Heinz College News http://www.heinz.cmu.edu News Stories from H. John Heinz III College Arts and Analytics in the Big Apple: Heinz Team Partners with New York’s MoMA http://www.heinz.cmu.edu/news/news-detail/index.aspx?nid=3946Image associated with news releaseCross-disciplinary problem solving is in Heinz College’s DNA—as it is for all of Carnegie Mellon University. That idea was never on greater, or more successful, display than in multiple recent Capstone Projects completed for prominent New York cultural organizations, including one for the venerated Museum of Modern Art (MoMA). Working with MoMA, an interdisciplinary team of students from the Master of Arts Management (MAM), Master of Information Systems Management (MISM), and Master of Science in Public Policy and Management (MSPPM) programs were tasked with delivered a new model of engagement that would better reach the museum’s local New York audience.

]]><h2> <em>Cross-disciplinary Heinz students address engagement and delivery models for MoMA and other major arts organizations</em></h2> <p> <em>By Scott Barsotti</em></p> <p> Cross-disciplinary problem solving is in Heinz College&rsquo;s DNA&mdash;as it is for all of Carnegie Mellon University. That idea was never on greater, or more successful, display than in multiple recent Capstone Projects completed for prominent New York cultural organizations, including one for the venerated Museum of Modern Art (MoMA).</p> <p> Working with MoMA, an interdisciplinary team of students from the Master of Arts Management (MAM), Master of Information Systems Management (MISM), and Master of Science in Public Policy and Management (MSPPM) programs were tasked with delivered a new model of engagement that would better reach the museum&rsquo;s local New York audience.</p> <p> &ldquo;Arts organizations big and small now realize that data and technology-based solutions can help them better serve audiences, artists, and their communities. At Heinz, that gives us the opportunity to bring together these diverse teams,&rdquo; said Kathryn Heidemann, director of the Master of Arts Management (MAM) program and assistant dean of Heinz College and the College of Fine Arts&mdash;the MAM program is a joint degree offered in partnership between the two colleges.</p> <p> &ldquo;Projects like these don&rsquo;t happen anywhere else, especially when you consider that it&rsquo;s a hands-on, real-world process working for a client like MoMA. That&rsquo;s a priceless experience for these students,&rdquo; said Heidemann.</p> <h2> <strong>Deepening the connection between MoMA and New Yorkers</strong></h2> <p> MoMA came to Heinz College with a problem. Attendance has been growing in recent years, but the museum believed it could do even better at engaging local New Yorkers, whom it considers an essential constituent group. MoMA&rsquo;s leadership asked the Heinz College team to devise evidence-based strategies to improve local engagement.</p> <p> &ldquo;A key piece of this project was defining what&nbsp;<em>engagement</em>&nbsp;means to an art museum so that we could effectively measure it. Working on a diverse team of tech, policy, and arts experts proved to be essential while creating a thoughtful approach and in-depth analysis specific to the MoMA,&rdquo; said Chanelle Labash, a member of the Heinz student team who recently graduated from the MSPPM program.</p> <p> The team analyzed data from multiple sources, including ticketing, retail, educational and special events, and social media data from the client, as well as other public data.</p> <p> Within these datasets, the students examined how engagement differs for each of New York&rsquo;s five boroughs. Over the past three years, Manhattan has been the &ldquo;most engaged&rdquo; borough&mdash;which was expected, due to MoMA&rsquo;s Midtown location. However, the data helped the team to understand the engagement dynamics and behaviors of New Yorkers from the other four boroughs, as well as gain key insights into who the museum&rsquo;s visitors tend to be in terms of attributes like household income and zip code.</p> <p> The student team made recommendations regarding MoMA&rsquo;s extended hours&mdash;evenings through the week when the museum stays open later, aimed at working New Yorkers who cannot visit during typical operating hours. MoMA currently has &ldquo;Free Friday Nights,&rdquo; but the students saw other opportunities that may be more appealing to the local audience and boost visitation among members and guests.</p> <p> The students also conducted a social media analysis for MoMA. Social media can play a hugely important role for artistic and cultural institutions, helping them to understand what the audience experience is like and to communicate directly with the public.</p> <p> Given the &ldquo;local&rdquo; scope of the problem, the team use analytics to identify social media posts that originated in New York City, and then separated out native residents from the rest. The team was then able to provide a detailed picture of New Yorkers&rsquo; sentiments about MoMA, and what creates desirable social engagement.</p> <p> Further analysis showed patterns in social media mentions, defining whether those mentions were being driven by the museum, or by outside forces and events.</p> <p> The MoMA team had this to say about the project: &quot;We value data input into decision-making at MoMA and also value external perspectives. It was great to work with the CMU team on blending data across a range of such sources to add perspective into how we could broaden our reach and engagement across all five boroughs of New York City.&rdquo;</p> <h2> <strong>Connecting people, policy, technology, and the arts</strong></h2> <p> Another recent project, completed for a major New York-based performing arts organization, tapped a second hybrid MAM-MISM team to analyze a critical hurdle it was facing in technology adoption. In that case, the student team made recommendations related to service delivery, logistics, and end-user experience.</p> <p> &ldquo;What&rsquo;s remarkable is that you can put these students from different programs at the same table, and while they have different types of skill, their Heinz training means they all know how to speak each other&rsquo;s language and lean on each other&rsquo;s strengths,&rdquo; said Heidemann.</p> <p> &ldquo;That&rsquo;s what Heinz College is all about. The arts and policy students and the tech students aren&rsquo;t afraid of what the other is doing, and there&rsquo;s genuine enthusiasm where these domains intersect.&rdquo;</p> <p> &nbsp;</p> <p> <em>This Capstone Project, titled &ldquo;Increasing Engagement of New Yorkers at the MoMA,&rdquo; was completed by Ahmad Salah Ud Din (MISM &lsquo;17), Cecilia Forero (MISM &lsquo;17), Disha Gupta (MISM &lsquo;17), Wang Han (MISM &lsquo;17), Chanelle Labash (MSPPM &lsquo;17), and Evan Zajdel (MAM &lsquo;17).</em></p>
http://www.heinz.cmu.edu/news/news-detail/index.aspx?nid=3946Mon, 17 Oct 2017 14:57:00 GMThttp://www.heinz.cmu.edu/news/news-detail/image.aspx?width=250&mar=1&id=10871Arts and Analytics in the Big Apple: Heinz Team Partners with New York’s MoMA

]]>
CISOs: Heinz College Trains Guardians of the Security Galaxyhttp://www.heinz.cmu.edu/news/news-detail/index.aspx?nid=3911Image associated with news releaseThese days, the question is not if your company’s information will be threatened, or even when—the reality facing firms now is: You’ve been hacked, you just don’t know it yet. Every organization, no matter its size, needs a Chief Information Security Officer (CISO) to ensure and maintain cyber and information security. At Heinz College's CISO Certificate Program, part of the CIO Institute Executive Education curriculum and co-administered with the Software Engineering Institute, top security professionals from all sectors come to Carnegie Mellon University to learn from the best and from each other.

