Heinz College News http://www.heinz.cmu.edu News Stories from H. John Heinz III College CMU’s Traffic21 Announces Smart Mobility Challengehttp://www.heinz.cmu.edu/news/news-detail/index.aspx?nid=3939Image associated with news releaseCarnegie Mellon University’s Traffic21, a research institute operated out of the Heinz College of Information Systems and Public Policy, and its affiliated USDOT National University Transportation Center in the College of Engineering, Mobility21, are sponsoring a challenge that will transform southwestern Pennsylvania into a test bed for mobility innovation.

]]><p> <em>Up to $300,000 will be awarded to Pilot Smart Transportation Technology in SWPA Communities</em></p> <p> Carnegie Mellon University&rsquo;s <a href="http://traffic21.heinz.cmu.edu/"><strong>Traffic21</strong></a>, a research institute operated out of the Heinz College of Information Systems and Public Policy, and its affiliated USDOT National University Transportation Center in the College of Engineering, Mobility21, are sponsoring a challenge that will transform southwestern Pennsylvania into a test bed for mobility innovation.</p> <p> Municipalities within the 10-county Southwestern Pennsylvania Commission <a href="http://www.spcregion.org/reg.shtml">(SPC) region</a> are encouraged to identify mobility needs affecting their citizens and businesses and to apply for Challenge funds via a brief online form (URL below). Up to $300,000 in awards will fund CMU faculty and students to pilot selected projects.</p> <p> Congressman Bill Shuster noted, &quot;I&#39;m pleased to see this effort by CMU to bring ground-breaking research and technology to our region.&nbsp; As Chairman of the House Transportation and Infrastructure Committee, I&#39;ve promoted the use of innovation to address our Nation&#39;s transportation challenges. This is a great example of how federal transportation research funding is directly addressing the needs of our region, by working with communities to improve mobility for people and our local industries.&rdquo;</p> <p> The Smart Mobility Challenge builds on Traffic21&rsquo;s years of collaboration with the City of Pittsburgh&mdash;which has itself become a globally recognized smart city test bed&mdash;and to bring benefits of transportation innovations to less densely populated communities.</p> <p> Heinz College Dean Ramayya Krishnan states, &ldquo;The Smart Mobility Challenge is an ideal opportunity to put Heinz College&rsquo;s model of research, development, and deployment into action as we further develop our region as the epicenter of smart transportation.&rdquo;</p> <p> &ldquo;College of Engineering researchers will engage with the community to deploy smart transportation technologies that will result in resilient, cost-effective transportation and infrastructure throughout the region,&rdquo; says James Garrett Jr., dean of Carnegie Mellon College of Engineering.</p> <p> An information session will be held <u>Wednesday June 28</u>, 2017 at 2:00pm in CMU&rsquo;s Hamburg Hall, 4800 Forbes Avenue in Pittsburgh. Application form and more details found at <a href="http://traffic21.heinz.cmu.edu/smart-community-mobility-challenge/"><strong>http://traffic21.heinz.cmu.edu/smart-community-mobility-challenge/</strong></a><strong>.</strong></p> <p> <a href="http://traffic21.heinz.cmu.edu/smart-community-mobility-challenge/"><strong>Deadline to apply is July 14, 2017</strong></a>, with awards to be announced in early September.</p> <p> Challenge Partners include the <a href="http://www.spcregion.org/">Southwestern Pennsylvania Commission</a>, the <a href="http://www.regionaltransportationalliance.org/">Regional Transportation Alliance of Southwestern Pennsylvania</a>, and the <a href="http://www.penndot.gov/Pages/default.aspx">Pennsylvania Departments of Transportation</a> and <a href="http://dced.pa.gov/">Community and Economic Development</a>.&nbsp;</p> <p> Special acknowledgement to the <a href="http://hillmanfamilyfoundations.org/foundations/hillman-foundation/">Hillman Foundation</a> and the <a href="https://www.transportation.gov/utc">USDOT University Transportation Program</a> for their support of Traffic21 and Mobility21.&nbsp;</p> <p> <strong>About The Heinz College of Information Systems and Public Policy</strong></p> <p> The Heinz College of Information Systems and Public Policy is home to two internationally recognized graduate-level institutions at Carnegie Mellon University: the School of Information Systems and Management and&nbsp;the School of Public Policy and Management. This unique colocation combined with its expertise in analytics set Heinz College apart in the areas of cybersecurity, health care, the future of work, smart cities, and arts &amp; entertainment. In 2016, INFORMS named Heinz College the&nbsp;<a href="https://www.informs.org/ORMS-Today/Public-Articles/June-Volume-43-Number-3/INFORMS-NEWS-Carnegie-Mellon-schools-receives-UPS-George-D.-Smith-Prize" target="_blank">#1 academic program</a>&nbsp;for Analytics Education.&nbsp;For more information, please visit&nbsp;<a href="http://www.heinz.cmu.edu/" target="_blank">www.heinz.cmu.edu</a>.</p> <p> &nbsp;</p> <p> &nbsp;</p> <p> &nbsp;</p> <p align="center"> ###</p>
http://www.heinz.cmu.edu/news/news-detail/index.aspx?nid=3939Mon, 15 Jun 2017 11:40:00 GMThttp://www.heinz.cmu.edu/news/news-detail/image.aspx?width=250&mar=1&id=0CMU’s Traffic21 Announces Smart Mobility Challenge

]]>
Should I Stay or Should I Go? Bank Data Breaches and Customer Loyaltyhttp://www.heinz.cmu.edu/news/news-detail/index.aspx?nid=3937Image associated with news releaseBank customers not only value security, they demand it. Heinz College professor Rahul Telang is an expert in the economics of information security and privacy. His new paper published by the Federal Trade Commission, “Security, Fraudulent Transactions and Customer Loyalty: A Field Study,” answers these questions and fills a research gap in the area. His findings suggest that it is in financial firms’ best interest to invest heavily in security not just to protect accounts, but to improve user confidence and loyalty.

]]><p> <em>By Scott Barsotti</em></p> <h2> Heinz College Professor Rahul Telang&rsquo;s study, published by the Federal Trade Commission, suggests consumers not only value security, they demand it</h2> <p> I&rsquo;ve got good news and bad news.</p> <p> The good news is that your bank was breached and some hacker now has your financial and personal information and spent several thousand dollars at Best Buy, BUT the bank caught it pretty quickly, flagged the charges, froze your account, issued you a new credit card, and promised you a provisional credit for the dollar amount lost. Hooray!</p> <p> The bad news is...right, your bank was breached. Oh, and some hacker still has your personal information. Sorry.</p> <p> Now, some big questions emerge for you: Stick with the bank that allowed your sensitive information to be compromised, or defect to the institution down the street? What do people do in this situation? And is the bank down the street any safer?</p> <p> Heinz College professor Rahul Telang is an expert in the economics of information security and privacy. His new paper published by the Federal Trade Commission, &ldquo;<a href="https://www.ftc.gov/system/files/documents/public_comments/2016/10/00062-129181.pdf">Security, Fraudulent Transactions and Customer Loyalty: A Field Study</a>,&rdquo; answers these questions and fills a research gap in the area. His findings suggest that it is in financial firms&rsquo; best interest to invest heavily in security not just to protect accounts, but to improve user confidence and loyalty.</p> <p> <strong>Data protection: a matter of trust</strong></p> <p> Ideally, banks will take steps to protect consumer data as a course of service. Their institution has been selected by customers in a very competitive financial landscape, and there is an incentive to avoid negative outcomes and subsequent negative press. However, many would further argue that it is not just a service but a <em>responsibility</em> of banks to insulate customer information from exposure, and that the bank should pay a price if that trust is broken.</p> <div class="customSidebar" style="float: left;width: 250px;"> <h2 style="text-align: center;"> Industries at Highest Risk of Cyber Attack</h2> <ul> <li> 1. Healthcare</li> <li> 2. Manufacturing</li> <li> <strong>3. Financial Services</strong></li> <li> 4. Government</li> <li> 5. Transportation</li> </ul> <p> <img align="" alt="Server Room Blue World" height="141" src="image.aspx?id=10596&amp;width=250&amp;height=141" width="250" /></p> <p> <em>Source: <a href="https://www.forbes.com/sites/stevemorgan/2016/05/13/list-of-the-5-most-cyber-attacked-industries/#146cf503715e" target="_blank">Forbes/IBM</a></em></p> </div> <p> Consumers, it would seem, align with that sentiment. Telang&rsquo;s research, which he completed in collaboration with Sriram Somanchi (Telang&rsquo;s PhD student at the time), compiled a unique data set of 500,000 anonymized financial services users over a five-year period, in order to study how they reacted to adverse events.</p> <p> Telang and Somanchi observed that users who had their information compromised were significantly more likely to terminate their relationship with the bank in the six months following the event, even if the user was fully compensated and thus did not suffer a monetary loss. This churn was especially seen when the bank was not able to trace the fraud to a specific party or clearly explain to the customer what had happened.</p> <p> &ldquo;This lack of attribution is a significant source of uncertainty for end users,&rdquo; said Telang. &ldquo;When the attribution is clear, the effect of fraudulent transactions [on loyalty] is much smaller.&rdquo;</p> <p> This would seem to indicate that it is not financial loss but rather diminished confidence that drives consumers away from banks following a breach&mdash;many are preoccupied with nagging questions regarding who was responsible for the fraud, how they pulled it off, and if fraud can occur again. These doubts translate to an emotional cost that, while non-monetary, proves to be a strong driver for customers to leave the bank.</p> <p> At the same time, there is incentive for banks to stay current by rolling out online and mobile banking services, such as mobile deposit, app-based money transfer, and so on. Telang says that banks need to make these offerings as secure as they can be.</p> <p> &ldquo;They have to do that risk analysis. If [app-based banking] increases the chances of a fraud, are they willing to eat that fraud? Because they are ones who will eat that fraud, most of the time,&rdquo; said Telang.</p> <p> <strong>The costs and benefits of regulation</strong></p> <p> Financial firms have been compelled by regulations to protect customer accounts from fraudulent activity as well as to be increasingly transparent about how breaches are reported to their customers and to the public.</p> <p> The costs of regulation show up in multiple ways. For one, firms must invest in identifying fraud, which most customers have come to expect. But once fraud occurs, the banks must spend resources on requisite customer service and resolution, investigation, communication, and compensation against losses.</p> <div class="customSidebar" style="float: right;width: 300px;margin: 10px"> <img align="" alt="Rahul telang Headshot" src="image.aspx?id=10746&amp;width=300&amp;height=200" style="width: 300px; height: 200px;" /> <h6 style="text-align: center;"> <em>Professor Rahul Telang</em></h6> </div> <p> Even if the bank was not directly responsible for a loss and does everything it can to reassure a customer, it&rsquo;s still very possible the bank will lose that customer. Other research has shown that firms&rsquo; stock prices tend to suffer after a breach (though prices typically rebound).</p> <p> The blend of pressure from regulations, markets, and consumers have pushed greater focus on responsibility among banks and driven investments in security. While the industry may not be thrilled to be under that microscope, consumers&mdash;whose accounts are in the crosshairs&mdash;would surely call that a step in the right direction. Certainly, those investments validate that the regulations are effective.</p> <p> While banks incur costs to comply with new regulations (and therefore routinely oppose them), the resulting increase in transparency improves competition as consumers become more aware of and informed about fraud. As consumers show themselves to be willing to punish a firm for a breach, it becomes even more crucial for banks to prioritize cybersecurity.</p> <p> <strong>After a breach, what can banks do?</strong></p> <p> If a bank wants to minimize the likelihood that a customer will leave following an account breach, Telang has a straightforward idea that has as much to do with customer service as it does with information security.</p> <p> He suggests that banks should be as proactive as possible, and reach out to consumers about suspect transactions rather than simply reacting to users&rsquo; reports of fraud.</p> <p> &ldquo;It engenders more loyalty. You feel good that someone is watching out for you,&rdquo; said Telang.</p> <p> Aside from compensating consumers for any financial losses as the result of a fraud&mdash;which banks are typically required to do by law anyway&mdash;Telang suggests that banks should take a more personal approach in communication and follow-up to let consumers know what actions are being taken and the outcome of any investigation.</p> <p> In this world of uncertainty and growing cyber crime, consumers are sure to value relationships with companies that not only invest in better security, but that extend a friendly hand when something goes wrong.</p> <p> &nbsp;</p> <p> <a href="https://www.ftc.gov/system/files/documents/public_comments/2016/10/00062-129181.pdf">Read Professor Telang&rsquo;s FTC paper on this topic &gt;&gt;</a></p>
http://www.heinz.cmu.edu/news/news-detail/index.aspx?nid=3937Mon, 19 May 2017 08:45:00 GMThttp://www.heinz.cmu.edu/news/news-detail/image.aspx?width=250&mar=1&id=10725Should I Stay or Should I Go? Bank Data Breaches and Customer Loyalty

]]>
CISOs: Heinz College Trains Guardians of the Security Galaxyhttp://www.heinz.cmu.edu/news/news-detail/index.aspx?nid=3911Image associated with news releaseThese days, the question is not if your company’s information will be threatened, or even when—the reality facing firms now is: You’ve been hacked, you just don’t know it yet. Every organization, no matter its size, needs a Chief Information Security Officer (CISO) to ensure and maintain cyber and information security. At Heinz College's CISO Certificate Program, part of the CIO Institute Executive Education curriculum and co-administered with the Software Engineering Institute, top security professionals from all sectors come to Carnegie Mellon University to learn from the best and from each other.

