Can an individual computer user be held liable for neglecting to update their virus protection? How much is enough for a firm to spend on information security? What can be done about the free-rider problem?
These were among the questions explored by a group of scholars from around the world at the Second Annual Forum on Cybersecurity held at the Robert H. Smith School of Business on Thursday, May 26, 2005.
Information security is becoming more important as society grapples with problems like identity theft and nations work to ensure the safety of their computer networks, which drive so much of modern business, government and military activities. Information assurance is a growing field of research, and University of Maryland scholars are among its thought leaders. The Second Annual Forum on Cybersecurity was organized by three of those thought leaders: Lawrence A. Gordon, Ernst & Young Alumni Professor of Managerial Accounting, and Martin P. Loeb, Deloitte and Touche LLP Faculty Fellow, both of the Smith Schools accounting and information assurance department, and William Lucyshyn, a visiting senior research scholar at the University of Maryland School of Public Policy.
Their work has been encouraged by Smith School Dean Howard Frank. This field is close to my highest priority in the area of technology development, said Dean Frank in his welcoming remarks. As director of the Information Technology Office at the Defense Advanced Research Projects Agency prior to his term at the Smith School, Frank observed to his dismay that little attention had been paid to the possibility of information attacks or intrusion into the network by hostile forces. The overall information structures of our nation are still vulnerable, says Frank. There are grave and dramatic consequences for the neglect of information security.
This years Cybersecurity Forum focused on financial information systems, for whom security is an ever-increasing concern. The existing financial services sector information sharing and analysis center (ISAC), which was expanded by a Homeland Security presidential directive after 9/11, now has more than 1500 members. It gathers threat, risk and vulnerability information about cyber and physical risks faced by the financial sector, and then delivers advisories to help the nations financial service avoid those threats.
Forum topics ranged from the very quantitative to the more descriptive. The issues surrounding information security need to be addressed in a multi-disciplinary way, said Gordon. We made an effort to include subject matter of interest to practitioners as well as academians.
Presenters from around the world discussed the most cutting-edge research related to information security. Kjell Hausken, of the University of Stavanger, Norway, presented a model describing the factors that effect whether and how firms share security information. Erin Kenneally, of the University of California-San Diego, discussed negligence as a mechanism to enforce information security. Both discussions were driven by the economic concerns, as were others throughout the day: how much security is enough, both to keep your firms assets safe and to keep you from being sued for negligence?
Other presenters included Al Bhimanai, London School of Economics, United Kingdom; Mthuli Ncube, University of Wiwatersrand, South Africa; John Bagby, Pennsylvania State University; Kanta Matsuura and Hideyuki Tanaka, University of Tokyo, Japan; and Paul Kurtz, Executive Director of the Cyber Security Industry Alliance.
The Honorable Jacques S. Gansler, Vice President for Research at the University of Maryland, spoke at a luncheon. Happy to see participation in the Forum from so many countries, Gansler, former Under Secretary of Defense, stressed that cybersecurity is a global problem, and that the vulnerability of the financial communitys information systems is a problem that must be addressed by both the private and public sectors. We must keep worrying about it," he says. We must work together to solve this ongoing problem because we are all as vulnerable as our weakest link.
▓ Rebecca Winner, Office of Marketing Communications
On the evening before the forum, many of the attendees took in a Baltimore Orioles baseball game at Camden Yards.