]]><p> <em>By Scott Barsotti</em></p> <h2> These days, the question is not <em>if</em> your company&rsquo;s information will be threatened, or even <em>when. </em>The reality facing firms now is: <em>You&rsquo;ve been hacked, you just don&rsquo;t know it yet.</em> Every organization, no matter its size, needs a Chief Information Security Officer (CISO) to ensure and maintain cyber and information security.&nbsp;</h2> <p> Imagine a room full of cybersecurity officers from retail giants, manufacturers, universities, energy companies, health care systems, and all levels of government (including the FBI)&mdash;a place where these leaders come together to collaborate, talk about risks, share ideas, and solve complex problems in information security. It&rsquo;s not a fantasy, these collectives form throughout the year thanks to Heinz College&rsquo;s <a href="http://www.heinz.cmu.edu/school-of-information-systems-and-management/cio-institute/index.aspx" target="_blank">Chief Information Officer (CIO) Institute executive education program</a>.</p> <p> One offering of the CIO Institute is the <a href="http://www.heinz.cmu.edu/school-of-information-systems-and-management/cio-institute/chief-information-security-officer-executive-education-and-certification-program/index.aspx" target="_blank">CISO Certificate Program</a>, where top security professionals from all sectors come to Carnegie Mellon University to learn from the best.</p> <p> Massive data breaches are in the news every week&mdash;the attack on Sony Pictures was estimated to cost the production house at least $35 million, the Target breach cost the retailer $162 million, and the hacks of the Democratic National Committee are seen as attempts to undermine American democracy&mdash;but there are thousands upon thousands of cyber incidents every year that don&rsquo;t make headlines.</p> <p> The cost of cyber crime is projected to reach upwards of <a href="http://www.forbes.com/sites/stevemorgan/2016/01/17/cyber-crime-costs-projected-to-reach-2-trillion-by-2019/#7cb25d9c3bb0">$2 trillion by 2019</a>, and IBM CEO Ginni Rometty has called cyber crime <a href="http://www.forbes.com/sites/stevemorgan/2015/11/24/ibms-ceo-on-hackers-cyber-crime-is-the-greatest-threat-to-every-company-in-the-world/#3a0d6c4e3548">the greatest threat</a> to every industry and company in the world. Whether your organization is a Fortune 500 company, a government agency, or a non-profit, the <a href="https://insights.sei.cmu.edu/sei_blog/2016/02/structuring-the-chief-information-security-officer-ciso-organization.html">CISO</a> (or equivalent) role is more important now than ever before, and will continue to grow in relevance and influence as the opportunities and challenges in cyber evolve.</p> <h2 align="center"> <strong>---</strong></h2> <h2 align="center"> <strong>Heinz College has designed a cybersecurity leadership program for the future...</strong></h2> <h2 align="center"> <strong>a future that will increasingly rely on superb minds to tackle cyber risk</strong></h2> <h2 align="center"> <strong style="font-size: 12px;">Alan Levine</strong></h2> <h2 align="center"> <strong style="font-size: 12px;">CISO, Arconic, Inc.</strong></h2> <h2 align="center"> <strong>---</strong></h2> <p> <strong>Risk and security with a practical approach</strong></p> <p> The CISO Certificate Program is designed for current and future leaders with professional experience&mdash;past participants include the CISOs from Discover, Coca-Cola, and the FBI, as well as top Information Security and Risk Management officials from Microsoft, Lowes, and Blue Cross Blue Shield.</p> <div class="customSidebar" style="float: right;width: 400px;margin: 10px"> <img align="" alt="CISO Salary slide" src="image.aspx?id=10740&amp;width=400&amp;height=300" style="width: 400px; height: 300px;" /> <h6 style="text-align: right;"> <em>Source: CIO Magazine &nbsp;&nbsp;</em></h6> </div> <p> The six-month program consists of 13 modules on topics such as Security Investment and Measurement, Effective Incident Response, and Insider Threats. Most of the CISO Program is completed online through a virtual learning platform, but the cohort comes together on campus several times throughout the process&mdash;for orientation, for a mid-program meeting, and then once more for the Practicum, a three-day event on CMU&rsquo;s main campus in Pittsburgh that serves as the culmination of the program.</p> <p> Practical application is at the core of Heinz College&rsquo;s philosophy; for the Practicum, the participants are assigned a real-world cyber incident to analyze&mdash;major, high-profile incidents like the recent hacks of Home Depot, Yahoo, or the aforementioned breaches at Sony or Target. The teams are asked: How would you assess the threat? How would you identify it? How would you move forward? If you were in this situation, what would you have done?&nbsp;</p> <p> The participants work together to determine solutions using a combination of the knowledge gained through the program as well as their own distinct professional experiences. During the Practicum, each team presents their work and recommendations to the CISO Practicum Committee, a mock board of directors composed of experts from Heinz College and various industries.</p> <p> Ari Lightman, Heinz College Professor and Co-Director of the CISO Program, says the Practicum is a key experience.</p> <p> &ldquo;If you&rsquo;re an information security executive, or even involved with an information security program, you&rsquo;re going to have to develop something that you could present to a slew of different stakeholders, specifically your C-suite and a board of directors,&rdquo; he said.</p> <p> Previous Practicum Committee members include Greg Shannon, Chief Scientist at CERT; Alan Levine, CISO at Arconic; and Randy Miskanic, Executive Director of the Group Information Security Office at UBS and former CISO at USPS.</p> <p> <strong>Heinz College and SEI: a security supergroup</strong></p> <p> The CISO Program is administered in partnership with the <a href="https://www.cert.org/" target="_blank">CERT Division</a> of the <a href="https://www.sei.cmu.edu/" target="_blank">Software Engineering Institute (SEI)</a>, a federally-funded crucible of research and development in security technologies and advancement, whose frequent collaborators include the U.S. Department of Defense, the U.S. Department of Homeland Security, the FBI, and the American intelligence community.</p> <p> &ldquo;We [at Heinz College] bring our expertise in policy and data analytics,&rdquo; said Lightman, &ldquo;Combining that together with the folks at SEI, with their understanding of the security vein from a practical perspective and their connections to agencies around the world, creates a powerful program.&rdquo;</p> <p> This proximity to SEI and CERT provides a value to participants that truly cannot be replicated elsewhere.</p> <h2 align="center"> <strong>---</strong></h2> <h2 align="center"> <strong>As a student, I received the necessary education and tools to ensure my success as a CISO.</strong></h2> <h2 align="center"> <strong>As a coach and instructor, my network continues to expand as I have been involved in every cohort.</strong></h2> <h2 align="center"> <strong style="font-size: 12px;">Tom Pageler</strong></h2> <h2 align="center"> <strong style="font-size: 12px;">CRO/CSO, Neustar, Inc.</strong></h2> <h2 align="center"> <strong>---</strong></h2> <p> <strong>A new, growing collective of experts</strong></p> <p> Participants in each cohort come not only from varied sectors, but from varied backgrounds&mdash;many come directly from the security domain, while many others come from areas such as administration, law, privacy, and operations. Lightman says the &ldquo;right student&rdquo; for the CISO Program is someone who, regardless of their specific role, wants to understand how to develop a security culture across their organization.&nbsp;</p> <p> Even though the CISO Program participants are working professionals with demanding schedules, they tend to be eager to come to campus as often as possible. The opportunity to forge meaningful and lasting connections with other top influencers in the field is a hallmark of the CISO experience.</p> <p> In addition, many CISO Program alumni have voluntarily entered into a social network of sorts, a connected group of professionals with the egalitarian view that information security is more than a business or civic goal&mdash;it&rsquo;s a moral struggle, one that cannot be fought in isolation.</p> <p> &ldquo;Across [sectors], they&rsquo;re dealing with threat attempts on a continuous basis. By sharing intel, they become better aware of state-of-the-art techniques and current risks,&rdquo; said Lightman. &ldquo;They might compete to some extent, but security&rsquo;s impacting everybody.&rdquo;</p> <p> <iframe allowfullscreen="" frameborder="0" height="315" src="https://www.youtube.com/embed/XzOx8kt-6fs?rel=0&amp;showinfo=0" width="560"></iframe></p> <p> &nbsp;</p> <p> <a href="http://www.heinz.cmu.edu/school-of-information-systems-and-management/cio-institute/chief-information-security-officer-executive-education-and-certification-program/index.aspx">Learn more about the CISO Certificate Program &gt;&gt;</a></p> <p> <a href="http://www.heinz.cmu.edu/school-of-information-systems-and-management/cio-institute/index.aspx">Learn more about the CIO Institute &gt;&gt;</a></p> <p> <a href="http://www.cert.org/about/">Learn more about SEI and the CERT Division &gt;&gt;</a></p>
http://www.heinz.cmu.edu/news/news-detail/index.aspx?nid=3911Mon, 13 Oct 2017 10:30:00 GMThttp://www.heinz.cmu.edu/news/news-detail/image.aspx?width=250&mar=1&id=10729CISOs: Heinz College Trains Guardians of the Security Galaxy

]]>
Should I Stay or Should I Go? Bank Data Breaches and Customer Loyaltyhttp://www.heinz.cmu.edu/news/news-detail/index.aspx?nid=3937Image associated with news releaseBank customers not only value security, they demand it. Heinz College professor Rahul Telang is an expert in the economics of information security and privacy. His new paper published by the Federal Trade Commission, “Security, Fraudulent Transactions and Customer Loyalty: A Field Study,” answers these questions and fills a research gap in the area. His findings suggest that it is in financial firms’ best interest to invest heavily in security not just to protect accounts, but to improve user confidence and loyalty.