]]><p> <em>By Scott Barsotti</em></p> <h2> These days, the question is not <em>if</em> your company&rsquo;s information will be threatened, or even <em>when. </em>The reality facing firms now is: <em>You&rsquo;ve been hacked, you just don&rsquo;t know it yet.</em> Every organization, no matter its size, needs a Chief Information Security Officer (CISO) to ensure and maintain cyber and information security.&nbsp;</h2> <p> Imagine a room full of cybersecurity officers from retail giants, manufacturers, universities, energy companies, health care systems, and all levels of government (including the FBI)&mdash;a place where these leaders come together to collaborate, talk about risks, share ideas, and solve complex problems in information security. It&rsquo;s not a fantasy, these collectives form throughout the year thanks to Heinz College&rsquo;s <a href="http://www.heinz.cmu.edu/school-of-information-systems-and-management/cio-institute/index.aspx" target="_blank">Chief Information Officer (CIO) Institute executive education program</a>.</p> <p> One offering of the CIO Institute is the <a href="http://www.heinz.cmu.edu/school-of-information-systems-and-management/cio-institute/chief-information-security-officer-executive-education-and-certification-program/index.aspx" target="_blank">CISO Certificate Program</a>, where top security professionals from all sectors come to Carnegie Mellon University to learn from the best.</p> <p> Massive data breaches are in the news every week&mdash;the attack on Sony Pictures was estimated to cost the production house at least $35 million, the Target breach cost the retailer $162 million, and the hacks of the Democratic National Committee are seen as attempts to undermine American democracy&mdash;but there are thousands upon thousands of cyber incidents every year that don&rsquo;t make headlines.</p> <p> The cost of cyber crime is projected to reach upwards of <a href="http://www.forbes.com/sites/stevemorgan/2016/01/17/cyber-crime-costs-projected-to-reach-2-trillion-by-2019/#7cb25d9c3bb0">$2 trillion by 2019</a>, and IBM CEO Ginni Rometty has called cyber crime <a href="http://www.forbes.com/sites/stevemorgan/2015/11/24/ibms-ceo-on-hackers-cyber-crime-is-the-greatest-threat-to-every-company-in-the-world/#3a0d6c4e3548">the greatest threat</a> to every industry and company in the world. Whether your organization is a Fortune 500 company, a government agency, or a non-profit, the <a href="https://insights.sei.cmu.edu/sei_blog/2016/02/structuring-the-chief-information-security-officer-ciso-organization.html">CISO</a> (or equivalent) role is more important now than ever before, and will continue to grow in relevance and influence as the opportunities and challenges in cyber evolve.</p> <h2 align="center"> <strong>---</strong></h2> <h2 align="center"> <strong>Heinz College has designed a cybersecurity leadership program for the future...</strong></h2> <h2 align="center"> <strong>a future that will increasingly rely on superb minds to tackle cyber risk</strong></h2> <h2 align="center"> <strong style="font-size: 12px;">Alan Levine</strong></h2> <h2 align="center"> <strong style="font-size: 12px;">CISO, Arconic, Inc.</strong></h2> <h2 align="center"> <strong>---</strong></h2> <p> <strong>Risk and security with a practical approach</strong></p> <p> The CISO Certificate Program is designed for current and future leaders with professional experience&mdash;past participants include the CISOs from Discover, Coca-Cola, and the FBI, as well as top Information Security and Risk Management officials from Microsoft, Lowes, and Blue Cross Blue Shield.</p> <div class="customSidebar" style="float: right;width: 400px;margin: 10px"> <img align="" alt="CISO Salary slide" src="image.aspx?id=10740&amp;width=400&amp;height=300" style="width: 400px; height: 300px;" /> <h6 style="text-align: right;"> <em>Source: CIO Magazine &nbsp;&nbsp;</em></h6> </div> <p> The six-month program consists of 13 modules on topics such as Security Investment and Measurement, Effective Incident Response, and Insider Threats. Most of the CISO Program is completed online through a virtual learning platform, but the cohort comes together on campus several times throughout the process&mdash;for orientation, for a mid-program meeting, and then once more for the Practicum, a three-day event on CMU&rsquo;s main campus in Pittsburgh that serves as the culmination of the program.</p> <p> Practical application is at the core of Heinz College&rsquo;s philosophy; for the Practicum, the participants are assigned a real-world cyber incident to analyze&mdash;major, high-profile incidents like the recent hacks of Home Depot, Yahoo, or the aforementioned breaches at Sony or Target. The teams are asked: How would you assess the threat? How would you identify it? How would you move forward? If you were in this situation, what would you have done?&nbsp;</p> <p> The participants work together to determine solutions using a combination of the knowledge gained through the program as well as their own distinct professional experiences. During the Practicum, each team presents their work and recommendations to the CISO Practicum Committee, a mock board of directors composed of experts from Heinz College and various industries.</p> <p> Ari Lightman, Heinz College Professor and Co-Director of the CISO Program, says the Practicum is a key experience.</p> <p> &ldquo;If you&rsquo;re an information security executive, or even involved with an information security program, you&rsquo;re going to have to develop something that you could present to a slew of different stakeholders, specifically your C-suite and a board of directors,&rdquo; he said.</p> <p> Previous Practicum Committee members include Greg Shannon, Chief Scientist at CERT; Alan Levine, CISO at Arconic; and Randy Miskanic, Executive Director of the Group Information Security Office at UBS and former CISO at USPS.</p> <p> <strong>Heinz College and SEI: a security supergroup</strong></p> <p> The CISO Program is administered in partnership with the <a href="https://www.cert.org/" target="_blank">CERT Division</a> of the <a href="https://www.sei.cmu.edu/" target="_blank">Software Engineering Institute (SEI)</a>, a federally-funded crucible of research and development in security technologies and advancement, whose frequent collaborators include the U.S. Department of Defense, the U.S. Department of Homeland Security, the FBI, and the American intelligence community.</p> <p> &ldquo;We [at Heinz College] bring our expertise in policy and data analytics,&rdquo; said Lightman, &ldquo;Combining that together with the folks at SEI, with their understanding of the security vein from a practical perspective and their connections to agencies around the world, creates a powerful program.&rdquo;</p> <p> This proximity to SEI and CERT provides a value to participants that truly cannot be replicated elsewhere.</p> <h2 align="center"> <strong>---</strong></h2> <h2 align="center"> <strong>As a student, I received the necessary education and tools to ensure my success as a CISO.</strong></h2> <h2 align="center"> <strong>As a coach and instructor, my network continues to expand as I have been involved in every cohort.</strong></h2> <h2 align="center"> <strong style="font-size: 12px;">Tom Pageler</strong></h2> <h2 align="center"> <strong style="font-size: 12px;">CRO/CSO, Neustar, Inc.</strong></h2> <h2 align="center"> <strong>---</strong></h2> <p> <strong>A new, growing collective of experts</strong></p> <p> Participants in each cohort come not only from varied sectors, but from varied backgrounds&mdash;many come directly from the security domain, while many others come from areas such as administration, law, privacy, and operations. Lightman says the &ldquo;right student&rdquo; for the CISO Program is someone who, regardless of their specific role, wants to understand how to develop a security culture across their organization.&nbsp;</p> <p> Even though the CISO Program participants are working professionals with demanding schedules, they tend to be eager to come to campus as often as possible. The opportunity to forge meaningful and lasting connections with other top influencers in the field is a hallmark of the CISO experience.</p> <p> In addition, many CISO Program alumni have voluntarily entered into a social network of sorts, a connected group of professionals with the egalitarian view that information security is more than a business or civic goal&mdash;it&rsquo;s a moral struggle, one that cannot be fought in isolation.</p> <p> &ldquo;Across [sectors], they&rsquo;re dealing with threat attempts on a continuous basis. By sharing intel, they become better aware of state-of-the-art techniques and current risks,&rdquo; said Lightman. &ldquo;They might compete to some extent, but security&rsquo;s impacting everybody.&rdquo;</p> <p> <iframe allowfullscreen="" frameborder="0" height="315" src="https://www.youtube.com/embed/XzOx8kt-6fs?rel=0&amp;showinfo=0" width="560"></iframe></p> <p> &nbsp;</p> <p> <a href="http://www.heinz.cmu.edu/school-of-information-systems-and-management/cio-institute/chief-information-security-officer-executive-education-and-certification-program/index.aspx">Learn more about the CISO Certificate Program &gt;&gt;</a></p> <p> <a href="http://www.heinz.cmu.edu/school-of-information-systems-and-management/cio-institute/index.aspx">Learn more about the CIO Institute &gt;&gt;</a></p> <p> <a href="http://www.cert.org/about/">Learn more about SEI and the CERT Division &gt;&gt;</a></p>
http://www.heinz.cmu.edu/news/news-detail/index.aspx?nid=3911Mon, 19 May 2017 10:30:00 GMThttp://www.heinz.cmu.edu/news/news-detail/image.aspx?width=250&mar=1&id=10729CISOs: Heinz College Trains Guardians of the Security Galaxy

]]>
Classroom Dedication a Fitting Honor for Salesforce President and COOhttp://www.heinz.cmu.edu/news/news-detail/index.aspx?nid=3938Image associated with news releaseKeith Block (MSPPM ’84) is a member of the Carnegie Mellon University Board of Trustees and Dean’s Advisory Council at Heinz College. He currently serves as the vice chairman, president, and COO of software and cloud computing giant Salesforce. In a May 19 ceremony, Heinz College Dean Ramayya Krishnan dedicated the Block Classroom, a state-of-the-art 60-seat classroom situated in Hamburg Hall’s newly renovated east wing. Block and his wife, Suzanne Kelley, are guests of honor this week, as Block is also on campus to deliver the keynote address at Heinz College’s Diploma Ceremony.

