that can be easily guessed by others, such as “LiveLaughLove,” and instead use a phrase or words that would mean nothing to someone other than yourself. For example, on my desk I currently have a flag, mug, coffee, and a book, so an appropriate passphrase for me could be “FlagMugCoffeeBook”.  

While it may seem counterintuitive to use a series of random words for a credential, phrases like these are more memorable and far more secure than a password, which typically seeks security through a mix of numbers, special characters, and upper and lowercase letters. 

According to an article from Impact Networking, “the benefit of passphrases is that they make it easier for a user to generate entropy and a lack of order—and thus more security—while still creating a memorable credential. Generating entropy through randomized characters can be difficult, but this also makes it more difficult to launch a cyberattack against you.” 

Password Managers

So, now that you have created strong and unique passphrases for each of your individual accounts, how are you supposed to remember them? 

This is perhaps one of the main reasons why so many people commonly reuse passwords across multiple accounts. The truth is, unless you’re a robot or have a supernatural photographic memory, it’s probably going to be impossible to remember all your passwords without keeping track of them somewhere, and that’s okay! 

Luckily for us non-robots, there are plenty of password managers out there that can help you keep track of your credentials for all your accounts in a safe and secure way. 

Malwarebytes Labs defines a password manager as “a software application designed to store and manage online credentials. It also generates passwords. Usually, these passwords are stored in an encrypted database and locked behind a master password.” 

This means that once you enter your account usernames and credentials into the secure vault, the only password you need to remember is that master password, and the password manager will do the rest for you! 

For a list of the top-rated free password managers available in 2022, visit: https://www.pcworld.com/article/394076/best-free-password-managers.html. 

Password Tips

  • Refrain from reusing passwords on multiple sites and applications.
  • Add multi-factor authentication whenever possible for an added layer of security.
  • Update your passwords regularly.
  • Don’t text or email your passwords to anyone.
  • Do not create passwords based on your personal information or details, such as birthdays, names of family members, Social Security or phone numbers, etc.
  • See if any of your passwords have been exposed by entering your email address at https://haveibeenpwned.com/
2022-10-27T09:57:58-04:00May 4, 2022|
Read More

Expert: North Korea’s $625M Crypto Hack Presents a New Threat

US authorities this week tied North Korean hackers to the historic $625 million Axie Infinity crypto swindle, with the massive hack signifying the emergence of a new type of national security threat, according to a blockchain expert.

On Thursday, the US Treasury Department added an Ethereum wallet address to its sanction list after the wallet facilitated transfers for more than $86 million of the stolen funds. The hacking outfits Lazarus and APT38, both linked to North Korea, were behind the theft, the FBI said in a statement, and the funds are generating revenue for Kim Jong Un’s regime. Ari Redbord, head of legal and government affairs at blockchain research firm TRM, says the attack shows that even a nation as isolated as North Korea can participate in new-age cyber-warfare.

Read the full article
2022-05-03T16:02:21-04:00April 22, 2022|
Read More

H-ISAC Report Identifies Top Cyber Threats Concerning Healthcare Execs

H-ISAC and Booz Allen Hamilton released a report and survey outlining the top cyber threats concerning healthcare executives in today’s sophisticated cyber threat landscape.

H-ISAC surveyed cybersecurity, IT, and non-IT executives and found no significant differences between the disciplines when the experts were asked to rank the top five greatest cybersecurity concerns facing their organizations in 2021 and 2022.

Ransomware deployment was the top-rated concern, followed by phishing and spear-phishing, third-party breaches, data breaches, and insider threats.

The report noted that over the past decade, the healthcare industry has improved interconnectivity and data accessibility. However, those technological advancements came at the cost of security in many cases.

“The healthcare industry is especially at risk due to the value of sensitive personally identifiable information (PII) housed within systems, an increase on the Internet of Medical Things (IoMT), insufficient cybersecurity protection, the need for data transparency, and ineffective employee awareness training,” the report noted.

“Often, healthcare providers rely on legacy systems; outdated computer systems that are still in use and provide less protection and increased susceptibility for an attack.”

In addition, the COVID-19 pandemic heightened risk due to an increase in remote work and the value of vaccine research and data.

Meanwhile, nation-state threat actors are increasing their attacks in severity and scope. The report pointed to Chinese and Russian nation-state threat actors as top threats in 2021 and going into 2022.

“With many nations making efforts to move beyond the pandemic, we assess that nation-state activity against healthcare will increase, especially with changes in strategic priorities around the globe,” the report continued.

“Tensions between Russia and Ukraine, as well as Chinese activity regarding Taiwan, are examples of nation-states returning to standard geopolitical strategies, which will reflect in cyberspace.”

Researchers predicted that Ransomware-as-a-Service (RaaS) will continue to be used and will become the most popular operating model for cybercriminals. In addition, threat actors will continue to look for vulnerabilities in medical devices due to the fact that most are on legacy systems.

“Due to the huge growth in cybercrime and large ransomware payouts, sophisticated and organized criminal groups will be able to invest heavily into R&D and develop new ways to conduct automated and effective scams,” the report predicted.

“The criminals will leverage machine learning, artificial intelligence and deep fakes to perpetrate efficient and effective criminal campaigns.”

Additionally, H-ISAC and Booz Allen Hamilton predicted that supply chain attacks would continue to increase considering the successful breaches of Kaseya and SolarWinds.

To mitigate threats, H-ISAC recommended that healthcare organizations implement network segmentation, endpoint security, and access controls. Healthcare executives should also adopt a layered defense approach within their organizations and utilize data backups as well as prevention and detection technologies.

As seen in HealthITSecurity: https://healthitsecurity.com/news/h-isac-report-identifies-top-cyber-threats-concerning-healthcare-execs
2022-04-08T10:40:45-04:00April 8, 2022|
Read More

Ukraine: What’s Next? Part 1 – Military and Intelligence Insights


Join Cyber Florida Staff Director Dr. Ron Sanders for part one of this four-part virtual series to hear from leading experts and gain insights on history, military strategy and intelligence, finance and the economy, cybersecurity, and the diplomatic and humanitarian crisis.

Featuring Keynote Speaker:

  • Gen. Philip Breedlove, USAF Ret., Supreme Allied Commander Europe

Experts Roundtable:

  • Maj. General, Scott Gray, USAF, Ret. (Moderator)
  • Lt. General, David Deptula, USAF, Ret.
  • Dr. Ron Sanders, Staff Director, Florida Center for Cyber Security
  • Serge Jorgensen, Founding Partner and CTO, Sylint
  • Luke Bencie, Managing Dir., Security Management International

Special Guest:

  • Dr. Golfo Alexopoulos, Professor and Director of USF Institute on Russia
2022-04-13T14:37:35-04:00April 6, 2022|
Read More

Hosted by the University of South Florida
4202 E. Fowler Avenue, ISA7020
Tampa, FL 33620
outreach@cyberflorida.org
813-974-2604

Office meetings by appointment only

CONTACT US

PRIVACY POLICY

Copyright 2024 The Florida Center for Cybersecurity. Information on this website is made available for general educational purposes only and should not be used in lieu of obtaining competent legal advice from a licensed attorney or cybersecurity professional with sufficient expertise necessary to address your specific needs. Use of this website does not create any special or fiduciary relationship between you and the Florida Center for Cybersecurity or the University of South Florida.