]]><p> <em>By Scott Barsotti</em></p> <h2> Heinz College Professor Rahul Telang&rsquo;s study, published by the Federal Trade Commission, suggests consumers not only value security, they demand it</h2> <p> I&rsquo;ve got good news and bad news.</p> <p> The good news is that your bank was breached and some hacker now has your financial and personal information and spent several thousand dollars at Best Buy, BUT the bank caught it pretty quickly, flagged the charges, froze your account, issued you a new credit card, and promised you a provisional credit for the dollar amount lost. Hooray!</p> <p> The bad news is...right, your bank was breached. Oh, and some hacker still has your personal information. Sorry.</p> <p> Now, some big questions emerge for you: Stick with the bank that allowed your sensitive information to be compromised, or defect to the institution down the street? What do people do in this situation? And is the bank down the street any safer?</p> <p> Heinz College professor Rahul Telang is an expert in the economics of information security and privacy. His new paper published by the Federal Trade Commission, &ldquo;<a href="https://www.ftc.gov/system/files/documents/public_comments/2016/10/00062-129181.pdf">Security, Fraudulent Transactions and Customer Loyalty: A Field Study</a>,&rdquo; answers these questions and fills a research gap in the area. His findings suggest that it is in financial firms&rsquo; best interest to invest heavily in security not just to protect accounts, but to improve user confidence and loyalty.</p> <p> <strong>Data protection: a matter of trust</strong></p> <p> Ideally, banks will take steps to protect consumer data as a course of service. Their institution has been selected by customers in a very competitive financial landscape, and there is an incentive to avoid negative outcomes and subsequent negative press. However, many would further argue that it is not just a service but a <em>responsibility</em> of banks to insulate customer information from exposure, and that the bank should pay a price if that trust is broken.</p> <div class="customSidebar" style="float: left;width: 250px;"> <h2 style="text-align: center;"> Industries at Highest Risk of Cyber Attack</h2> <ul> <li> 1. Healthcare</li> <li> 2. Manufacturing</li> <li> <strong>3. Financial Services</strong></li> <li> 4. Government</li> <li> 5. Transportation</li> </ul> <p> <img align="" alt="Server Room Blue World" height="141" src="image.aspx?id=10596&amp;width=250&amp;height=141" width="250" /></p> <p> <em>Source: <a href="https://www.forbes.com/sites/stevemorgan/2016/05/13/list-of-the-5-most-cyber-attacked-industries/#146cf503715e" target="_blank">Forbes/IBM</a></em></p> </div> <p> Consumers, it would seem, align with that sentiment. Telang&rsquo;s research, which he completed in collaboration with Sriram Somanchi (Telang&rsquo;s PhD student at the time), compiled a unique data set of 500,000 anonymized financial services users over a five-year period, in order to study how they reacted to adverse events.</p> <p> Telang and Somanchi observed that users who had their information compromised were significantly more likely to terminate their relationship with the bank in the six months following the event, even if the user was fully compensated and thus did not suffer a monetary loss. This churn was especially seen when the bank was not able to trace the fraud to a specific party or clearly explain to the customer what had happened.</p> <p> &ldquo;This lack of attribution is a significant source of uncertainty for end users,&rdquo; said Telang. &ldquo;When the attribution is clear, the effect of fraudulent transactions [on loyalty] is much smaller.&rdquo;</p> <p> This would seem to indicate that it is not financial loss but rather diminished confidence that drives consumers away from banks following a breach&mdash;many are preoccupied with nagging questions regarding who was responsible for the fraud, how they pulled it off, and if fraud can occur again. These doubts translate to an emotional cost that, while non-monetary, proves to be a strong driver for customers to leave the bank.</p> <p> At the same time, there is incentive for banks to stay current by rolling out online and mobile banking services, such as mobile deposit, app-based money transfer, and so on. Telang says that banks need to make these offerings as secure as they can be.</p> <p> &ldquo;They have to do that risk analysis. If [app-based banking] increases the chances of a fraud, are they willing to eat that fraud? Because they are ones who will eat that fraud, most of the time,&rdquo; said Telang.</p> <p> <strong>The costs and benefits of regulation</strong></p> <p> Financial firms have been compelled by regulations to protect customer accounts from fraudulent activity as well as to be increasingly transparent about how breaches are reported to their customers and to the public.</p> <p> The costs of regulation show up in multiple ways. For one, firms must invest in identifying fraud, which most customers have come to expect. But once fraud occurs, the banks must spend resources on requisite customer service and resolution, investigation, communication, and compensation against losses.</p> <div class="customSidebar" style="float: right;width: 300px;margin: 10px"> <img align="" alt="Rahul telang Headshot" src="image.aspx?id=10746&amp;width=300&amp;height=200" style="width: 300px; height: 200px;" /> <h6 style="text-align: center;"> <em>Professor Rahul Telang</em></h6> </div> <p> Even if the bank was not directly responsible for a loss and does everything it can to reassure a customer, it&rsquo;s still very possible the bank will lose that customer. Other research has shown that firms&rsquo; stock prices tend to suffer after a breach (though prices typically rebound).</p> <p> The blend of pressure from regulations, markets, and consumers have pushed greater focus on responsibility among banks and driven investments in security. While the industry may not be thrilled to be under that microscope, consumers&mdash;whose accounts are in the crosshairs&mdash;would surely call that a step in the right direction. Certainly, those investments validate that the regulations are effective.</p> <p> While banks incur costs to comply with new regulations (and therefore routinely oppose them), the resulting increase in transparency improves competition as consumers become more aware of and informed about fraud. As consumers show themselves to be willing to punish a firm for a breach, it becomes even more crucial for banks to prioritize cybersecurity.</p> <p> <strong>After a breach, what can banks do?</strong></p> <p> If a bank wants to minimize the likelihood that a customer will leave following an account breach, Telang has a straightforward idea that has as much to do with customer service as it does with information security.</p> <p> He suggests that banks should be as proactive as possible, and reach out to consumers about suspect transactions rather than simply reacting to users&rsquo; reports of fraud.</p> <p> &ldquo;It engenders more loyalty. You feel good that someone is watching out for you,&rdquo; said Telang.</p> <p> Aside from compensating consumers for any financial losses as the result of a fraud&mdash;which banks are typically required to do by law anyway&mdash;Telang suggests that banks should take a more personal approach in communication and follow-up to let consumers know what actions are being taken and the outcome of any investigation.</p> <p> In this world of uncertainty and growing cyber crime, consumers are sure to value relationships with companies that not only invest in better security, but that extend a friendly hand when something goes wrong.</p> <p> &nbsp;</p> <p> <a href="https://www.ftc.gov/system/files/documents/public_comments/2016/10/00062-129181.pdf">Read Professor Telang&rsquo;s FTC paper on this topic &gt;&gt;</a></p>
http://www.heinz.cmu.edu/news/news-detail/index.aspx?nid=3937Mon, 13 Oct 2017 08:45:00 GMThttp://www.heinz.cmu.edu/news/news-detail/image.aspx?width=250&mar=1&id=10725Should I Stay or Should I Go? Bank Data Breaches and Customer Loyalty

]]>
Heinz Students Investigate Agency Hacks for US House Committee on Homeland Securityhttp://www.heinz.cmu.edu/news/news-detail/index.aspx?nid=3915Image associated with news releaseThe U.S. House Committee on Homeland Security tapped a group of Heinz College students from the Master of Science in Information Security Policy & Management (MSISPM) program to perform a comparative analysis of several high-profile security breaches of federal agencies. In each case, the students detailed the response of the affected agency and then made specific recommendations on how to shore up defenses and prevent a future attack.

]]><p> <em>By Scott Barsotti</em></p> <h2> A team of Heinz College students was tasked with investigating security vulnerabilities at federal agencies, and strategizing how to make all Americans safer from cyber crime</h2> <p> The staggering 2015 breach of the <a href="https://www.opm.gov/">U.S. Office of Personnel Management</a> (OPM) brought the issue of government cybersecurity to national attention, when hackers stole the records of an estimated 21.5 million people.</p> <p> Apart from running the daily administration of a superpower, the federal government of the United States is a target of persistent cyber attacks for another reason: it is the largest employer in the world. In fact, the U.S. Department of Defense can claim that title by itself without counting the seeming googolplex of agencies and offices in which federal employees work and serve around the globe.</p> <p> Within that vast network of employee records, transmissions, and communications lies a treasure trove of sensitive information, a stockpile of everything from schedules to secrets that malicious actors would love to get their eyes on&mdash;and with millions of potential weak spots to exploit.</p> <p> The <a href="https://homeland.house.gov/">U.S. House Committee on Homeland Security</a> recently tapped a group of Heinz College students from the <a href="http://www.heinz.cmu.edu/school-of-information-systems-and-management/information-security-policy-management-msispm/index.aspx" target="_blank">Master of Science in Information Security Policy and Management</a> (MSISPM) program to perform a comparative analysis of several high-profile security breaches at federal agencies. In each case, the students detailed the response of the affected agency and then made specific recommendations on how to shore up defenses and prevent future attacks.</p> <p> Their report suggests that state-sponsored cyber criminals are a primary threat to national security due to the type of information they tend to target&mdash;often financial, health, and military data. Accordingly, the student group included relevant &ldquo;critical infrastructure&rdquo; breaches of private firms JPMorgan Chase (financial), Anthem, Inc. (health), and Lockheed Martin (military) alongside their analysis of public agency hacks.</p> <p> <strong>Systems and training lag behind the times</strong></p> <p> The OPM hack&mdash;suspected to have originated in China&mdash;compromised the personal information of roughly 21.5 million current and former government employees, prospective employees, contractors, and family members who had undergone background checks related to federal employment. These records included social security numbers, addresses, birth dates, security clearance information, and even 5.6 million sets of fingerprints.</p> <p> Hackers have also targeted the U.S. Department of State, the Department of Veterans Affairs, the Postal Service, the Internal Revenue Service, NASA, and the White House in recent years, with varying success.</p> <p> From one breach to the next the culprits, the types of information sought, and the motivations at play may differ, but the overarching trend paints a clear picture: the U.S. government is an extremely attractive target for cyber criminals of all stripes, and that problem will only intensify in the coming years. In their analysis, the students saw consistent opportunities to improve the U.S. government&rsquo;s cyber posture, and produced a list of recommendations that could be implemented across the board by all federal agencies.</p> <p> The students&rsquo; recommendations seek to move agencies toward a culture of cyber vigilance and accountability that all users share in, including additional layers of security as well as providing the entire government workforce with more robust training in information security and the pervasiveness of threats.</p> <p> Summer Craze Fowler, Risk and Resilience Manager for the CERT Division of Carnegie Mellon University&rsquo;s <a href="https://www.sei.cmu.edu/">Software Engineering Institute</a>, was the project&rsquo;s faculty advisor. She said when breaches occur, 70 percent of the time it&rsquo;s a known vulnerability being exploited.</p> <p> &ldquo;There are fundamental [cybersecurity] hygiene practices that are just not in play right now. If we shored up our defenses from that standpoint, we could stop a lot of these attacks from occurring,&rdquo; said Fowler.</p> <p> In the case of the OPM breach, the students determined that OPM had not, to date, followed cyber security best practices and had relatively poor (or even non-existent) endpoint security. According to previous audits, numerous systems at OPM failed security inspection or were operating without authorization, data had been insufficiently encrypted, and adequate cyber security leadership was not in place.</p> <p> In the time since the breach was announced to the public in the summer of 2015, OPM has implemented many of the changes suggested by the students, including multi-factor authentication, strengthening access controls, and modernizing legacy systems.</p> <p> The students affirmed that while system failures, weak controls, and physical thefts can account for some breaches, it was human error, misuse, and insider threats that accounted for the majority of cyber incidents. They argued that while investment must be made in infrastructure and in updating systems, it is simultaneously essential to devote resources to strengthening cyber policies and practices, right down to the employee level.</p> <div class="customSidebar" style="float: left;width: 250px;border-width: 10px;margin: 10px; "> <h2 align="center"> <strong>There are fundamental [cybersecurity] hygiene practices that are just not in play right now.</strong></h2> <h2 align="center"> <strong style="font-size: 12px;">-- Summer Craze Fowler --</strong></h2> </div> <p> <strong>The SEAL Lifecycle: a cyber culture blueprint&nbsp;</strong></p> <p> In order to simplify the implementation of their recommendations, the students developed an innovative strategy called the SEAL (<strong>S</strong>creen, <strong>E</strong>nforce, <strong>A</strong>ssure, <strong>L</strong>earn) Lifecycle. This layered method is intended to continually improve an organization&rsquo;s cyber security through clear and simple processes regarding risk identification, policy application, incident response, and documentation.</p> <p> The Heinz students presented their final paper on Capitol Hill; their recommendations to lawmakers, if fully implemented and baked into future policy and law, could strengthen information security not just for the U.S. government, but for the entirety of the American public.</p> <p> How many grad students get to claim that?</p> <p> &nbsp;</p> <p> <em>This Capstone Project, titled &ldquo;Fortifying America&rsquo;s Cyber Posture: Applying Lessons Learned to Mitigate Future Threats,&rdquo; was completed by Sarah Chandel, Marcelle Drakes-Ruffin, Teresa Mock, and Drew Spaniel.</em></p> <p> <a href="http://www.heinz.cmu.edu/school-of-information-systems-and-management/information-security-policy-management-msispm/index.aspx">Read more about the MSISPM program&gt;&gt;</a></p> <p> <a href="https://homeland.house.gov/">Read more about the House Committee on Homeland Security&gt;&gt;</a></p> <p> &nbsp;</p> <p> &nbsp;</p> <p> &nbsp;</p>
http://www.heinz.cmu.edu/news/news-detail/index.aspx?nid=3915Mon, 13 Oct 2017 08:30:00 GMThttp://www.heinz.cmu.edu/news/news-detail/image.aspx?width=250&mar=1&id=10801Heinz Students Investigate Agency Hacks for US House Committee on Homeland Security