]]><h2> Keith Block (MSPPM &rsquo;84) is a member of the Carnegie Mellon University Board of Trustees and Dean&rsquo;s Advisory Council at Heinz College</h2> <p> <em>By Scott Barsotti</em></p> <p> As an exemplary alumnus who has devoted himself to the mission and governance of both Carnegie Mellon University and Heinz College, dedicating a classroom to Keith Block is a no-brainer. What better way to recognize the outsized impact he has had on our students?</p> <p> In a May 19 ceremony, Heinz College Dean Ramayya Krishnan dedicated the Block Classroom, a state-of-the-art 60-seat classroom situated in Hamburg Hall&rsquo;s newly renovated east wing.</p> <p> Block, a CMU grad twice over who received his bachelor&rsquo;s degree from the Dietrich College of Humanities and Social Sciences and his master&rsquo;s degree from Heinz College, currently serves as the vice chairman, president, and COO of software and cloud computing giant <a href="https://www.salesforce.com/" target="_blank">Salesforce</a>.</p> <p> Block and his wife, Suzanne Kelley, are guests of honor this week, as Block is also on campus to deliver the keynote address at Heinz College&rsquo;s Diploma Ceremony.</p> <p> In addition to his various leadership roles at CMU, Block established the Keith Block Entrepreneurship Fund to promote entrepreneurship among Heinz College students, and has generously supported the recent efforts to expand and refurbish Hamburg Hall.</p> <p> &ldquo;As an institution, we wouldn&rsquo;t be who we are or where we are without the support and guidance of Keith and other alumni like him, who not only do great things after graduating from Heinz, but who commit to staying engaged with us and everything we do,&rdquo; said Krishnan.</p> <p> &ldquo;His remarkable success in the private sector, coupled with his passion for improving education at all levels, stands as an inspiring example to all who walk through these halls.&rdquo;</p> <p> Dean Krishnan was joined at the Block Classroom dedication by Heinz College leadership, faculty, students and distinguished guests including CMU President Subra Suresh.</p> <p> In his remarks, President Suresh recognized Block as one of CMU&rsquo;s &ldquo;most avid proponents.&rdquo;</p> <p> &ldquo;This classroom is a fitting testament to Keith&rsquo;s dedication to the university, to the Heinz College, and to its students,&rdquo; said Suresh. &ldquo;Carnegie Mellon is eternally grateful.&rdquo;</p>
http://www.heinz.cmu.edu/news/news-detail/index.aspx?nid=3938Mon, 19 May 2017 07:45:00 GMThttp://www.heinz.cmu.edu/news/news-detail/image.aspx?width=250&mar=1&id=10757Classroom Dedication a Fitting Honor for Salesforce President and COO

]]>
Heinz Experts Make Cybersecurity Recommendations Washington Should Consider Nowhttp://www.heinz.cmu.edu/news/news-detail/index.aspx?nid=3931Image associated with news releaseIn the years ahead, the online environment will be complicated by autonomous vehicles and the Internet of Things as much as cyber crime and cyber warfare, and we are headed toward a reality in which the digital world and the physical world will have flimsy boundaries at best. Leaders are needed to tackle complex challenges in cyber that are more philosophical than technical. Said another way: the field needs political science as much as computer science. Heinz College experts Randall Trzeciak and Summer Fowler, as well as second-year MSISPM student Jennifer Urgilez, discuss needed policy shifts and the future of cyber.

]]><p> <em>By Scott Barsotti</em></p> <h2> Leaders are needed to tackle complex challenges in cyber that are more philosophical than technical. And they&rsquo;re needed now.</h2> <p> In the years ahead, the online environment will be complicated by autonomous vehicles and the Internet of Things as much as cyber crime and cyber warfare, and we are headed toward a reality in which the digital world and the physical world will have flimsy boundaries at best.</p> <p> &ldquo;Think about the driverless vehicle driving down the road that needs to be connected to the Internet to get sensor data. If that shuts down, the car shuts off. That&rsquo;s now a health and safety issue,&rdquo; said Randall Trzeciak, director of the Masters of Information Security Policy and Management (MSISPM) program at Heinz College.</p> <p> While technology plays a huge role in the development of cyber, there is an ever-widening gap between those advancements and the policies needed to secure the next generation(s) of the Internet.</p> <p> Who will step up to define those policies? It could be you. (No, really, it could be you.)</p> <div class="customSidebar" style="float: left;width: 250px;"> <h2 style="text-align: left;"> Top ten highest-paying jobs in IT/Cybersecurity*</h2> <ul> <li> Lead Software Security Engineer</li> <li> Chief Security Officer</li> <li> Global Information Security Director</li> <li> IT Security Consultant</li> <li> Chief Information Security Officer</li> <li> Director of Security</li> <li> Cybersecurity Lead</li> <li> Lead Security Engineer</li> <li> Cybersecurity Engineer</li> <li> Application Security Manager</li> </ul> <p style="text-align: left;"> <em>*Many of these and other security and IT positions require a knowledge of information systems and management, but <u>not</u> a background in computer science</em></p> <p style="text-align: left;"> <em><img align="" alt="Server Room Cool Lighting" height="141" src="image.aspx?id=10595&amp;width=250&amp;height=141" width="250" /></em></p> <p> <em>Source: CIO Magazine, Oct 2016</em></p> </div> <p> Studies show that the cybersecurity field is facing a global talent shortage of some 1.5 million jobs by 2019. A major contributing factor to that shortage is a lack of awareness.</p> <p> &ldquo;77 percent of women said in a recent industry survey that no high school teacher or guidance counselor ever mentioned cybersecurity as a career,&rdquo; said Trzeciak. The number wasn&rsquo;t much better for men&mdash;67 percent. &ldquo;Getting that knowledge at the K-12 level would be very important, to start creating the pipeline of cybersecurity professionals at the undergraduate and graduate levels.&rdquo;</p> <p> Trzeciak is playing the long game for a reason. Cybersecurity is the future. It&rsquo;s a field that will touch every industry in every sector in a landscape that&rsquo;s becoming more connected. More connections mean more vulnerabilities. More vulnerabilities mean more threats. As those threats grow and technology speeds ahead, the need for smart policy is evident if we&rsquo;re to have any hope of keeping the world secure in the 21<sup>st</sup> century.</p> <p> &ldquo;We need laws and language around cybersecurity that are clear, specific, and easy to understand,&rdquo; said Summer Craze Fowler, Director of Risk and Resilience for the CERT Division of Carnegie Mellon University&rsquo;s Software Engineering Institute (SEI). &ldquo;What do we mean when we say cybersecurity? What do we mean when we say cyber attack?&rdquo;</p> <p> Here are a few directions the law might be&mdash;or perhaps <em>should be</em>&mdash;headed in the coming years.</p> <p> <strong>We need international rules of engagement for cyber warfare</strong></p> <p> Fowler remarks on several infamous examples of a &ldquo;non-kinetic&rdquo; cyber action having a physical effect. There was Stuxnet, a cyber weapon used by the U.S. and Israel to sabotage uranium enrichment facilities in Iran about 10 years ago. There was the 2014 attack on a steel mill in Germany, which caused massive damage by manipulating a blast furnace. Then, in late 2015, hackers seized control of power substations in Ukraine, cutting power to nearly a quarter million Ukrainians.</p> <p> She states that this is an area that the U.S. government, and in particular the Department of Defense, needs to be concerned with. And to lead.</p> <p> &ldquo;It&rsquo;s a diplomatic effort&hellip;we need to get agreements written down,&rdquo; said Fowler, adding that just as international rules and agreements exist regarding, for example, the treatment of prisoners of war, similar compacts are needed governing use of cyber weapons against critical infrastructure. &ldquo;If someone hacks [our critical assets], should we be allowed to return with a bomb? What are the rules on this? And how do you get [different nations] to agree?&rdquo;</p> <p> Jennifer Urgilez, a second-year MSISPM student, says this area of policy could become even cloudier if private companies are the belligerents.</p> <p> &ldquo;Let&rsquo;s say a foreign entity decides to take out its competition&mdash;steals an American company&rsquo;s IP and then uses destructive malware to take out its systems&hellip;and the actors don&rsquo;t target an entity with public safety implications, like an electric grid or something analogous. At what point would government offensive action or cyber warfare be warranted?&rdquo; said Urgilez.</p> <p> &ldquo;It becomes very murky and we lack so many laws in this space.&rdquo;</p> <p> <strong>We need national cyber breach notification and disclosure</strong></p> <div class="customSidebar" style="float: right;width: 250px;border-width: 10px;margin: 10px; "> <h2 align="center"> <strong>We lack so many laws in this space.</strong></h2> <h2 align="center"> <strong style="font-size: 12px;">-- Jennifer Urgilez, MSISPM &#39;17 --</strong></h2> </div> <p> Fowler advocates for a federal standard of notification following a breach of customer information. Currently, all 50 states have different laws in this area&mdash;or no law&mdash;creating inefficiency, confusion, and financial waste.</p> <p> &ldquo;If my organization has customers in all 50 states, and I have a breach in one of my systems, I have different notification laws in each state,&rdquo; said Fowler. Those laws differ on type of data covered, timetable, and method of notification. With a federal suite of notification laws, both consumers and businesses would know what to expect, which Fowler says is a win-win.</p> <p> Trzeciak thinks the field is within a few years of being able to analyze network data in real time, and to use machine learning to automate defenses, whether that be automated alerts or a self-healing network that could address anomalies without intervention from a human analyst. As that technology matures, consumer notification could possibly be part of that automation, especially if notification demands are standard across areas.</p> <p> <strong>We need to address privacy earlier in the lifecycle</strong></p> <p> &ldquo;Right now, we only care about privacy when an incident actually happens,&rdquo; said Fowler. &ldquo;Why don&rsquo;t we drive privacy into the designs of the systems and software we&rsquo;re developing?&rdquo;</p> <p> Fowler cites UL listings, a certification of product safety that assures you as the consumer that, for example, when you plug something into the wall its battery isn&rsquo;t going to explode. She says Internet-connected devices could have similar thresholds of safety.</p> <p> &ldquo;I don&rsquo;t want to be heavy-handed with regulation and I want business to be able to thrive, but the Internet is part of our infrastructure now, and there&rsquo;s going to have to be some regulation and standardization to get plugged in,&rdquo; she said.</p> <div class="customSidebar" style="float: left;width: 250px;border-width: 10px;margin: 10px; "> <h2 align="center"> <strong>There&rsquo;s more to do than just computer programming if you&rsquo;re going into security.</strong></h2> <h2 align="center"> <strong style="font-size: 12px;">-- Randall Trzeciak --</strong></h2> </div> <p> Trzeciak agrees, stating that in the current market, an unfair expectation is placed upon consumers to be security experts.</p> <p> &ldquo;A car can&rsquo;t be released without safety inspections, but no such policies apply to the release of an Internet-enabled refrigerator,&rdquo; he said. &ldquo;When we have these IoT devices out there&hellip;how much sensitive data will the producers of the device be collecting and analyzing, and what will they use it for?&rdquo;</p> <p> Urgilez echoes similar concerns, and adds that she believes policy should mandate additional layers of privacy and confidentiality when the intended end users of a product are more vulnerable individuals, such as children.</p> <p> Manufacturers can do more to design for privacy right now, Fowler suggests, such as requiring any functionality that shares information with the manufacturer to be explicitly turned on by the consumer, rather than the current state which expects consumers to discover and turn off such functions.</p> <p> &ldquo;We don&rsquo;t train any of our engineers to think about this,&rdquo; said Fowler.</p> <div class="customSidebar" style="float: right;width: 300px;margin: 10px"> <img align="" alt="Jennifer Urgilez NCAC Trophy" height="375" src="image.aspx?id=10741&amp;width=300&amp;height=375" width="300" /> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <h6 style="text-align: center;"> <em>Urgilez, with the 2016 National Cyber Analyst Challenge trophy</em></h6> </div> <p> <strong>Cybersecurity is for those who want to have impact&mdash;it&rsquo;s not just for techies</strong></p> <p> The challenges in cybersecurity go far beyond technology. There are political challenges, social challenges, management challenges, design challenges. That means the field needs a diversity of thought leadership.</p> <p> &ldquo;There&rsquo;s more to do than just computer programming if you&rsquo;re going into security,&rdquo; said Trzeciak. &ldquo;We&rsquo;ve had very successful MSISPM students with [undergraduate] degrees in finance and accounting, business, political science, international relations&hellip;when you get those folks into a room together and talk about the legal and privacy aspects of information security, it&rsquo;s a great discussion. It&rsquo;s more than just a technical discussion.&rdquo;</p> <p> Urgilez is a perfect example. She got a bachelor&rsquo;s in political science from Yale, then spent several years working in the public sector before returning to school for her master&rsquo;s degree. She admits to being hesitant at the time she applied, acknowledging CMU&rsquo;s reputation as a computer science juggernaut alongside her own &ldquo;soft&rdquo; (her word) liberal arts background; she submitted her application to Heinz College on the last day of the admissions window.</p> <p> She&rsquo;s glad she did. At Heinz, Urgilez has come to see cybersecurity less as a hard science and more as an area where policy-minded people like her can do good in the world. She intends to take what she&rsquo;s learned here back to the public sector after graduation, and to continue working to make the world safer.</p> <p> &ldquo;I see it as a way to give back to my country,&rdquo; she said.</p> <p> &nbsp;</p> <p> <em>Jennifer Urgilez was on the CMU team that won the 2016 National Cyber Analyst Challenge; her teammates included fellow MSISPM students Sara Mitchell, Krishna Chirumamilla, and Daniel Widya Suryanata, along with Jennifer Burns from CMU&#39;s Information Networking Institute</em>;&nbsp;<a href="http://www.ini.cmu.edu/news/2016/11/NCAC2016.html" target="_blank">Read more about the CMU team&#39;s victory &gt;&gt;</a></p> <p> <a href="http://www.heinz.cmu.edu/school-of-information-systems-and-management/information-security-policy-management-msispm/index.aspx" target="_blank">Read more about the MSISPM program &gt;&gt;</a></p> <p> <a href="https://www.sei.cmu.edu/" target="_blank">Read more about SEI &gt;&gt;</a></p> <p> &nbsp;</p>
http://www.heinz.cmu.edu/news/news-detail/index.aspx?nid=3931Mon, 04 May 2017 09:00:00 GMThttp://www.heinz.cmu.edu/news/news-detail/image.aspx?width=250&mar=1&id=10722Heinz Experts Make Cybersecurity Recommendations Washington Should Consider Now

]]>
Heinz Students Investigate Agency Hacks for US House Committee on Homeland Securityhttp://www.heinz.cmu.edu/news/news-detail/index.aspx?nid=3915Image associated with news releaseThe U.S. House Committee on Homeland Security tapped a group of Heinz College students from the Master of Science in Information Security Policy & Management (MSISPM) program to perform a comparative analysis of several high-profile security breaches of federal agencies. In each case, the students detailed the response of the affected agency and then made specific recommendations on how to shore up defenses and prevent a future attack.

