One great way to continue developing cyber warfare solutions is to partner and collaborate with academics, who could help to research cyber solutions that minimize the losses or reduce the financial risks for your insured institutions. In addition, by staying abreast of the latest academic theories on these types of attacks as well as research into cyber warfare, processes and methodologies, one could possibly better focus their limited staff and budget to try to minimize the threat of attacks and effects of breaches on your customers.
One way to move forward in reducing cyber warfare vulnerabilities is to enlist academia to help research potential solutions and methodologies. These potential ideas could focus on new and better hardware or software, or innovative training and education efforts. In addition, academia could collaborate with industry, to increase the rigor of these PCI standards, perhaps with different and new certifications. One might want to research faster and cheaper forensic methods or tools, perhaps with a type of continuous monitoring that has more emphasis on the overall holistic risk management. All of these are potential areas of research could lead to a variety of partnerships with academia that could help to create a more secure environment for your insured.
Ideas for developing a way forward, with regard to increased collaboration with academia could include:
- Everyone understands that PCI is the de facto criteria sanctioned by the major credit card companies and the banking industry. Could it be strengthened with more dynamic tests and increased scans for new threats?
- How much if any academic research has been conducted on the effectiveness of PCI to date? Would it be useful to focus on less nebulous and a more continuous snapshot of the network?
- Do we need a Centers for Academic Excellence (CAE) type of arrangement for commercial cyber forensics? If so would it be government or commercial agencies supporting it?
- The DOD just came out with new IA policy to replace DIACAP. It continues the trend toward more continuous monitoring. With this new guidance on RMF, should something like this be considered for commercial PCI type of issues?
Here is a list of a few of the more well-known University cyber forensic and cyber security centers:
- Longwood University (VA) - Center for Cyber Security - Dr. Darrell Carpenter
- Norwich University (VT) - Center for Advanced Computing/Digital Forensics - Dr. Peter Stephenson
- Edith Cowan University (AU) - Security Research Institute - Dr. Craig Valli
- University of Washington (WA) - Information Assurance and Cybersecurity - Jeffrey Kim and Bob Larson
- Idaho State University - National Information Assurance Training and Education Center - Dr. Corey Schou