]]>
Dean Krishnan Elected to Top Leadership Spot at INFORMShttp://www.heinz.cmu.edu/news/news-detail/index.aspx?nid=3945Image associated with news releaseINFORMS, the leading international association for operations research and analytics professionals, announced today that Ramayya Krishnan, Ph.D., dean of Carnegie Mellon University's Heinz College of Information Systems and Public Policy, has been elected as the 25th President of the INFORMS Board of Directors. Krishnan will begin serving his three-year term on the INFORMS Board of Directors in January 2018 as president-elect, transitioning to president in January 2019 for a one-year term.

]]>
http://www.heinz.cmu.edu/news/news-detail/index.aspx?nid=3945Mon, 13 Oct 2017 06:00:00 GMThttp://www.heinz.cmu.edu/news/news-detail/image.aspx?width=250&mar=1&id=10869Dean Krishnan Elected to Top Leadership Spot at INFORMS

]]>
Lock It Down Heinz College Battles on the Front Line of the War on Information Securityhttp://www.heinz.cmu.edu/news/news-detail/index.aspx?nid=3864Image associated with news releaseLock It Down Heinz College Battles on the Front Line of the War on Information Security

]]>
http://www.heinz.cmu.edu/news/news-detail/index.aspx?nid=3864Mon, 31 Aug 2017 12:26:00 GMThttp://www.heinz.cmu.edu/news/news-detail/image.aspx?width=250&mar=1&id=10747Lock It Down | Heinz College Battles on the Front Line of the War on Information Security

]]>
German Parliamentarian Visits Heinz College for Insight Into Disruptionhttp://www.heinz.cmu.edu/news/news-detail/index.aspx?nid=3943Image associated with news releaseHeinz College and Carnegie Mellon University were proud to recently host Metin Hakverdi of the Social Democratic Party of Germany for a day of meetings on campus. MdB Hakverdi has represented a constituency from Hamburg in the Bundestag—the chamber of the German Parliament directly elected by the German people—since 2013. Hakverdi met with Heinz faculty experts Rick Stafford, Lee Branstetter and Brian Kovak to discuss policy challenges and initiatives at CMU, in particular Traffic21, Metro21, and the newly formed Center for the Future of Work at Heinz College.

]]><h2> &ldquo;This city, this state, in this time, it seems to be a special place&rdquo;</h2> <p> <em>By Scott Barsotti&nbsp;</em></p> <p> Heinz College and Carnegie Mellon University were proud to recently host <a href="http://metin-hakverdi.de/wordpress/" target="_blank">Metin Hakverdi</a> of the Social Democratic Party of Germany for a day of meetings on campus. MdB Hakverdi has represented a constituency from Hamburg in the <em>Bundestag</em>&mdash;the chamber of the German Parliament directly elected by the German people&mdash;since 2013. For the two terms prior to that, he was a member of the Hamburg city-state government.</p> <p> &ldquo;[Carnegie Mellon] is a great institution, I&rsquo;m impressed,&rdquo; Hakverdi said, after a morning meeting with Heinz College Distinguished Service Professor Rick Stafford.</p> <p> He and Stafford discussed policy challenges and touched on CMU research initiatives such as <a href="http://metro21.cmu.edu/" target="_blank">Metro21</a> (focusing on livability and quality of life issues in the Pittsburgh metro), <a href="https://traffic21.heinz.cmu.edu/" target="_blank">Traffic21</a> (concerning smart transportation efforts), and <a href="https://www.cmu.edu/news/stories/archives/2016/december/dot-award.html" target="_blank">Mobility21</a> (a multi-city, multi-university partnership investigating innovations in mobility including smart city technology, autonomous vehicles, and accessibility).</p> <p> Hakverdi met with Heinz faculty experts Lee Branstetter and Brian Kovak to discuss further policy thrusts, in particular the newly formed <a href="http://fow.heinz.cmu.edu/" target="_blank">Center for the Future of Work at Heinz College</a>.</p> <p> The future of work is an area of special interest to Hakverdi and his constituents. He visited the U.S. on invitation by the Washington office of the <a href="http://www.fesdc.org/about/friedrich-ebert-stiftung/" target="_blank">Friedrich Ebert Foundation</a>, a German think tank, in part to learn more about the transformations affecting Rust Belt economies like Pittsburgh, and how local governments, academia, and civic institutions are addressing technological disruption in the workforce.</p> <p> &ldquo;We&rsquo;re talking about the most complex transition process in the free world. Ever. More complex than the Industrial Revolution,&rdquo; said Hakverdi.</p> <p> Of course, such disruptions have political consequences as well. Hakverdi wants to examine those shifts in the U.S., and how similar forces may play out in his home district.</p> <p> He referenced the election of Donald Trump, the Brexit vote, and the resurgence of right-wing populism in the Western world as evidence that the pace of global technological and economic change is creating significant backlash against political elites&mdash;a fallout which is being exacerbated by nationalism and increasing anxiety around immigration.</p> <p> &ldquo;It&rsquo;s a policy effort. We need the political will not to wait for [change to happen] and then adapt, but rather to make decisions [that acknowledge] it&rsquo;s happening,&rdquo; said Hakverdi.</p> <p> Prior to visiting Pittsburgh, Hakverdi was in Washington, D.C. meeting with 14 congressional leaders on Capitol Hill, both Democrats and Republicans. He came to Pittsburgh not only because of CMU, but also because of a kinship he sees between the cities&rsquo; histories as industrial heavyweights.</p> <p> &ldquo;The harbor has always been the center of [Hamburg&rsquo;s economy], but it&rsquo;s getting more diverse,&rdquo; he said. And who works at that harbor has drastically changed. Harbor workers used to be men of the burlier blue-collar variety, but now dock work is mostly being done by highly skilled specialists with technical prowess. The parallels to Pittsburgh are clear.</p> <p> Those similarities go beyond industry. Hamburg, like Pittsburgh, is a city with renowned universities. Hakverdi said that Germany, in many ways, has big advantages over the U.S. in terms of its university system, such as financing and accessibility (&ldquo;You guys are missing out on so much of your population, intellectually. That&rsquo;s a crime, seriously.&rdquo;) However, he believes a gap still exists in Germany between academia and civic life. He took note of the relationship between CMU and the City of Pittsburgh, which serves as an urban lab for much of the university&rsquo;s&mdash;and Heinz College&rsquo;s&mdash;groundbreaking research.</p> <p> Hakverdi says Hamburg needs a similar culture that pushes academic advancement beyond university walls and into the fabric of the city in order to speed innovation and improve quality of life.</p> <p> On that score, he sees Pittsburgh as a model.</p> <p> &ldquo;This city, this state, in this time, it seems to be a special place,&rdquo; he said. &ldquo;I will recommend my colleagues to come here too.&rdquo; German Foreign Minister Sigmar Gabriel, who is in the same political party as MdB Hakverdi, <a href="https://www.auswaertiges-amt.de/EN/AAmt/BM-Reisen/2017/170517_USA_MEX/170518_Pittsburgh.html" target="_blank">visited CMU shortly after</a>.</p> <p> &nbsp;</p> <p> &nbsp;</p> <p> <a href="http://fow.heinz.cmu.edu/" target="_blank">Read more about the Center for the Future of Work &gt;&gt;</a></p> <p> &nbsp;</p> <p> Read more about <a href="http://metro21.cmu.edu/" target="_blank">Metro21</a> and <a href="https://traffic21.heinz.cmu.edu/" target="_blank">Traffic21 &gt;&gt;</a></p>
http://www.heinz.cmu.edu/news/news-detail/index.aspx?nid=3943Mon, 11 Aug 2017 15:36:00 GMThttp://www.heinz.cmu.edu/news/news-detail/image.aspx?width=250&mar=1&id=10811German Parliamentarian Visits Heinz College for Insight Into Disruption

]]>
Heinz Students Help Top Firms Untangle Blockchainhttp://www.heinz.cmu.edu/news/news-detail/index.aspx?nid=3942Image associated with news releaseRecently, two major multinational clients tapped Heinz College students to investigate use cases for blockchain, in order to better understand how this allegedly revolutionary technology might impact their industries and verticals of interest.