]]><p> <em>By Scott Barsotti</em></p> <h2> A team of Heinz College students was tasked with investigating security vulnerabilities at federal agencies, and strategizing how to make all Americans safer from cyber crime</h2> <p> The staggering 2015 breach of the <a href="https://www.opm.gov/">U.S. Office of Personnel Management</a> (OPM) brought the issue of government cybersecurity to national attention, when hackers stole the records of an estimated 21.5 million people.</p> <p> Apart from running the daily administration of a superpower, the federal government of the United States is a target of persistent cyber attacks for another reason: it is the largest employer in the world. In fact, the U.S. Department of Defense can claim that title by itself without counting the seeming googolplex of agencies and offices in which federal employees work and serve around the globe.</p> <p> Within that vast network of employee records, transmissions, and communications lies a treasure trove of sensitive information, a stockpile of everything from schedules to secrets that malicious actors would love to get their eyes on&mdash;and with millions of potential weak spots to exploit.</p> <p> The <a href="https://homeland.house.gov/">U.S. House Committee on Homeland Security</a> recently tapped a group of Heinz College students from the <a href="http://www.heinz.cmu.edu/school-of-information-systems-and-management/information-security-policy-management-msispm/index.aspx" target="_blank">Master of Science in Information Security Policy and Management</a> (MSISPM) program to perform a comparative analysis of several high-profile security breaches at federal agencies. In each case, the students detailed the response of the affected agency and then made specific recommendations on how to shore up defenses and prevent future attacks.</p> <p> Their report suggests that state-sponsored cyber criminals are a primary threat to national security due to the type of information they tend to target&mdash;often financial, health, and military data. Accordingly, the student group included relevant &ldquo;critical infrastructure&rdquo; breaches of private firms JPMorgan Chase (financial), Anthem, Inc. (health), and Lockheed Martin (military) alongside their analysis of public agency hacks.</p> <p> <strong>Systems and training lag behind the times</strong></p> <p> The OPM hack&mdash;suspected to have originated in China&mdash;compromised the personal information of roughly 21.5 million current and former government employees, prospective employees, contractors, and family members who had undergone background checks related to federal employment. These records included social security numbers, addresses, birth dates, security clearance information, and even 5.6 million sets of fingerprints.</p> <p> Hackers have also targeted the U.S. Department of State, the Department of Veterans Affairs, the Postal Service, the Internal Revenue Service, NASA, and the White House in recent years, with varying success.</p> <p> From one breach to the next the culprits, the types of information sought, and the motivations at play may differ, but the overarching trend paints a clear picture: the U.S. government is an extremely attractive target for cyber criminals of all stripes, and that problem will only intensify in the coming years. In their analysis, the students saw consistent opportunities to improve the U.S. government&rsquo;s cyber posture, and produced a list of recommendations that could be implemented across the board by all federal agencies.</p> <p> The students&rsquo; recommendations seek to move agencies toward a culture of cyber vigilance and accountability that all users share in, including additional layers of security as well as providing the entire government workforce with more robust training in information security and the pervasiveness of threats.</p> <p style="text-align: center;"> <iframe allowfullscreen="" class="giphy-embed" frameborder="10" height="300" src="//giphy.com/embed/oh22Ttw0dFW8w" width="300"></iframe></p> <h6 style="text-align: center;"> <em>NOOO! I swore I&#39;d never get phished again!</em> (<a href="https://giphy.com/gifs/computer-oh22Ttw0dFW8w">via GIPHY</a>)</h6> <p> Summer Craze Fowler, Risk and Resilience Manager for the CERT Division of Carnegie Mellon University&rsquo;s <a href="https://www.sei.cmu.edu/">Software Engineering Institute</a>, was the project&rsquo;s faculty advisor. She said when breaches occur, 70 percent of the time it&rsquo;s a known vulnerability being exploited.</p> <p> &ldquo;There are fundamental [cybersecurity] hygiene practices that are just not in play right now. If we shored up our defenses from that standpoint, we could stop a lot of these attacks from occurring,&rdquo; said Fowler.</p> <p> In the case of the OPM breach, the students determined that OPM had not, to date, followed cyber security best practices and had relatively poor (or even non-existent) endpoint security. According to previous audits, numerous systems at OPM failed security inspection or were operating without authorization, data had been insufficiently encrypted, and adequate cyber security leadership was not in place.</p> <p> In the time since the breach was announced to the public in the summer of 2015, OPM has implemented many of the changes suggested by the students, including multi-factor authentication, strengthening access controls, and modernizing legacy systems.</p> <p> The students affirmed that while system failures, weak controls, and physical thefts can account for some breaches, it was human error, misuse, and insider threats that accounted for the majority of cyber incidents. They argued that while investment must be made in infrastructure and in updating systems, it is simultaneously essential to devote resources to strengthening cyber policies and practices, right down to the employee level.</p> <div class="customSidebar" style="float: left;width: 250px;border-width: 10px;margin: 10px; "> <h2 align="center"> <strong>There are fundamental [cybersecurity] hygiene practices that are just not in play right now.</strong></h2> <h2 align="center"> <strong style="font-size: 12px;">-- Summer Craze Fowler --</strong></h2> </div> <p> <strong>The SEAL Lifecycle: a cyber culture blueprint&nbsp;</strong></p> <p> In order to simplify the implementation of their recommendations, the students developed an innovative strategy called the SEAL (<strong>S</strong>creen, <strong>E</strong>nforce, <strong>A</strong>ssure, <strong>L</strong>earn) Lifecycle. This layered method is intended to continually improve an organization&rsquo;s cyber security through clear and simple processes regarding risk identification, policy application, incident response, and documentation.</p> <p> The Heinz students presented their final paper on Capitol Hill; their recommendations to lawmakers, if fully implemented and baked into future policy and law, could strengthen information security not just for the U.S. government, but for the entirety of the American public.</p> <p> How many grad students get to claim that?</p> <p> &nbsp;</p> <p> <em>This Capstone Project, titled &ldquo;Fortifying America&rsquo;s Cyber Posture: Applying Lessons Learned to Mitigate Future Threats,&rdquo; was completed by Sarah Chandel, Marcelle Drakes-Ruffin, Teresa Mock, and Drew Spaniel.</em></p> <p> <a href="http://www.heinz.cmu.edu/school-of-information-systems-and-management/information-security-policy-management-msispm/index.aspx">Read more about the MSISPM program&gt;&gt;</a></p> <p> <a href="https://homeland.house.gov/">Read more about the House Committee on Homeland Security&gt;&gt;</a></p> <p> &nbsp;</p> <p> &nbsp;</p> <p> &nbsp;</p>
http://www.heinz.cmu.edu/news/news-detail/index.aspx?nid=3915Mon, 04 May 2017 09:30:00 GMThttp://www.heinz.cmu.edu/news/news-detail/image.aspx?width=250&mar=1&id=10594Heinz Students Investigate Agency Hacks for US House Committee on Homeland Security

]]>
A Grand Challenge: National Academy of Engineering Talks Cybersecurity at CMUhttp://www.heinz.cmu.edu/news/news-detail/index.aspx?nid=3934Image associated with news releaseThe National Academy of Engineering (NAE) gathered for a regional meeting and symposium at Carnegie Mellon University's Software Engineering Institute to discuss cybersecurity, which is now one of the greatest challenges in the 21st century.

]]>
http://www.heinz.cmu.edu/news/news-detail/index.aspx?nid=3934Mon, 04 May 2017 10:45:00 GMThttp://www.heinz.cmu.edu/news/news-detail/image.aspx?width=250&mar=1&id=10734A Grand Challenge: National Academy of Engineering Talks Cybersecurity at CMU

]]>
Bankrupting Terrorism: Heinz Alum Hits Extremists Where It Hurtshttp://www.heinz.cmu.edu/news/news-detail/index.aspx?nid=3905Image associated with news releaseThe U.S. Department of State has prevented more than 300 terrorist attacks by tracing and recovering illegal money meant to fund terrorist activities. But even with that rate of success, the World Bank estimates that approximately $3.61 trillion is laundered annually across the globe, making laundering a colossal challenge for counterterrorism experts. One of the keys to fighting terrorist attacks is further preventing the illegal laundering of money, usually disguised as legitimate business transactions, to fund terrorist activities. That’s exactly what Ian Kloo (MSPPM’ 14) has done. Through his work as a Presidential Management Fellow, Kloo developed an innovative app for the Center for Army Analysis that helped the center’s analysts find links between known and unknown money launderers that support terrorism.