]]><h2> Two student teams take a deep dive into the potentially disruptive technology, with high impact results.</h2> <p> <em>By Scott Barsotti</em></p> <p> If technologies were debutantes, blockchain would be 2017&rsquo;s belle of the ball.</p> <p> Blockchain is one of the buzziest technology trends in recent memory. Everyone&rsquo;s talking about it. Everyone claims to be pioneering it. Big firms are scrambling just to understand it, let alone utilize it. And some experts say it will, given time, completely reshape the Internet. It&rsquo;s just a matter of &ldquo;when,&rdquo; not &ldquo;if.&rdquo;</p> <p> Recently, two major multinational clients tapped Heinz College students from the <a href="http://www.heinz.cmu.edu/school-of-information-systems-and-management/information-systems-management-mism/index.aspx" target="_blank">Master of Information Systems Management (MISM) program</a> to investigate use cases for blockchain, in order to better understand how this allegedly revolutionary technology might impact their industries and verticals of interest.</p> <p> But first things first&hellip;what is it? What is this magical tech marvel that&rsquo;s going to reinvent the virtual world, change everything we thought we knew, and buy everyone a pony?&nbsp;</p> <p> Blockchain&mdash;the technology underlying the cryptocurrency <a href="https://bitcoin.org/en/">Bitcoin</a>&mdash;is a distributed digital ledger, a chronological and immutable record of transactions.&nbsp;</p> <p> (Wait a minute&hellip;a ledger? Like in accounting? I&rsquo;m supposed to get excited about some accounting thing?)</p> <p> Well, yes. You are.</p> <p> While &ldquo;ledger&rdquo; may not be a splashy term in and of itself, the concept of a distributed, incorruptible ledger is, to put it mildly, a pretty major idea. If blockchain technology achieved mainstream adoption, it could resolve one of the single most persistent problems dogging the web since the early days of dot com: the problem of trust.<strong>Will blockchain really change the Internet?</strong></p> <p> Consider these frequently asked questions: how do you know what you can trust online? How do you know the information you&rsquo;re getting is valid? How do you verify a fact? How do you know a bitcoin (or some other digital currency) someone transfers to you hasn&rsquo;t already been spent? Who vouches for the integrity of the avatar-faced and pseudonymed eBay seller you&rsquo;re about to buy that autographed Lebron James jersey from?</p> <p> In the future, the blockchain can. And that future may be closer than you think.</p> <p> The &ldquo;distributed&rdquo; part of a blockchain means that the record is spread out across many computers, called &ldquo;nodes,&rdquo; which means there is no one single point of vulnerability where a hacker can break in. In order for a new transaction to be added, that transaction has to verified by a majority of the nodes on the blockchain (a sensible, albeit somewhat complicated, consensus process called &ldquo;mining&rdquo;). Once the verified transaction has been added to a bundle of other similar transactions (a &ldquo;block&rdquo;) and that block has been added to the chain, it becomes virtually impossible (or at least, statistically, highly improbable) for the information to be changed. Records can be amended and added to, but not altered or deleted.</p> <p> All this is to say that in its perfect form, blockchain is a resilient record that is tamper-proof. Its boldest advocates would describe it as &ldquo;hacker-proof.&rdquo;</p> <p> That ideal form translates into an ever-growing repository of solid, verifiable truths in the vast wilderness of fraud and fake news. That outcome would be, in and of itself, an undeniable good. But blockchain has many other purported uses and benefits.&nbsp;</p> <div class="customSidebar" style="float: right;width: 250px;border-width: 10px;margin: 10px; "> <h2 align="center"> <strong>In its perfect form, blockchain is a resilient record that is tamper-proof. Its boldest advocates would describe it as &ldquo;hacker-proof.&rdquo;</strong></h2> </div> <p> One of the more frequently touted is so-called &ldquo;smart contracts,&rdquo; self-executing transactions that remit and accept payments automatically when an agreement&rsquo;s terms are fulfilled. Eventually, smart contracts could lead to businesses &ldquo;staffed&rdquo; by algorithms, entities with fully automated operations transacting with each other and consumers free of any intervention from human analysts.</p> <p> Blockchain has already found heavy adoption in the financial services industry along those lines, promising in time to cut massive costs, to negate the need for intermediaries to establish trust between parties and regulate transactions, and to make markets more inclusive the world over, especially in less wealthy regions. In the eyes of some, blockchain will usher in a utopia of transparency, openness, and economic freedom.</p> <p> Cool your jets, though. Blockchain has yet to mature to such an extent (or anywhere near it). There have been instances of breaches, such as the highly publicized <a href="https://www.wired.com/2014/03/bitcoin-exchange/">Mt. Gox bitcoin theft</a> and <a href="https://www.wired.com/2016/06/50-million-hack-just-showed-dao-human/">Ethereum &ldquo;DAO&rdquo; hack</a>, which have laid bare exploitable kinks, not to mention a fair bit of hubris.</p> <p> As a nascent technology, researchers are still laboring to understand blockchain&rsquo;s possible uses and probable pitfalls. But the potential is there and is difficult to overstate, which is why companies all over the world have taken notice and want answers.</p> <p> And that&rsquo;s where Heinz College comes in.</p> <p> <strong>Heinz students plot blockchain uses (and ferret out fraudsters) in key industries&nbsp;</strong></p> <p> For one project, a group of Heinz College students partnered with a global consulting firm to break down possible impacts, viability, and security implications of blockchain in seven key sectors: healthcare, finance, retail operations, energy, farming, transportation, and document management.</p> <p> The students explored the current ecosystem of blockchain, mapping out use cases and failures, and creating a risk framework and SWOT analysis for each of the chosen sectors as well as a thorough breakdown of the impact on various stakeholders.</p> <p> One thing that the students were surprised by in their research was the prevalence of companies that say they use blockchain simply for hype&mdash;whether that&rsquo;s for marketing value or possibly even to deceive investors. The team&rsquo;s dataset initially included 228 possible blockchain use cases, but when they went through these products one by one and examined source code and business models, they realized that not all of these cases had legitimately implemented blockchain.</p> <p> After a painstaking data purge, they ended up with only 21 cases. That drop-off rate is a convincing illustration of blockchain&rsquo;s marketing allure.</p> <p> Through their analysis, the students were able to provide a realistic idea of risks and rewards, and exhaustively educate the client (and themselves) about the current state of the blockchain market.</p> <p> &ldquo;Though block chain adoption is still in its infancy, the students were able to demystify it for the client,&rdquo; said Dr. Nicolas Christin, who was the project&rsquo;s faculty advisor. &ldquo;Their thoroughness and determination had a definite impact. By creating a repeatable methodology for risk assessment, they provided a valuable tool for the client moving forward.&rdquo;</p> <p> <strong>Thomson Reuters taps Heinz students on blockchain in IoT</strong></p> <p> For a separate project, global news and information firm <a href="https://www.thomsonreuters.com/en.html">Thomson Reuters</a> gave the Heinz students an open-ended prompt: research applications for blockchain in the burgeoning Internet of Things (IoT).</p> <p> The client asked the students to devise a solution to a huge IoT problem: how to identify, track, and verify sensors that are attached to IoT assets. Having an architecture that allowed that verification within a network would improve inventory management, maintenance, and, vitally, cybersecurity.</p> <p> &ldquo;At Thompson Reuters, we see tremendous crossover between the Internet of Things and the Identity of Things,&rdquo; said Robert Schukai, Global Head of Design, Digital Identity at Thomson Reuters. &ldquo;It isn&rsquo;t enough to just have information from sensors and other devices; it is also important to know what those sensors are and that the sensor content itself is secure and accurate. Corrupted content can have tremendous impact on commodity prices and markets.&nbsp;Blockchain technology can potentially solve both of these challenges.&rdquo;</p> <p> The Heinz team came up with an ingenious way to define the problem in order to research it further: smart farming.</p> <p> You may not think of farming as being a particularly high-tech industry, but <a href="http://www.businessinsider.com/internet-of-things-smart-agriculture-2016-10">connected devices have found widespread use in agriculture.</a> U.S. farmers use Internet-enabled devices to monitor crops and conditions to improve yield. If those sensors could be identified and authenticated in an efficient, standardized way, it would not only have direct benefits to farmers assessing their network, it would also help USDA auditors, who could use the data collected by these sensors to ensure food safety during packing, handling, and storing.</p> <div class="customSidebar" style="float: right;width: 300px;margin: 10px"> <img align="" alt="Raspberry Pi" height="170" src="image.aspx?id=10798&amp;width=300&amp;height=170" width="300" /> <h6 style="text-align: center;"> <em>The students on the Thomson Reuters project utilized a Raspberry Pi mini-computer in their tech solution, like this one.</em></h6> </div> <p> The students used a <a href="https://www.raspberrypi.org/">Raspberry Pi</a> mini-computer and <a href="https://azure.microsoft.com/en-us/?v=17.14">Microsoft Azure</a> alongside the blockchain platform <a href="https://www.ethereum.org/" target="_blank">Ethereum</a> to create a prototype system that securely managed the identity of IoT sensors on a fictional farm. True to the promise of blockchain, the information stored was retrievable, verifiable, and immutable.</p> <p> Not only that, but the students also put forth a white paper based on this project, making the case that IoT devices managed on a blockchain could create an additional revenue stream for farmers and other stakeholders by monetizing the data collected by their devices. Since the data would be stored on a blockchain, a third party purchasing that data could be confident it had not been tampered with.</p> <p> This is the second blockchain-related Capstone project Heinz College students have completed with Thomson Reuters.</p> <p> &ldquo;We are thrilled with the project results and are continually impressed at the caliber of the work, the passion of the students, and the excitement that comes with working on cutting edge technology,&rdquo; said Schukai.</p> <p> <strong>Ready for the future, whatever it holds</strong></p> <p> Heinz College&rsquo;s corporate partners know they can count on our students to take on big problems and new trends without being intimidated. Blockchain is so new that conventional wisdom around it is still forming, but the students on both of these projects parachuted into the blockchain jungle with clear eyes and curiosity, drawing their maps as they went.</p> <p> That&rsquo;s a big part of the Heinz College experience: challenging students to confront the newest technologies and equipping them to innovate on the leading edge. Show them the latest in tech, and they will not simply show you what it does.&nbsp;They&rsquo;ll tell you what it means and why it matters.</p> <p> <a href="http://www.heinz.cmu.edu/school-of-information-systems-and-management/information-systems-management-mism/index.aspx" target="_blank">Read more about the MISM program &gt;&gt;</a></p> <p> <em>The first Capstone Project cited, titled &ldquo;Exploring Privacy and Security Risks in Blockchain Ecosystem,&rdquo; was completed by Melissa Burns, Chad Davis, Yupin Huang, Hyun Soo Park, and Yadi Yang.</em></p> <p> <em>The second Capstone Project, titled &quot;Smart Farming Using IoT &amp; Blockchain,&quot; was completed by Richa Bhuria, Abhishek Singhal, Pushkar Waghdhare, and Owen Wagoner.</em></p>
http://www.heinz.cmu.edu/news/news-detail/index.aspx?nid=3942Mon, 18 Jul 2017 09:57:00 GMThttp://www.heinz.cmu.edu/news/news-detail/image.aspx?width=250&mar=1&id=10808Heinz Students Help Top Firms Untangle Blockchain