]]><p> <em>By Michael Cunningham</em></p> <h2> Heinz alumnus builds groundbreaking tool to counteract the financing of terrorism</h2> <p> Terrorist activities, like many things in life, cost a lot of money. And much of that money is laundered.</p> <p> Money laundering is the process of creating the appearance that large amounts of money obtained from serious crimes, such as drug trafficking or terrorist activity, originated from a legitimate source. Money launderers often achieve this by utilizing transfers involving foreign banks or legitimate businesses.</p> <p> The U.S. Department of State has prevented more than 300 terrorist attacks by tracing and recovering illegal money meant to fund terrorist activities. But even with that rate of success, the World Bank estimates that approximately $3.61 trillion is laundered annually across the globe, making laundering a colossal challenge for counterterrorism experts.</p> <p> One of the keys to fighting terrorist attacks is further preventing the illegal laundering of money, usually disguised as legitimate business transactions, to fund terrorist activities.</p> <p> That&rsquo;s exactly what Ian Kloo (MSPPM-Data Analytics &#39;14) has done. Through his work as a Presidential Management Fellow, Kloo developed an innovative app for the Center for Army Analysis that helped analysts at <a href="http://www.centcom.mil/" target="_blank">United States Central Command</a> (USCENTCOM) find links between known and unknown money launderers that support terrorism.</p> <p> Kloo&rsquo;s app has had a monumental impact at USCENTCOM, enabling government officials to seize and interdict what Kloo described as a &ldquo;significant&rdquo; amount of money from known terrorist organizations. For his efforts in developing the app, Kloo was awarded the 2016 David Rist Prize by the Military Operations Research Society (MORS). The Rist Prize recognizes the practical benefit sound operations research can have on &ldquo;real life&rdquo; decision-making.</p> <p> &ldquo;USCENTCOM had a lot of data that had been subpoenaed through various legal actions,&rdquo; said Kloo. &ldquo;We came up with a methodology to go through and create some visualizations based of all of that data.&rdquo;</p> <p> The key to developing this groundbreaking technology, which was unprecedented in financial counterterrorism, was something called &ldquo;entity resolution&rdquo; &ndash; the practice of determining whether two similar names in the same financial transaction data set are actually the same person.</p> <p> &ldquo;We were trying to answer the really hard question of, &lsquo;which two people in this data set are actually the same person, but using different names or different monikers,&rsquo; so getting after that is where I think we had the greatest impact,&rdquo; explained Kloo. &ldquo;We created an interface for analysts to use, where they could go through and create some relatively complicated rule sets to do some fuzzy matching of these names.&rdquo;</p> <p> For example, using Kloo&rsquo;s app, an analyst could determine that they wanted to create a data set where everyone who has the same date of birth, and similar names based on some key metrics, is considered to be the same person.</p> <p> &ldquo;In a typical data set, it would be several hundred million pair-wise comparisons to do that by hand, which is impossible,&rdquo; explained Kloo. &ldquo;But the analysts had the intuition to do it. So we were able to leverage the analysts&rsquo; insight and the power of computers to fit where appropriate instead of trying to shoehorn one into the wrong place.&rdquo;</p> <p> In addition to the Rist Prize, Kloo&rsquo;s work to counteract terrorist financing also landed him a job. With his two-year Presidential Management Fellowship set to expire next month, Kloo was hired on by the Center for Army Analysis full-time to continue leading data science projects that make a positive impact on society.</p> <p> Currently, Kloo is developing an app to optimize space in the Arlington National Cemetery, and he is creating tools to help Army analysts predict which digital news stories will attract the most public attention.</p> <p> &ldquo;Being able to use data science to have a positive impact on society is very fulfilling, and it&rsquo;s one of the main reasons that I wanted to get involved in government work in the first place,&rdquo; said Kloo.</p> <p> &nbsp;</p> <p> <a href="https://www.pmf.gov/" target="_blank">Read more about the Presidential Management Fellowship &gt;&gt;</a></p> <p> <a href="http://www.mors.org/Recognition/Rist_Prize" target="_blank">Read more about the Rist Prize &gt;&gt;</a></p> <p> <a href="http://www.heinz.cmu.edu/school-of-public-policy-management/public-policy-management-msppm/msppm-track-options/data-analytics-track/index.aspx" target="_blank">Read more about the MSPPM Data Analytics Track &gt;&gt;</a></p>
http://www.heinz.cmu.edu/news/news-detail/index.aspx?nid=3905Mon, 03 May 2017 09:30:00 GMThttp://www.heinz.cmu.edu/news/news-detail/image.aspx?width=250&mar=1&id=10530Bankrupting Terrorism: Heinz Alum Hits Extremists Where It Hurts

]]>
Somebody's Watching Me (and I Have No Privacy): Professor Acquisti on the FCC, ISPs, and Why Privacy Is So Challenginghttp://www.heinz.cmu.edu/news/news-detail/index.aspx?nid=3935Image associated with news releaseProfessor Alessandro Acquisti is a leading voice in information technology and Internet privacy. He is the director of the PwC-CMU Risk and Regulatory Services Innovation Center, housed at Heinz College. The recent decision by Congress to roll back certain Federal Communications Commission (FCC) privacy protections has caused a lot of concern, and perhaps even more confusion. What does the decision really mean for consumers? Should we panic? Is every device in our homes going to be spying on us? Is it time to set up a virtual private network (VPN)? Heinz College Professor Alessandro Acquisti is an expert on this subject, having published extensive research on the economics and behavioral economics of privacy, and privacy in online social networks. And he was able to calm our nerves…somewhat.

]]><p> <em>By Scott Barsotti</em></p> <h2> <em style="font-size: 12px;">Professor Alessandro Acquisti is a leading voice in information technology and Internet privacy. He is the director of the CMU Risk and Regulatory Services Innovation Center housed at Heinz College and sponsored by PwC, as well as the creator of the Privacy Economics Experiments (PEEX) Lab; Professor Acquisti is a member of other IT research institutes at CMU including CyLab and iLab.</em></h2> <p> <span style="font-size: 12px;">The recent decision by Congress to <a href="https://www.washingtonpost.com/news/the-switch/wp/2017/04/04/trump-has-signed-repeal-of-the-fcc-privacy-rules-heres-what-happens-next/?utm_term=.b7a8c9383c05" target="_blank">roll back certain Federal Communications Commission (FCC) privacy protections</a> has caused a lot of concern, and perhaps even more confusion. What does the decision really mean for consumers? Should we panic? Is it time to set up a virtual private network (VPN)?&nbsp;</span>Is every device in our homes going to be spying on us?</p> <p> Heinz College Professor <a href="http://www.heinz.cmu.edu/faculty-and-research/faculty-profiles/faculty-details/index.aspx?faculty_id=3" target="_blank">Alessandro Acquisti</a> is an expert on this subject, having published extensive research on the economics and behavioral economics of privacy, and privacy in online social networks. &nbsp;And he was able to calm our nerves&hellip;somewhat.</p> <p> First off, he notes that the new legislation doesn&rsquo;t take away protections so much as prevent new rules from going into effect. The rules in question were young, put in place by the Obama administration&rsquo;s FCC in October 2016, meaning we hadn&rsquo;t really had time to appreciate the outcomes of those rules, for better or worse.</p> <div class="customSidebar" style="float: left;width: 400px;margin: 10px"> <iframe allowfullscreen="" frameborder="0" height="225" src="https://www.youtube.com/embed/H_pqhMO3ZSY?rel=0&amp;showinfo=0" width="400"></iframe> <h6 style="text-align: center;"> <em>Acquisti&#39;s 2013 TEDTalk in Edinburgh, &quot;What will a future without secrets look like?&quot;</em></h6> </div> <p> &ldquo;But in general, this is not good news for consumer privacy,&rdquo; said Acquisti. &ldquo;Most companies will, and do, collect data to the maximum extent afforded to them by regulation&mdash;or, as it happens, absence of regulation. The rules that have been rolled back tried to do something about that.&rdquo;</p> <p> Where the Obama-era rules had sought to choke off certain latitudes for Internet service providers (ISPs) to monitor, track, and sell user behavior, the new legislation&mdash;signed into law by President Trump on April 3&mdash;makes all of that fair game again. These activities only stand to get more rampant and privacy-intrusive as technology continues to improve. In fact, Acquisti notes that advancements in technology have made it so cheap to collect and store users&rsquo; personal data and browsing history, that companies will collect that information even if its value is low (or at best unclear).</p> <p> Companies seem to view consumers&rsquo; personal data the way a homeowner in a low-lying area might view flood insurance. Better to have it and not need it.</p> <p> Still, it&rsquo;s possible that some ISPs and web companies will refrain from abusing this right. Acquisti states that some firms may see privacy concerns as an opportunity to showcase their consumer-friendly bonafides. That may be easier if you&rsquo;re Apple, or another company that relies on hardware rather than data sales for the majority of their revenue. Even then, as the advent of the Internet of Things promises more and more connected devices, hardware manufacturers have little incentive to consider privacy in design at present, facing greater pressure to be first to market than to be most secure. And regulation in this area is sorely lacking.</p> <p> &ldquo;The problem consumers face in managing their privacy online will be exacerbated by the Internet of Things, because of the ubiquity of the devices and lack of transparency regarding their data-handling policies,&rdquo; said Acquisti. &ldquo;Unlike websites you visit that have links to their privacy notices, you cannot easily ask your Amazon Echo or Nest thermostat to show their privacy policies on the spot. The interface does not permit it. Furthermore, end-users get easily habituated to these devices, and pay little attention to the fact that the devices continuously collect and transfer data about their users.&rdquo;</p> <p> <strong>Consumers have options&hellip;with tradeoffs</strong></p> <div class="customSidebar" style="float: right;width: 250px;border-width: 10px;margin: 10px; "> <h2 align="center"> <strong>Someone who controls information about you gains some degree of power over you.</strong></h2> <h2 align="center"> <strong style="font-size: 12px;">-- Alessandro Acquisti --</strong></h2> <img align="" alt="Acquisti Headshot" height="250" src="image.aspx?id=10744&amp;width=250&amp;height=250" width="250" /></div> <p> Even if companies don&rsquo;t take steps to protect consumer privacy, there are things consumers can do to protect themselves. Acquisti mentioned that there are many tools, such as the <a href="https://www.torproject.org/projects/torbrowser.html.en" target="_blank">anonymous browser Tor</a>, for extremely privacy-conscious users. He also notes that VPNs&mdash;services that allow users to extend a private encrypted network over a less secure network&mdash;are realistic options.</p> <p> &ldquo;VPNs are, by now, mature and relatively common tools,&rdquo; he said. He is quick to warn, however, that there are tradeoffs.</p> <p> &ldquo;One of the many paradoxes we face in the privacy realm is that the more advanced techniques you may use to protect your privacy, the more attention you may attract from intelligence agencies.&rdquo;</p> <p> And there&rsquo;s the dilemma. Someone will likely be watching you, it&rsquo;s just a matter of who.</p> <p> &ldquo;You may feel like you have nothing to hide as a law-abiding citizen, but information is power,&rdquo; said Acquisti. &ldquo;Someone who controls information about you gains some degree of power over you.&rdquo;</p> <p> He points to some less exotic privacy-centered apps as well, like the encrypted messaging service&nbsp;<a href="https://whispersystems.org/" target="_blank">Signal</a>. He says that these apps work on good principles from security research, and provide a modicum of privacy with little hassle, but that consumers must remember that protection tools may be bypassed by other users with whom they are sharing information. Also, encryption&mdash;effective in theory&mdash;can be broken if poorly implemented by designers or ineffectively employed by end-users. Thus, such services may not be sufficient to protect all data, and not from every potential snooper.</p> <p> So, what gives? Is the World Wide Web just the Wild Wild West right now? What can be done?</p> <p> The fact of the matter is that, in the short term, consumer privacy is a huge and complicated challenge, and an area largely untouched by the law. But it doesn&rsquo;t have to stay that way.</p> <p> Acquisti insists that progress can be made that will alleviate many of these concerns, but that this relies on society being able to come to some degree of collective choice as to whether or not we truly value privacy as much as we claim to. If we do, a broader effort is urgently needed that combines regulatory, technological, and policy solutions. Otherwise, consumers can hope for little more than to be virtual fish in a cyber barrel.</p> <p> &ldquo;We cannot rely merely on individual responsibility,&rdquo; said Acquisti. &ldquo;Individuals who, by themselves, try to use privacy-enhancing technologies are on the losing side of an arms race with privacy-invasive technologies, which always seem to be a step ahead.&rdquo;</p> <p> <a href="http://app.criticalmention.com/app/#/report/4f876abf-38e7-4f44-b402-25ca7ccf9b55" target="_blank">Watch a clip of Prof. Acquisti discussing privacy on &quot;Through the Wormhole With Morgan Freeman&quot; &gt;&gt;</a></p> <p> <a href="https://www.cmu.edu/risk-reg-center/" target="_blank">Learn more about the PwC Risk and Regulatory Services Innovation Center &gt;&gt;</a></p> <p> <a href="http://peex.heinz.cmu.edu/" target="_blank">Learn more about PEEX Lab &gt;&gt;</a></p> <p> <a href="https://www.cylab.cmu.edu/" target="_blank">Learn more about CyLab &gt;&gt;</a></p>
http://www.heinz.cmu.edu/news/news-detail/index.aspx?nid=3935Mon, 24 Apr 2017 10:00:00 GMThttp://www.heinz.cmu.edu/news/news-detail/image.aspx?width=250&mar=1&id=10730Somebody's Watching Me (and I Have No Privacy): Professor Acquisti on the FCC, ISPs, and Why Privacy Is So Challenging

]]>
MAKING HEALTH CARE MARKETS WORK: COMPETITION POLICY FOR HEALTH CAREhttp://www.heinz.cmu.edu/news/news-detail/index.aspx?nid=3930Image associated with news releaseACTIONABLE POLICY PROPOSALS FOR THE EXECUTIVE BRANCH, CONGRESS, AND THE STATES - APRIL 2017

]]><p style="text-align: right;"> <a href="download.aspx?id=10718">Download Report</a></p> <p> <iframe allowfullscreen="" frameborder="0" src="//e.issuu.com/embed.html#6074444/47196842" style="width:100%; height:841px;"></iframe></p>
http://www.heinz.cmu.edu/news/news-detail/index.aspx?nid=3930Mon, 12 Apr 2017 17:03:00 GMThttp://www.heinz.cmu.edu/news/news-detail/image.aspx?width=250&mar=1&id=0MAKING HEALTH CARE MARKETS WORK: COMPETITION POLICY FOR HEALTH CARE

]]>
Dean Ramayya Krishnan Honored with 2017 IIT Madras Distinguished Alumnus Awardhttp://www.heinz.cmu.edu/news/news-detail/index.aspx?nid=3929Image associated with news releaseRamayya Krishnan, Dean of the H. John Heinz III College of Information Systems and Public Policy, and William W. and Ruth F. Cooper Professor of Management Science and Information Systems at Carnegie Mellon University, is a 2017 recipient of the Indian Institute of Technology Madras (IIT Madras) Distinguished Alumnus Award. Krishnan received the award on March 16 in a ceremony on the IIT Madras campus.