]]>
Martin Gaynor Receives the 2017 Kenneth J. Arrow Awardhttp://www.heinz.cmu.edu/news/news-detail/index.aspx?nid=3941Image associated with news releaseMartin Gaynor, the E.J. Barone University Professor of Economics and Public Policy at Carnegie Mellon University’s Heinz College of Information Systems and Public Policy, is a 2017 recipient of the International Health Economics Association’s (iHEA) Kenneth J. Arrow Award, which recognizes excellence in the field of health economics.

]]><h3> International Health Economics Association honors Heinz College professor for his collaborative research on competition in the health care industry</h3> <p> BOSTON&mdash;Martin Gaynor, the E.J. Barone University Professor of Economics and Public Policy at Carnegie Mellon University&rsquo;s <a href="http://www.heinz.cmu.edu/index.aspx" target="_blank">Heinz College of Information Systems and Public Policy</a>, is a 2017 recipient of the <a href="http://www.healtheconomics.org/" target="_blank">International Health Economics Association&rsquo;s (<em>i</em>HEA)</a> Kenneth J. Arrow Award, which recognizes excellence in the field of health economics.</p> <p> Each year, <em>i</em>HEA presents the <a href="http://www.healtheconomics.org/page/ArrowAward" target="_blank">Arrow Award</a>, named after Economics Nobel Laureate Kenneth J. Arrow, to authors of the paper judged to be the year&rsquo;s best published piece on the subject of health economics. The 25<sup>th</sup>&nbsp;Arrow Award is awarded to Gaynor and his co-authors, Carol Propper and Stephan Seiler, for their paper <a href="http://www.aeaweb.org/articles?id=10.1257/aer.20121532" target="_blank">&ldquo;Free to choose? Reform, choice and consideration sets in the English National Health Service,&rdquo;</a> which was published in one of the leading journals in economics, the <a href="http://www.aeaweb.org/journals/aer" target="_blank">American Economic Review</a>.</p> <p> The <em>i</em>HEA Arrow Award Committee honored Gaynor with a plaque in recognition of the award during the <a href="http://www.healtheconomics.org/page/BostonCongress2017" target="_blank">2017 <em>i</em>HEA Congress</a> in Boston.</p> <p> &ldquo;Marty is one of the world&rsquo;s foremost experts on the economics of health care,&rdquo; said Ramayya Krishnan, Dean of Heinz College. &ldquo;His work influences the decisions of scholars and policymakers alike, and I am happy to congratulate him, along with Professors Propper and Seiler, on this well-deserved honor.&rdquo;</p> <p> Gaynor&rsquo;s research focuses on competition, antitrust policy, and health care markets. He has served as the Director of the Bureau of Economics at the Federal Trade Commission, testified before Congress, worked with the Commonwealth of Pennsylvania on its health innovation initiative, and advised the governments of the Netherlands, the United Kingdom, and South Africa on competition issues in health care.</p> <p> &ldquo;This is a great honor. There are many excellent scientific papers in health economics, so the competition is very tough, and to be recognized in this way is very meaningful,&rdquo; said Gaynor.</p> <p> He has won a number of awards for his research, including the American Economic Journal: Economic Policy Best Paper Award; the Victor R. Fuchs Research Award; the National Institute for Health Care Management Foundation Health Care Research Award; the Jerry S. Cohen Award for Antitrust Scholarship (finalist); and a Robert Wood Johnson Foundation Investigator Award in Health Policy Research.</p> <p> In October, Gaynor became the fifth <a href="http://www.cmu.edu/" target="_blank">Carnegie Mellon University</a> faculty member to be elected to the <a href="http://nam.edu/" target="_blank">National Academy of Medicine</a>.</p> <p> <strong>About Heinz College:</strong>&nbsp;The Heinz College of Information Systems and Public Policy is home to two internationally recognized graduate-level institutions at Carnegie Mellon University: the School of Information Systems and Management and&nbsp;the School of Public Policy and Management. This unique colocation combined with its expertise in analytics set Heinz College apart in the areas of cybersecurity, health care, the future of work, smart cities, and arts &amp; entertainment. In 2016, INFORMS named Heinz College the <a href="http://www.informs.org/ORMS-Today/Public-Articles/June-Volume-43-Number-3/INFORMS-NEWS-Carnegie-Mellon-schools-receives-UPS-George-D.-Smith-Prize" target="_blank">#1 academic program</a> for Analytics Education. For more information, please visit <a href="http://www.heinz.cmu.edu/index.aspx" target="_blank">www.heinz.cmu.edu</a>.</p> <p> <strong>About Carnegie Mellon University:</strong> Carnegie Mellon <a href="http://www.cmu.edu">www.cmu.edu</a> is a private, internationally ranked research university with programs in areas ranging from science, technology and business, to public policy, the humanities and the arts. More than 13,000 students in the university&rsquo;s seven schools and colleges benefit from a small student-to-faculty ratio and an education characterized by its focus on creating and implementing solutions for real problems, interdisciplinary collaboration and innovation.</p>
http://www.heinz.cmu.edu/news/news-detail/index.aspx?nid=3941Mon, 17 Jul 2017 14:30:00 GMThttp://www.heinz.cmu.edu/news/news-detail/image.aspx?width=250&mar=1&id=10489Martin Gaynor Receives the 2017 Kenneth J. Arrow Award

]]>
CMU’s Traffic21 Announces Smart Mobility Challengehttp://www.heinz.cmu.edu/news/news-detail/index.aspx?nid=3939Image associated with news releaseCarnegie Mellon University’s Traffic21, a research institute operated out of the Heinz College of Information Systems and Public Policy, and its affiliated USDOT National University Transportation Center in the College of Engineering, Mobility21, are sponsoring a challenge that will transform southwestern Pennsylvania into a test bed for mobility innovation.