]]><p> <em>By Michael Cunningham</em></p> <p> Ramayya Krishnan, Dean of the Heinz College of Information Systems and Public Policy, and William W. and Ruth F. Cooper Professor of Management Science and Information Systems at Carnegie Mellon University, is a 2017 recipient of the Indian Institute of Technology Madras (IIT Madras) Distinguished Alumnus Award. Krishnan received the award on March 16<span style="font-size: 10px;"> </span>in a ceremony on the IIT Madras campus.</p> <p> &ldquo;Professor Ramayya Krishnan joins an illustrious group of Distinguished Alumni of IIT Madras who are academicians,&quot; said Professor Bhaskar Ramamurthi, Director of IIT Madras.&nbsp;&quot;Professor Krishnan is renowned for his seminal contributions to the field of Information Systems, and has made his alma mater proud with his accomplishments as Dean&nbsp;of the College for Information Systems at CMU.&quot;</p> <p> The Distinguished Alumnus Awards are presented annually by the Institute. Since the inception of the awards in 1996, 147 alumni have been selected for the award.</p> <p> &ldquo;I am proud to represent my alma mater in all that I do, and humbled that the Institute has honored me with this award,&rdquo; said Krishnan. &ldquo;I look forward to visiting campus and having an opportunity to catch up and share stories with my fellow alumni honorees.&rdquo;</p> <p> Krishnan received his bachelor&rsquo;s degree in Mechanical Engineering from IIT Madras in 1981, and both his master&rsquo;s degree and Ph.D. from the University of Texas, Austin in 1983 and 1987, respectively.</p> <p> <img align="" alt="Krishnan receives IIT Madras Alumni Award" src="image.aspx?id=10706" style="width: 30%; margin: 10px; float: left;" /></p> <p> Krishnan has been a member of the Heinz College faculty since 1988 and is a founding faculty member of the Master of Information Systems Management Program. He also oversaw the creation of the School of Information Systems and Management at Heinz College, complementing the existing School of Public Policy and Management.</p> <p> He was appointed as the first Dean when the Heinz College was created in 2008 and was reappointed Dean upon the completion of his first term in 2014.</p> <p> In 2016, under Krishnan&rsquo;s leadership, INFORMS, the global Operations Research and Management Science (OR/MS) Society, recognized Heinz College with the UPS George D. Smith Prize for educational excellence in Analytics. Heinz College is the only academic institution that is home to both the Von Neumann Theory Prize and the UPS George D. Smith Prize.</p> <p> Since he joined CMU in 1988, Krishnan has compiled an outstanding research record in Operations Research and Management Science (OR/MS) and its applications to Information Systems. His contributions have been recognized by INFORMS through its highly-selective INFORMS fellow award, and in 2015, he was conferred with the Y. Nayudamma Award for his contributions to information technology and telecommunications management. He has been the President of INFORMS Computing Society and INFORMS Information Systems Society, and has edited premier journals in the fields of Operations Research, Management Science, and Information Science Research.</p> <p> Krishnan has a worldwide reputation for his expertise in data science and analytics. He has spoken on data analytics at the World Economic Forum, served as a STEM expert on the U.S. State Department Delegation led by Sec. Clinton to APEC (Asia Pacific Economic Consortium), and briefed the ICT Ministers of ASEAN on big data technology and policy. He is a former member of the Global Agenda Council on Data Driven Development at the World Economic Forum. Currently, he serves on the IT and Services Advisory Board chaired by Governor Tom Wolf of the Commonwealth of Pennsylvania.</p> <p> <a href="http://www.heinz.cmu.edu/faculty-and-research/faculty-profiles/faculty-details/index.aspx?faculty_id=51" target="_blank">Learn more about Ramayya Krishnan &gt;&gt;</a></p> <p> <a href="http://www.iitm.ac.in/" target="_blank">Learn more about IIT Madras &gt;&gt;&nbsp;</a></p>
http://www.heinz.cmu.edu/news/news-detail/index.aspx?nid=3929Mon, 16 Mar 2017 09:35:00 GMThttp://www.heinz.cmu.edu/news/news-detail/image.aspx?width=250&mar=1&id=10707Dean Ramayya Krishnan Honored with 2017 IIT Madras Distinguished Alumnus Award

]]>
Hold Tight and Pretend It’s a Plan: Big Data and BBC's 'Doctor Who'http://www.heinz.cmu.edu/news/news-detail/index.aspx?nid=3925Image associated with news releaseThe BBC television series Doctor Who has millions of devoted fans all over the world, and many of them would claim to be experts on the show. But to find experts on “Whovians” themselves, look to Heinz College. A team of five Master of Information Systems Management (MISM) students worked with BBC Worldwide to analyze content on the Doctor Who YouTube channel in order to grasp why some content played better to the show’s rapidly growing fan-base. These insights would in turn help the BBC boost fan engagement on the channel and raise the profile of the Doctor Who brand.

]]><p> <em>By Scott Barsotti</em></p> <h2> From Doctors to monsters, Heinz College students have a transatlantic impact by delivering key insights to BBC Worldwide</h2> <p> The BBC television series <em><a href="http://www.bbc.co.uk/programmes/b006q2x0" target="_blank">Doctor Who</a></em> has millions of devoted fans all over the world, and many of them would claim to be experts on the show. But to find experts on &ldquo;Whovians&rdquo; themselves, look to Heinz College.</p> <p> A team of five <a href="http://www.heinz.cmu.edu/school-of-information-systems-and-management/information-systems-management-mism/index.aspx" target="_blank">Master of Information Systems Management (MISM)</a> students worked with BBC Worldwide to analyze content on the <a href="https://www.youtube.com/user/doctorwho" target="_blank"><em>Doctor Who</em> YouTube channel</a> in order to grasp why some content played better to the show&rsquo;s rapidly growing fan-base. These insights would in turn help the BBC boost fan engagement on the channel and raise the profile of the <em>Doctor Who</em> brand.</p> <p> For the non-Whovians out there, <em>Doctor Who</em> concerns the interdimensional adventures of &ldquo;The Doctor,&rdquo; a Time Lord from the planet Gallifrey, as he and his companions travel through space and time protecting people and thwarting many monsters and cosmic foes along the way. A crucial plot device is that the Doctor occasionally regenerates into a new humanoid form, introducing a new actor into the role, like a metaphysical James Bond (a popular fan theory supposes the iconic British secret agent may actually be a Time Lord himself, but that&rsquo;s a different matter).</p> <div class="customSidebar" style="float: left;width: 250px;"> <h2 style="text-align: center;"> <i>Doctor Who</i>, in numbers</h2> <ul> <li> Episodes: 827</li> <li> Stories: 264</li> <li> Seasons: 35</li> <li> Most Featured Doctor: Fourth Doctor (Tom Baker, 41 stories)</li> <li> Most Featured Companion: Amy Pond (Karen Gillan, 28 stories)</li> <li> Most Featured Monster: <strong>The&nbsp;Daleks</strong> (22 stories)</li> </ul> <img align="" alt="BBC Dalek" src="image.aspx?id=10685&amp;width=250&amp;height=167" /> <p> <em>Photo courtesy of <a href="http://www.bbc.co.uk/doctorwho/s4/images/daleks" target="_blank">BBC</a></em></p> <p> <em>(As of 12/25/16)</em></p> </div> <p> The first episode of <em>Doctor Who</em> aired in 1963, and the original incarnation of the series ran for 26 seasons, going on hiatus in 1989. The show stayed gone (save a 1996 TV film) until 2005, when the series was rebooted. In its history, twelve actors have played the Doctor, and every Whovian will adamantly claim a different favorite.</p> <p> But with a show that involves so many actors, villains, and story lines, how in the universe could the BBC determine what content would best engage online viewers, and why? Was it clips from the show? Teasers and trailers? Original content?</p> <p> &ldquo;At the time we had 52 years of <em>Doctor Who</em> to work with. There are so many variations and so many different combinations [of elements],&rdquo; said Alex Ayling, Head of BBC Worldwide Digital Studios.</p> <p> Even with such a massive amount of content, the BBC was aware of some big picture ideas, such as that videos showing the Doctor regenerating and changing forms tended to be very popular. However, this project provided data that allowed them to do deeper analytics and discover some unknowns. For example, the students were able to determine that the optimal length of a clip depends heavily upon the mood of that clip.</p> <p> Brett Danaher, the Heinz College faculty advisor on the project, likened the students&rsquo; efforts to Pandora Radio&rsquo;s <a href="http://www.pandora.com/about/mgp" target="_blank">Music Genome Project</a>, which endeavored to break songs down into fundamental building blocks. Danaher said the group wondered whether the same philosophy couldn&rsquo;t be applied to <em>Doctor Who</em> videos.</p> <p> &ldquo;We looked at obvious things [in the videos] like which Doctors were present and which monsters, and if we see the TARDIS or not,&rdquo; said Danaher, referring to the Doctor&rsquo;s ship, which resembles a blue British police box and is one of the show&rsquo;s most recognizable symbols. &ldquo;[Then we looked at] some less obvious things like &lsquo;what percentage of the video is covered by music&rsquo; and &lsquo;what&rsquo;s the general mood of the video?&rsquo; Really breaking these videos down to their constituent components.&rdquo;</p> <p> The team used <a href="https://requester.mturk.com/" target="_blank">Amazon Mechanical Turk</a>, a crowdsourcing Internet marketplace, to gather user responses to the content. After watching videos, the test users (known as &ldquo;turkers&rdquo;) were paid to answer a series of questions about what they just watched. Some questions were simple, such as which characters were featured in the clip and whether the BBC logo was clearly visible, while others more complex, such as what emotions were presented.</p> <div class="customSidebar" style="float: right;width: 250px;border-width: 10px;margin: 10px; "> <h2 style="text-align: center;"> <strong>Employing predictive analytics and multiple regression models,&nbsp;the MISM students were able to link certain content variables to a video&rsquo;s performance among viewers.</strong></h2> </div> <p> The MISM students employed predictive analytics and multiple regression models to determine which elements were associated with more fan response across the relevant metrics: &lsquo;views,&rsquo; &lsquo;likes per views,&rsquo; and &lsquo;average percentage viewed.&rsquo;</p> <p> The students were able to link certain content variables to a video&rsquo;s performance among viewers. Correlations were drawn, for example, between specific Doctors or monsters and specific moods or tones. Or, as Ayling put it, the things that were hidden to the eye.</p> <p> &ldquo;Understanding our own content in a deeper way was really helpful,&rdquo; said Ayling.</p> <p> &nbsp;&ldquo;They were so diligent and dedicated. It can be very easy to reduce everything down to anonymous data, but they took the time to understand what was driving those data points.&rdquo;</p> <p> Danaher suggests that this type of analysis isn&rsquo;t limited to <em>Doctor Who</em>, that the BBC could do the same thing with other major titles, like <em>Top Gear</em>, in order to build brand excitement in an even more purposeful and targeted way. Ayling says that no matter what BBC Worldwide does with big data, the goal is always to serve fans and provide them with material that resonates.</p> <p> &quot;These data help us make better decisions&hellip;that [results] in better content being created and curated for our audience,&rdquo; said Ayling.</p> <p> Whether you prefer Daleks, Cybermen, or Weeping Angels, that&rsquo;s a reason to cheer.</p> <p> <em>This Capstone Project was completed by Ishan Bagadiya, Subramaniam Balasubramaniam, Sneha Challa, Anagha Gulwady, and Mithila Joshi.</em></p> <p> <iframe allowfullscreen="" frameborder="10" height="315" src="https://www.youtube.com/embed/o3x4YF3EisE" width="560"></iframe></p> <p> <a href="http://www.heinz.cmu.edu/school-of-information-systems-and-management/information-systems-management-mism/index.aspx">Learn more about the MISM program &gt;&gt;</a></p> <p> <a href="https://www.youtube.com/user/doctorwho" target="_blank">Visit the <em>Doctor Who </em>YouTube channel&gt;&gt;</a></p> <p> &nbsp;</p>
http://www.heinz.cmu.edu/news/news-detail/index.aspx?nid=3925Mon, 21 Feb 2017 11:45:00 GMThttp://www.heinz.cmu.edu/news/news-detail/image.aspx?width=250&mar=1&id=10697Hold Tight and Pretend It’s a Plan: Big Data and BBC's 'Doctor Who'

]]>
Beyond ‘The Great Wall,’ Heinz Experts on China and Hollywood’s Complicated Love Affairhttp://www.heinz.cmu.edu/news/news-detail/index.aspx?nid=3924Image associated with news releaseChina is projected to surpass the United States at the box office in the near future, and co-productions between the nations are expected to rise. At the same time, piracy and censorship continue to be problems. Heinz College experts Dan Green (MEIM program) and Lee Branstetter (MSPPM program), as well as alumna Rachel Song (MEIM '16), co-founder of Vantage Entertainment, weigh in on the opportunities and obstacles.

]]><p> <em>By Scott Barsotti</em></p> <h2> China is projected to surpass the United States at the box office in the near future, and co-productions between the nations are expected to rise. Meanwhile, piracy and censorship continue to create problems.</h2> <p> &ldquo;China is the most rapidly growing large economy in the world, it has been for a very long time&hellip; and has a very large middle class,&rdquo; said Lee Branstetter, Professor of Economics and Public Policy at Heinz College. &ldquo;There are hundreds of millions of Chinese that have disposable income, and they can now consume foreign products, including foreign media products.&rdquo;</p> <p> Branstetter suggests there is, at present, no opportunity more under-exploited for Hollywood than the Chinese market. As Chinese incomes continue to rise, that market will only become more important.</p> <p> &ldquo;We talk about international box office a lot more now than we did a decade ago when the program was founded,&rdquo; said Dan Green, director of the <a href="http://www.heinz.cmu.edu/school-of-public-policy-management/entertainment-industry-management-meim/index.aspx" target="_blank">Master of Entertainment Industry Management (MEIM)</a> program at Heinz College, a joint program Carnegie Mellon University&rsquo;s <a href="http://cfa.cmu.edu/" target="_blank">College of Fine Arts</a>.</p> <p> &ldquo;Now, you may not need the U.S. box office in order for a film to make money. Look at <em>The Fast and the Furious</em> [franchise], for example&hellip;<em>Furious 7</em> made $326 million in its first two weeks in China, compared to $320 million in its first three weeks in the U.S.,&rdquo; said Green.</p> <p> While there may be outsized potential for the Chinese and American entertainment industries to benefit from each other, there are obstacles standing in the way.</p> <p> Under current policy, the Chinese government limits the number of non-revenue-sharing foreign films that reach domestic movie theaters to around 30 titles each year. The State Administration of Press, Publication, Radio, Film, and Television (SARPPFT) also censors film releases, allowing nothing that impugns government, no stories of police corruption, and nothing supernatural.</p> <div class="customSidebar" style="float: left;width: 250px;border-width: 10px;margin: 10px; "> <h2 align="center"> <strong>Co-production is a very tricky thing. It&rsquo;s almost impossible to win both markets.</strong></h2> <h2 align="center"> <strong style="font-size: 12px;">-- Rachel Song --</strong></h2> </div> <p> &ldquo;Also, the bad guy must die in the end,&rdquo; said Rachel Song (MEIM &rsquo;16), co-founder and Head of Business at <a href="http://www.vantageentertainment.com/vantage-entertainment/" target="_blank">Vantage Entertainment</a> in Los Angeles. Song says her company functions like a financier and producer between would-be collaborators in the U.S. and China. Vantage connects financial and creative resources in both countries as well as developing premium content for the Chinese audience and packaging international co-productions (which involves lining up financing and above-the-line talent, as well as domestic distribution and international sales).</p> <p> &ldquo;There&rsquo;s a relatively short history in the [Chinese] film industry. It&rsquo;s extremely valuable that professionals there have the opportunity to learn from Hollywood,&rdquo; said Song.</p> <p> Not surprisingly, there has been a recent uptick in Chinese investments in American media, and vice versa. Chinese property developer turned media giant <a href="http://www.hollywoodreporter.com/news/official-chinas-wanda-acquires-legendary-854827" target="_blank">Dalian Wanda Group</a>, for example, has purchased majority shares of Legendary Entertainment and Dick Clark Productions, as well as the Carmike Cinemas and AMC Theaters chains. Other Los Angeles-based production houses, film financiers, event producers, and digital media companies have also been acquired by Chinese firms in recent years.</p> <p> <strong><em>The Great Wall</em>, a cross-cultural experiment on a grand scale</strong></p> <div class="customSidebar" style="float: right;width: 300px;"> <img align="" alt="great wall poster china" src="image.aspx?id=10684&amp;width=300&amp;height=489" /> <p style="text-align: right;"> <em>via <a href="http://www.impawards.com/2016/great_wall_ver6.html" target="_blank">IMP Awards</a></em></p> </div> <p> As someone who lives and breathes these markets, Song is paying close attention to what happens with Legendary&rsquo;s <em><a href="https://www.legendary.com/film/the-great-wall/" target="_blank">The Great Wall</a></em>, a speculative fantasy action film directed by preeminent Chinese director Zhang Yimou (<em>Hero</em>, <em>House of the Flying Daggers</em>). The film stars Matt Damon as a Western mercenary visiting China&mdash;on trade business, as it happens&mdash;with a supporting cast of Chinese A-listers Jing Tian and Andy Lau. <em>The Great Wall</em> is set in, on, and around the eponymous structure, which is imagined as a bulwark against an invading force of bloodthirsty reptilian aliens. The film&rsquo;s ornate art direction and lush visuals reflect 11<sup>th</sup> century Song dynasty China.</p> <p> If that all sounds pricey, that&rsquo;s because it was. <em>The Great Wall</em> was the highest budgeted China-U.S. co-production ever, and players on both sides of the Pacific are closely watching the film&rsquo;s performance in the U.S., where it opened on February 17 (<em>The Great Wall</em> opened in Beijing on December 6).</p> <p> &ldquo;Co-production is a very tricky thing,&rdquo; said Song, &ldquo;It&rsquo;s almost impossible to win both markets. You have to focus on one&hellip;so it&rsquo;s either more for the U.S. or more for China.&rdquo; She says that she is interested to see whether a film about the Great Wall of China will resonate with the American audience, aliens or no aliens.</p> <p> Song notes that there are political pressures from both Beijing and Washington that producers need to be aware of before embarking on a co-production. Wanda&rsquo;s activity in particular has caught the attention of U.S. lawmakers, some of whom may be wary (justly or not) of foreign influence in a quintessential American industry. At the same time, the Chinese government has recently clamped down on investments in overseas media. Late in 2016, Anhui Xinke New Materials, a Chinese manufacturer, announced its intent to buy Voltage Pictures (<em>The Hurt Locker</em>, <em>Dallas Buyers Club</em>) for nearly $350 million dollars. That sale was scuttled. Song says it could be that Chinese regulators threw up roadblocks and compelled Anhui Xinke to back out of the deal, due in part to it being a publicly-traded company not in the entertainment industry.</p> <p> Branstetter suggests such measures may be an attempt by Beijing to slow the deluge of Western media coming into the country. He says that China is endeavoring to create its own cinema that can compete globally, and that easing their quota system or allowing Chinese companies to freely buy up Western media will overwhelm the indigenous film industry, and introduce more media to the Chinese market that doesn&rsquo;t square with the values of the Chinese Communist Party.</p> <p> &ldquo;There is a concern that consumers will just flock to the Hollywood movies because they are more professionally produced&hellip;and they weren&rsquo;t produced under the censorship and restrictions that the domestic movie industry has to deal with,&rdquo; said Branstetter. He adds that if the quota were lifted entirely, while unlikely, would easily generate billions of dollars of revenue for the big American studios.</p> <p> <strong>&lsquo;The most digitally protectionist nation in the world&rsquo;</strong></p> <p> Song says that while Hollywood dislikes the quota and censorship demands, no one is more dissatisfied by those government restrictions than Chinese consumers, who are going online in droves to find more exciting and daring titles to watch.</p> <div class="customSidebar" style="float: right;width: 250px;border-width: 10px;margin: 10px; "> <h2 align="center"> <strong>Eventually other countries are going to be producing as much if not more than what gets produced [in the United States]. By some definitions, that may already be the case.</strong></h2> <h2 align="center"> <strong style="font-size: 12px;">-- Dan Green --</strong></h2> </div> <p> &ldquo;In China, everyone is looking for content,&rdquo; she said. &ldquo;There is a huge demand gap.&rdquo;</p> <p> Much of that online viewing, however, is sourced illegally.</p> <p> Branstetter says that China has attempted to wall off its Internet, calling it probably the most digitally protectionist nation in the world. Therefore, while shows such as <em>Stranger Things</em>, <em>Westworld</em>, and <em>Game of Thrones</em> (to name a few) have huge followings in China, they are more than likely heavily pirated.</p> <p> &ldquo;Sophisticated young Chinese [computer users] have pretty broad access to Western media content, regardless of what the government tries to do,&rdquo; said Branstetter.</p> <p> Studios can&rsquo;t do much to fight that piracy, though Green suggests that may have been the primary impetus for Legendary&rsquo;s decision to release <em>The Great Wall</em> in China before the U.S.</p> <p> &ldquo;That was an unusual move&hellip;but [Legendary] wanted those Chinese dollars, they didn&rsquo;t want to have to deal with the piracy,&rdquo; said Green.</p> <p> <strong>Can China outshine Hollywood?</strong></p> <p> Even with rampant online theft and counterfeit distribution, Chinese consumers have shown that they are more than willing to spend their money at the multiplex. PwC recently projected that the <a href="http://www.cnbc.com/2016/06/08/china-will-be-bigger-for-the-box-office-than-the-us-next-year-pwc.html" target="_blank">Chinese box office is expected to surpass the American box office by the end of 2017</a>.</p> <p> &ldquo;We can no longer afford to just care about what&rsquo;s happening domestically. The entertainment industry is a global industry, and eventually other countries are going to be producing as much if not more than what gets produced [in the United States]. By some definitions, that may already be the case,&rdquo; said Green.</p> <p> Branstetter says that more so than piracy cutting into profits or a strict quota limiting market penetration, what Hollywood should truly fear is an artistically unconstrained Chinese cinema that would have &ldquo;no problem whatsoever&rdquo; competing in the global market.</p> <p> &ldquo;A truly unfettered Chinese cinema would&hellip;churn out amazing movies that might feature mostly or entirely Chinese casts, might be set in China, and address themes that are not immediately familiar to an American audience but that would be such superlative works of art that a global audience would be drawn to them,&rdquo; said Branstetter.</p> <p> Whether or not such a future exists remains to be seen, but Branstetter says it all hinges on whether Beijing will ever take the creative shackles off the industry and its artists.</p> <p> &ldquo;It&rsquo;s what the talent there deserves.&rdquo;</p> <p> &nbsp;</p> <p> <a href="http://www.heinz.cmu.edu/school-of-public-policy-management/entertainment-industry-management-meim/index.aspx" target="_blank">Read more about the MEIM program&gt;&gt;</a></p> <p> <a href="http://www.heinz.cmu.edu/school-of-public-policy-management/public-policy-management-msppm/index.aspx" target="_blank">Read more about the MSPPM program&gt;&gt;</a></p> <p> <a href="http://www.vantageentertainment.com/vantage-entertainment/" target="_blank">Read more about Vantage Entertainment&gt;&gt;</a></p> <p> &nbsp;</p>
http://www.heinz.cmu.edu/news/news-detail/index.aspx?nid=3924Mon, 21 Feb 2017 11:50:00 GMThttp://www.heinz.cmu.edu/news/news-detail/image.aspx?width=250&mar=1&id=10663Beyond ‘The Great Wall,’ Heinz Experts on China and Hollywood’s Complicated Love Affair

]]>
Disruption is Rewarded: Streaming Services Are Changing (And Winning) Everythinghttp://www.heinz.cmu.edu/news/news-detail/index.aspx?nid=3921Image associated with news releaseWhen it came to prestigious Hollywood awards, SVOD channels like Netflix and Amazon had no seat at the table as recently as 2012. Five years later, the Amazon Studios feature Manchester by the Sea became the first film released by a streaming service to be nominated for the Academy Award for Best Picture. Heinz College faculty experts weigh in on why this is such an important development in the entertainment industry, and what's ahead.