]]><p> <em>Up to $300,000 will be awarded to Pilot Smart Transportation Technology in SWPA Communities</em></p> <p> Carnegie Mellon University&rsquo;s <a href="http://traffic21.heinz.cmu.edu/"><strong>Traffic21</strong></a>, a research institute operated out of the Heinz College of Information Systems and Public Policy, and its affiliated USDOT National University Transportation Center in the College of Engineering, Mobility21, are sponsoring a challenge that will transform southwestern Pennsylvania into a test bed for mobility innovation.</p> <p> Municipalities within the 10-county Southwestern Pennsylvania Commission <a href="http://www.spcregion.org/reg.shtml">(SPC) region</a> are encouraged to identify mobility needs affecting their citizens and businesses and to apply for Challenge funds via a brief online form (URL below). Up to $300,000 in awards will fund CMU faculty and students to pilot selected projects.</p> <p> Congressman Bill Shuster noted, &quot;I&#39;m pleased to see this effort by CMU to bring ground-breaking research and technology to our region.&nbsp; As Chairman of the House Transportation and Infrastructure Committee, I&#39;ve promoted the use of innovation to address our Nation&#39;s transportation challenges. This is a great example of how federal transportation research funding is directly addressing the needs of our region, by working with communities to improve mobility for people and our local industries.&rdquo;</p> <p> The Smart Mobility Challenge builds on Traffic21&rsquo;s years of collaboration with the City of Pittsburgh&mdash;which has itself become a globally recognized smart city test bed&mdash;and to bring benefits of transportation innovations to less densely populated communities.</p> <p> Heinz College Dean Ramayya Krishnan states, &ldquo;The Smart Mobility Challenge is an ideal opportunity to put Heinz College&rsquo;s model of research, development, and deployment into action as we further develop our region as the epicenter of smart transportation.&rdquo;</p> <p> &ldquo;College of Engineering researchers will engage with the community to deploy smart transportation technologies that will result in resilient, cost-effective transportation and infrastructure throughout the region,&rdquo; says James Garrett Jr., dean of Carnegie Mellon College of Engineering.</p> <p> An information session will be held <u>Wednesday June 28</u>, 2017 at 2:00pm in CMU&rsquo;s Hamburg Hall, 4800 Forbes Avenue in Pittsburgh. Application form and more details found at <a href="http://traffic21.heinz.cmu.edu/smart-community-mobility-challenge/"><strong>http://traffic21.heinz.cmu.edu/smart-community-mobility-challenge/</strong></a><strong>.</strong></p> <p> <a href="http://traffic21.heinz.cmu.edu/smart-community-mobility-challenge/"><strong>Deadline to apply is July 14, 2017</strong></a>, with awards to be announced in early September.</p> <p> Challenge Partners include the <a href="http://www.spcregion.org/">Southwestern Pennsylvania Commission</a>, the <a href="http://www.regionaltransportationalliance.org/">Regional Transportation Alliance of Southwestern Pennsylvania</a>, and the <a href="http://www.penndot.gov/Pages/default.aspx">Pennsylvania Departments of Transportation</a> and <a href="http://dced.pa.gov/">Community and Economic Development</a>.&nbsp;</p> <p> Special acknowledgement to the <a href="http://hillmanfamilyfoundations.org/foundations/hillman-foundation/">Hillman Foundation</a> and the <a href="https://www.transportation.gov/utc">USDOT University Transportation Program</a> for their support of Traffic21 and Mobility21.&nbsp;</p> <p> <strong>About The Heinz College of Information Systems and Public Policy</strong></p> <p> The Heinz College of Information Systems and Public Policy is home to two internationally recognized graduate-level institutions at Carnegie Mellon University: the School of Information Systems and Management and&nbsp;the School of Public Policy and Management. This unique colocation combined with its expertise in analytics set Heinz College apart in the areas of cybersecurity, health care, the future of work, smart cities, and arts &amp; entertainment. In 2016, INFORMS named Heinz College the&nbsp;<a href="https://www.informs.org/ORMS-Today/Public-Articles/June-Volume-43-Number-3/INFORMS-NEWS-Carnegie-Mellon-schools-receives-UPS-George-D.-Smith-Prize" target="_blank">#1 academic program</a>&nbsp;for Analytics Education.&nbsp;For more information, please visit&nbsp;<a href="http://www.heinz.cmu.edu/" target="_blank">www.heinz.cmu.edu</a>.</p> <p> &nbsp;</p> <p> &nbsp;</p> <p> &nbsp;</p> <p align="center"> ###</p>
http://www.heinz.cmu.edu/news/news-detail/index.aspx?nid=3939Mon, 15 Jun 2017 11:40:00 GMThttp://www.heinz.cmu.edu/news/news-detail/image.aspx?width=250&mar=1&id=0CMU’s Traffic21 Announces Smart Mobility Challenge

]]>
Classroom Dedication a Fitting Honor for Salesforce President and COOhttp://www.heinz.cmu.edu/news/news-detail/index.aspx?nid=3938Image associated with news releaseKeith Block (MSPPM ’84) is a member of the Carnegie Mellon University Board of Trustees and Dean’s Advisory Council at Heinz College. He currently serves as the vice chairman, president, and COO of software and cloud computing giant Salesforce. In a May 19 ceremony, Heinz College Dean Ramayya Krishnan dedicated the Block Classroom, a state-of-the-art 60-seat classroom situated in Hamburg Hall’s newly renovated east wing. Block and his wife, Suzanne Kelley, are guests of honor this week, as Block is also on campus to deliver the keynote address at Heinz College’s Diploma Ceremony.

]]><h2> Keith Block (MSPPM &rsquo;84) is a member of the Carnegie Mellon University Board of Trustees and Dean&rsquo;s Advisory Council at Heinz College</h2> <p> <em>By Scott Barsotti</em></p> <p> As an exemplary alumnus who has devoted himself to the mission and governance of both Carnegie Mellon University and Heinz College, dedicating a classroom to Keith Block is a no-brainer. What better way to recognize the outsized impact he has had on our students?</p> <p> In a May 19 ceremony, Heinz College Dean Ramayya Krishnan dedicated the Block Classroom, a state-of-the-art 60-seat classroom situated in Hamburg Hall&rsquo;s newly renovated east wing.</p> <p> Block, a CMU grad twice over who received his bachelor&rsquo;s degree from the Dietrich College of Humanities and Social Sciences and his master&rsquo;s degree from Heinz College, currently serves as the vice chairman, president, and COO of software and cloud computing giant <a href="https://www.salesforce.com/" target="_blank">Salesforce</a>.</p> <p> Block and his wife, Suzanne Kelley, are guests of honor this week, as Block is also on campus to deliver the keynote address at Heinz College&rsquo;s Diploma Ceremony.</p> <p> In addition to his various leadership roles at CMU, Block established the Keith Block Entrepreneurship Fund to promote entrepreneurship among Heinz College students, and has generously supported the recent efforts to expand and refurbish Hamburg Hall.</p> <p> &ldquo;As an institution, we wouldn&rsquo;t be who we are or where we are without the support and guidance of Keith and other alumni like him, who not only do great things after graduating from Heinz, but who commit to staying engaged with us and everything we do,&rdquo; said Krishnan.</p> <p> &ldquo;His remarkable success in the private sector, coupled with his passion for improving education at all levels, stands as an inspiring example to all who walk through these halls.&rdquo;</p> <p> Dean Krishnan was joined at the Block Classroom dedication by Heinz College leadership, faculty, students and distinguished guests including CMU President Subra Suresh.</p> <p> In his remarks, President Suresh recognized Block as one of CMU&rsquo;s &ldquo;most avid proponents.&rdquo;</p> <p> &ldquo;This classroom is a fitting testament to Keith&rsquo;s dedication to the university, to the Heinz College, and to its students,&rdquo; said Suresh. &ldquo;Carnegie Mellon is eternally grateful.&rdquo;</p>
http://www.heinz.cmu.edu/news/news-detail/index.aspx?nid=3938Mon, 19 May 2017 07:45:00 GMThttp://www.heinz.cmu.edu/news/news-detail/image.aspx?width=250&mar=1&id=10757Classroom Dedication a Fitting Honor for Salesforce President and COO

]]>
Heinz Experts Make Cybersecurity Recommendations Washington Should Consider Nowhttp://www.heinz.cmu.edu/news/news-detail/index.aspx?nid=3931Image associated with news releaseIn the years ahead, the online environment will be complicated by autonomous vehicles and the Internet of Things as much as cyber crime and cyber warfare, and we are headed toward a reality in which the digital world and the physical world will have flimsy boundaries at best. Leaders are needed to tackle complex challenges in cyber that are more philosophical than technical. Said another way: the field needs political science as much as computer science. Heinz College experts Randall Trzeciak and Summer Fowler, as well as second-year MSISPM student Jennifer Urgilez, discuss needed policy shifts and the future of cyber.