]]><p> <em>By Scott Barsotti</em></p> <h2> Big data and streaming services have turned the entertainment industry on its head&hellip;and they have the statues to prove it</h2> <p> As relatively new fighters in the original programming arena, it is tempting to view streaming video on-demand (SVOD) channels like Netflix and Amazon as scrappy Davids hurling stones at the entertainment Goliaths. But if that&rsquo;s the case, you should trade out David&rsquo;s sling for a technologically advanced combat weapon with precision targeting and a proprietary dataset exposing Goliath&rsquo;s weaknesses. Or if extended metaphors aren&rsquo;t your thing, consider this:</p> <p> The Amazon Studios feature <em>Manchester by the Sea</em> recently became the first film released by a streaming service to be <a href="https://www.theatlantic.com/entertainment/archive/2017/01/how-amazon-got-a-best-picture-oscar-nomination/514325/" target="_blank">nominated for the Academy Award for Best Picture</a>.</p> <p> &ldquo;It&rsquo;s seismic,&rdquo; according to Dan Green, director of the Heinz College <a href="http://www.heinz.cmu.edu/school-of-public-policy-management/entertainment-industry-management-meim/index.aspx" target="_blank">Master of Entertainment Industry Management (MEIM)</a> program, a joint degree with Carnegie Mellon University&rsquo;s <a href="http://cfa.cmu.edu/" target="_blank">College of Fine Arts</a>. &ldquo;This is a time of disruption.&rdquo;</p> <p> To get a sense of how big <em>Manchester</em>&rsquo;s nomination is, we need to look at how we got here (and how quickly).</p> <p> When it came to prestigious Hollywood awards, SVOD channels like Netflix and Amazon had no seat at the table as recently as 2012. It wasn&rsquo;t until 2013 that the Netflix political epic <em>House of Cards</em> was nominated for nine Primetime Emmy Awards, including Best Drama Series. In 2014, <em>House of Cards</em> followed that up with more Emmy notices and added some Golden Globe nominations for good measure, including a Golden Globe win for lead actress Robin Wright. The Netflix favorite <em>Orange is the New Black</em> started making regular appearances at the award shows that year as well.</p> <div class="customSidebar" style="float: left;width: 250px;border-width: 10px;margin: 10px; "> <h2 align="center"> <strong>Traditional television and the movie business can learn a lot from looking at what happened to the record business. It became peer-to-peer driven, it became digital&hellip;it became personalized.</strong></h2> <h2 align="center"> <strong style="font-size: 12px;">-- Kevin Stein --</strong></h2> </div> <p> Then the dam broke. In 2015, the streaming channels made more gains in nominations and wins, and Amazon&rsquo;s <em>Transparent</em> won the Golden Globe for Best Musical or Comedy Series. In 2016, four out of six nominations in that same category went to Amazon, Netflix, or Hulu shows, with Amazon&rsquo;s <em>Mozart in the Jungle</em> taking the top prize. Last month, Netflix&rsquo;s <em>The Crown</em> won the Golden Globe for Best Drama Series, another first. SVOD titles have steadily gained traction at the Screen Actors Guild Awards as well.</p> <p> &ldquo;Getting awards lends credibility in terms of the business,&rdquo; said Kevin Stein, a media marketing expert who is a veteran of HBO and CBS and an Adjunct Professor with the MEIM program. &ldquo;They&rsquo;re making creative choices that are adventurous, and similar to HBO&rsquo;s model. By virtue of that, they&rsquo;re attracting&hellip;filmmakers, screenwriters, and movie stars who generally don&rsquo;t do television.&rdquo;</p> <p> With this rapidly mounting success, it was only a matter of time before one of the streaming giants elbowed its way into the front row at that most glamorous and insidery of glamorous insider affairs: The Oscars.</p> <p> Netflix has garnered Academy Award nominations for its documentaries for several years running, but those don&rsquo;t carry the same prestige as a nod for Best Picture. <em>Manchester by the Sea</em> also landed nominations for Best Actor, Best Director, Best Supporting Actress, Best Supporting Actor, and Best Original Screenplay. (For those keeping score, that&rsquo;s all but one of the Oscars&rsquo; major categories.) Add a Best Foreign Language Film nomination for the Iranian drama <em>The Salesman</em>, and it&rsquo;s a statement year for Amazon. And in entertainment, momentum is everything.</p> <p> &ldquo;Winning stars and winning studios make bank. Traditionally, awards resuscitate box office&hellip;and contribute to the bottom line of what stars can command in their future contracts,&rdquo; said Stein, adding that awards attention is certain to turn heads among Hollywood creatives who are always on the lookout for future projects and partnerships. He adds that by promising creative freedom, bigger budgets, and now the potential of awards success, &ldquo;[streaming channels] have attracted A-list film talent both on screen and above the line, and had enormous marketing success as a result. &rdquo;</p> <p> <em>Mancheste</em>r&rsquo;s Oscar splash has raised a lot of eyebrows, but considering the streaming channels&rsquo; success at disrupting television, should we be surprised? What&rsquo;s different about this breakthrough in the film world?</p> <div class="customSidebar" style="float: right;width: 400px;margin: 10px"> <iframe align="" allowfullscreen="" frameborder="10" height="225" scrolling="no" src="https://www.c-span.org/video/standalone/?c4655787" width="400"></iframe></div> <p> Stein says that it proves the SVOD model can port to traditional platforms and distribution. Recently, Netflix&rsquo;s <em>Beasts of No Nation</em> and Amazon&rsquo;s <em>Chi-Raq</em> earned widespread critical acclaim, but failed to net the kind of major award nominations that drive sales. <em>Manchester by the Sea</em> may be the mark of a changing tide&mdash;and strategy.</p> <p> Where the streaming services used tech to disrupt the television paradigm from the outside, the approach with <em>Manchester</em> has a decidedly more hybrid flavor, blending the old (nationwide release in theaters) and the new (exclusive, though delayed, release on Amazon Prime Video later in 2017).</p> <p> &ldquo;Not every film requires a brick-and-mortar distribution experience, but when it&rsquo;s needed, they&rsquo;re able to promise filmmakers a robust marketing campaign to rival any major studio,&rdquo; said Green. &ldquo;This push and pull between traditional theatrical distribution and streaming services will only get more complicated as Amazon and Netflix compete not only with each other, but with the expectations of an increasingly choosy customer.&rdquo;</p> <p> Green adds that <a href="http://www.businessinsider.com/netflix-and-amazon-sundance-deals-2016-1" target="_blank">Amazon and Netflix outspent traditional distributors</a> at the <a href="http://www.sundance.org/festivals/sundance-film-festival" target="_blank">Sundance Film Festival</a> this year, underscoring the fact that they are focused not only on attracting more viewers, but also on adding award-caliber films to their arsenals.</p> <p> Stein says that while there may be a sea change underway, there have been a lot of industry pros in denial, drawing a stark comparison to the music industry in the late 90s.</p> <div class="customSidebar" style="float: right;width: 250px;border-width: 10px;margin: 10px; "> <h2 align="center"> <strong>This push and pull between traditional theatrical distribution and streaming services will only get more complicated.</strong></h2> <h2 align="center"> <strong style="font-size: 12px;">-- Dan Green --</strong></h2> </div> <p> &ldquo;Traditional television and the movie business can learn a lot from looking at what happened to the record business. It became peer-to-peer driven, it became digital&hellip;it became personalized. There&rsquo;s a lot of industry criticism about why Netflix and Amazon don&rsquo;t share their ratings, but they are playing a different long tail game by emphasizing audience data in contrast to overnights.&rdquo;</p> <p> Rahul Telang, Heinz College professor and co-author of the book <u>Streaming, Sharing, Stealing: Big Data and the Future of Entertainment</u>, said in an interview with C-Span that whether or not traditional studios can embrace big data is going to play a significant role in how long they can sustain the advantages they still have.</p> <p> It&rsquo;s true that traditional players like Lionsgate, HBO, and CBS have created streaming channels of their own. What if more companies follow suit and stop selling their streaming rights to Netflix and Amazon, depriving the disruptors of popular titles? Telang suggests it might be too late for that. The top SVOD platforms realized years ago that they could not rely on big studios and networks to be their only sources of content and they took action, investing big money in original projects.</p> <p> &ldquo;Netflix said&hellip;&lsquo;I can hire similar talent. I have the customer base. And&hellip;I have the data and the ability&hellip;so why not me produce the content&hellip;rather than [the studios] dictating what sort of content can be and cannot be available,&rsquo;&rdquo; said Telang, adding that the major awards success of the streaming channels flies in the face of industry angst that big data threatened to crush creativity.</p> <div class="customSidebar" style="float: left;width: 400px;margin: 10px"> <iframe align="" allowfullscreen="" frameborder="10" height="225" scrolling="no" src="https://www.c-span.org/video/standalone/?c4655791" width="400"></iframe></div> <p> &ldquo;When you have good information&hellip;creators are more likely to be successful because they&rsquo;re working on projects that have a higher potential of being successful,&rdquo; said Telang. In this sense, he says, big data is going to complement, not kill, the creative spirit.</p> <p> <em>Manchester by the Sea</em>&rsquo;s Best Picture nomination may be a watershed moment, certainly for Amazon but also for Netflix as well as other providers in the SVOD space, like Hulu, YouTube, and Facebook. Stein suggests that streaming channels&rsquo; awards surge is a proclamation of their relevance and legitimacy, if not a full-fledged shot across the bow.</p> <p> &ldquo;They&rsquo;re part of the landscape now. They ain&rsquo;t going away,&rdquo; he said.</p> <p> &ldquo;They&rsquo;re showing people that data is really important. Knowing your audience is really important.&rdquo;</p> <p> <strong><em>UPDATE</em></strong>: <em>Manchester by the Sea&nbsp;</em>won the Academy Awards for Best Actor (Casey Affleck) and Best Original Screenplay (Kenneth Lonergan), and&nbsp;<em>The Salesman</em> was awarded Best Foreign Language Film (Asghar Farhadi). The Netflix short documentary&nbsp;<em>The&nbsp;</em><em>White Helmets&nbsp;</em>won in its category as well. These four awards comprise the first Oscars won by the streaming services. [2.27.17]</p> <p> &nbsp;</p> <p> <a href="http://www.heinz.cmu.edu/school-of-public-policy-management/entertainment-industry-management-meim/index.aspx" target="_blank">Read more about the MEIM program&gt;&gt;</a></p> <p> <a href="http://www.heinz.cmu.edu/news/news-detail/index.aspx?nid=3868" target="_blank">Read more about Rahul Telang&rsquo;s book Streaming, Sharing, Stealing&gt;&gt;</a></p> <p> <a href="https://www.c-span.org/video/?415597-1/communicators-rahul-telang" target="_blank">Watch Telang&rsquo;s full interview on C-Span&rsquo;s <em>The Communicators</em>&gt;&gt;</a></p>
http://www.heinz.cmu.edu/news/news-detail/index.aspx?nid=3921Mon, 19 Feb 2017 12:00:00 GMThttp://www.heinz.cmu.edu/news/news-detail/image.aspx?width=250&mar=1&id=10679Disruption is Rewarded:  Streaming Services Are Changing (And Winning) Everything

]]>