]]><p> <em>By Scott Barsotti</em></p> <h2> Leaders are needed to tackle complex challenges in cyber that are more philosophical than technical. And they&rsquo;re needed now.</h2> <p> In the years ahead, the online environment will be complicated by autonomous vehicles and the Internet of Things as much as cyber crime and cyber warfare, and we are headed toward a reality in which the digital world and the physical world will have flimsy boundaries at best.</p> <p> &ldquo;Think about the driverless vehicle driving down the road that needs to be connected to the Internet to get sensor data. If that shuts down, the car shuts off. That&rsquo;s now a health and safety issue,&rdquo; said Randall Trzeciak, director of the Masters of Information Security Policy and Management (MSISPM) program at Heinz College.</p> <p> While technology plays a huge role in the development of cyber, there is an ever-widening gap between those advancements and the policies needed to secure the next generation(s) of the Internet.</p> <p> Who will step up to define those policies? It could be you. (No, really, it could be you.)</p> <div class="customSidebar" style="float: left;width: 250px;"> <h2 style="text-align: left;"> Top ten highest-paying jobs in IT/Cybersecurity*</h2> <ul> <li> Lead Software Security Engineer</li> <li> Chief Security Officer</li> <li> Global Information Security Director</li> <li> IT Security Consultant</li> <li> Chief Information Security Officer</li> <li> Director of Security</li> <li> Cybersecurity Lead</li> <li> Lead Security Engineer</li> <li> Cybersecurity Engineer</li> <li> Application Security Manager</li> </ul> <p style="text-align: left;"> <em>*Many of these and other security and IT positions require a knowledge of information systems and management, but <u>not</u> a background in computer science</em></p> <p style="text-align: left;"> <em><img align="" alt="Server Room Cool Lighting" height="141" src="image.aspx?id=10595&amp;width=250&amp;height=141" width="250" /></em></p> <p> <em>Source: CIO Magazine, Oct 2016</em></p> </div> <p> Studies show that the cybersecurity field is facing a global talent shortage of some 1.5 million jobs by 2019. A major contributing factor to that shortage is a lack of awareness.</p> <p> &ldquo;77 percent of women said in a recent industry survey that no high school teacher or guidance counselor ever mentioned cybersecurity as a career,&rdquo; said Trzeciak. The number wasn&rsquo;t much better for men&mdash;67 percent. &ldquo;Getting that knowledge at the K-12 level would be very important, to start creating the pipeline of cybersecurity professionals at the undergraduate and graduate levels.&rdquo;</p> <p> Trzeciak is playing the long game for a reason. Cybersecurity is the future. It&rsquo;s a field that will touch every industry in every sector in a landscape that&rsquo;s becoming more connected. More connections mean more vulnerabilities. More vulnerabilities mean more threats. As those threats grow and technology speeds ahead, the need for smart policy is evident if we&rsquo;re to have any hope of keeping the world secure in the 21<sup>st</sup> century.</p> <p> &ldquo;We need laws and language around cybersecurity that are clear, specific, and easy to understand,&rdquo; said Summer Craze Fowler, Director of Risk and Resilience for the CERT Division of Carnegie Mellon University&rsquo;s Software Engineering Institute (SEI). &ldquo;What do we mean when we say cybersecurity? What do we mean when we say cyber attack?&rdquo;</p> <p> Here are a few directions the law might be&mdash;or perhaps <em>should be</em>&mdash;headed in the coming years.</p> <p> <strong>We need international rules of engagement for cyber warfare</strong></p> <p> Fowler remarks on several infamous examples of a &ldquo;non-kinetic&rdquo; cyber action having a physical effect. There was Stuxnet, a cyber weapon used by the U.S. and Israel to sabotage uranium enrichment facilities in Iran about 10 years ago. There was the 2014 attack on a steel mill in Germany, which caused massive damage by manipulating a blast furnace. Then, in late 2015, hackers seized control of power substations in Ukraine, cutting power to nearly a quarter million Ukrainians.</p> <p> She states that this is an area that the U.S. government, and in particular the Department of Defense, needs to be concerned with. And to lead.</p> <p> &ldquo;It&rsquo;s a diplomatic effort&hellip;we need to get agreements written down,&rdquo; said Fowler, adding that just as international rules and agreements exist regarding, for example, the treatment of prisoners of war, similar compacts are needed governing use of cyber weapons against critical infrastructure. &ldquo;If someone hacks [our critical assets], should we be allowed to return with a bomb? What are the rules on this? And how do you get [different nations] to agree?&rdquo;</p> <p> Jennifer Urgilez, a second-year MSISPM student, says this area of policy could become even cloudier if private companies are the belligerents.</p> <p> &ldquo;Let&rsquo;s say a foreign entity decides to take out its competition&mdash;steals an American company&rsquo;s IP and then uses destructive malware to take out its systems&hellip;and the actors don&rsquo;t target an entity with public safety implications, like an electric grid or something analogous. At what point would government offensive action or cyber warfare be warranted?&rdquo; said Urgilez.</p> <p> &ldquo;It becomes very murky and we lack so many laws in this space.&rdquo;</p> <p> <strong>We need national cyber breach notification and disclosure</strong></p> <div class="customSidebar" style="float: right;width: 250px;border-width: 10px;margin: 10px; "> <h2 align="center"> <strong>We lack so many laws in this space.</strong></h2> <h2 align="center"> <strong style="font-size: 12px;">-- Jennifer Urgilez, MSISPM &#39;17 --</strong></h2> </div> <p> Fowler advocates for a federal standard of notification following a breach of customer information. Currently, all 50 states have different laws in this area&mdash;or no law&mdash;creating inefficiency, confusion, and financial waste.</p> <p> &ldquo;If my organization has customers in all 50 states, and I have a breach in one of my systems, I have different notification laws in each state,&rdquo; said Fowler. Those laws differ on type of data covered, timetable, and method of notification. With a federal suite of notification laws, both consumers and businesses would know what to expect, which Fowler says is a win-win.</p> <p> Trzeciak thinks the field is within a few years of being able to analyze network data in real time, and to use machine learning to automate defenses, whether that be automated alerts or a self-healing network that could address anomalies without intervention from a human analyst. As that technology matures, consumer notification could possibly be part of that automation, especially if notification demands are standard across areas.</p> <p> <strong>We need to address privacy earlier in the lifecycle</strong></p> <p> &ldquo;Right now, we only care about privacy when an incident actually happens,&rdquo; said Fowler. &ldquo;Why don&rsquo;t we drive privacy into the designs of the systems and software we&rsquo;re developing?&rdquo;</p> <p> Fowler cites UL listings, a certification of product safety that assures you as the consumer that, for example, when you plug something into the wall its battery isn&rsquo;t going to explode. She says Internet-connected devices could have similar thresholds of safety.</p> <p> &ldquo;I don&rsquo;t want to be heavy-handed with regulation and I want business to be able to thrive, but the Internet is part of our infrastructure now, and there&rsquo;s going to have to be some regulation and standardization to get plugged in,&rdquo; she said.</p> <div class="customSidebar" style="float: left;width: 250px;border-width: 10px;margin: 10px; "> <h2 align="center"> <strong>There&rsquo;s more to do than just computer programming if you&rsquo;re going into security.</strong></h2> <h2 align="center"> <strong style="font-size: 12px;">-- Randall Trzeciak --</strong></h2> </div> <p> Trzeciak agrees, stating that in the current market, an unfair expectation is placed upon consumers to be security experts.</p> <p> &ldquo;A car can&rsquo;t be released without safety inspections, but no such policies apply to the release of an Internet-enabled refrigerator,&rdquo; he said. &ldquo;When we have these IoT devices out there&hellip;how much sensitive data will the producers of the device be collecting and analyzing, and what will they use it for?&rdquo;</p> <p> Urgilez echoes similar concerns, and adds that she believes policy should mandate additional layers of privacy and confidentiality when the intended end users of a product are more vulnerable individuals, such as children.</p> <p> Manufacturers can do more to design for privacy right now, Fowler suggests, such as requiring any functionality that shares information with the manufacturer to be explicitly turned on by the consumer, rather than the current state which expects consumers to discover and turn off such functions.</p> <p> &ldquo;We don&rsquo;t train any of our engineers to think about this,&rdquo; said Fowler.</p> <div class="customSidebar" style="float: right;width: 300px;margin: 10px"> <img align="" alt="Jennifer Urgilez NCAC Trophy" height="375" src="image.aspx?id=10741&amp;width=300&amp;height=375" width="300" /> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <h6 style="text-align: center;"> <em>Urgilez, with the 2016 National Cyber Analyst Challenge trophy</em></h6> </div> <p> <strong>Cybersecurity is for those who want to have impact&mdash;it&rsquo;s not just for techies</strong></p> <p> The challenges in cybersecurity go far beyond technology. There are political challenges, social challenges, management challenges, design challenges. That means the field needs a diversity of thought leadership.</p> <p> &ldquo;There&rsquo;s more to do than just computer programming if you&rsquo;re going into security,&rdquo; said Trzeciak. &ldquo;We&rsquo;ve had very successful MSISPM students with [undergraduate] degrees in finance and accounting, business, political science, international relations&hellip;when you get those folks into a room together and talk about the legal and privacy aspects of information security, it&rsquo;s a great discussion. It&rsquo;s more than just a technical discussion.&rdquo;</p> <p> Urgilez is a perfect example. She got a bachelor&rsquo;s in political science from Yale, then spent several years working in the public sector before returning to school for her master&rsquo;s degree. She admits to being hesitant at the time she applied, acknowledging CMU&rsquo;s reputation as a computer science juggernaut alongside her own &ldquo;soft&rdquo; (her word) liberal arts background; she submitted her application to Heinz College on the last day of the admissions window.</p> <p> She&rsquo;s glad she did. At Heinz, Urgilez has come to see cybersecurity less as a hard science and more as an area where policy-minded people like her can do good in the world. She intends to take what she&rsquo;s learned here back to the public sector after graduation, and to continue working to make the world safer.</p> <p> &ldquo;I see it as a way to give back to my country,&rdquo; she said.</p> <p> &nbsp;</p> <p> <em>Jennifer Urgilez was on the CMU team that won the 2016 National Cyber Analyst Challenge; her teammates included fellow MSISPM students Sara Mitchell, Krishna Chirumamilla, and Daniel Widya Suryanata, along with Jennifer Burns from CMU&#39;s Information Networking Institute</em>;&nbsp;<a href="http://www.ini.cmu.edu/news/2016/11/NCAC2016.html" target="_blank">Read more about the CMU team&#39;s victory &gt;&gt;</a></p> <p> <a href="http://www.heinz.cmu.edu/school-of-information-systems-and-management/information-security-policy-management-msispm/index.aspx" target="_blank">Read more about the MSISPM program &gt;&gt;</a></p> <p> <a href="https://www.sei.cmu.edu/" target="_blank">Read more about SEI &gt;&gt;</a></p> <p> &nbsp;</p>
http://www.heinz.cmu.edu/news/news-detail/index.aspx?nid=3931Mon, 04 May 2017 09:00:00 GMThttp://www.heinz.cmu.edu/news/news-detail/image.aspx?width=250&mar=1&id=10722Heinz Experts Make Cybersecurity Recommendations Washington Should Consider Now

]]>
A Grand Challenge: National Academy of Engineering Talks Cybersecurity at CMUhttp://www.heinz.cmu.edu/news/news-detail/index.aspx?nid=3934Image associated with news releaseThe National Academy of Engineering (NAE) gathered for a regional meeting and symposium at Carnegie Mellon University's Software Engineering Institute to discuss cybersecurity, which is now one of the greatest challenges in the 21st century.

]]>
http://www.heinz.cmu.edu/news/news-detail/index.aspx?nid=3934Mon, 04 May 2017 10:45:00 GMThttp://www.heinz.cmu.edu/news/news-detail/image.aspx?width=250&mar=1&id=10734A Grand Challenge: National Academy of Engineering Talks Cybersecurity at CMU

]]>
Bankrupting Terrorism: Heinz Alum Hits Extremists Where It Hurtshttp://www.heinz.cmu.edu/news/news-detail/index.aspx?nid=3905Image associated with news releaseThe U.S. Department of State has prevented more than 300 terrorist attacks by tracing and recovering illegal money meant to fund terrorist activities. But even with that rate of success, the World Bank estimates that approximately $3.61 trillion is laundered annually across the globe, making laundering a colossal challenge for counterterrorism experts. One of the keys to fighting terrorist attacks is further preventing the illegal laundering of money, usually disguised as legitimate business transactions, to fund terrorist activities. That’s exactly what Ian Kloo (MSPPM’ 14) has done. Through his work as a Presidential Management Fellow, Kloo developed an innovative app for the Center for Army Analysis that helped the center’s analysts find links between known and unknown money launderers that support terrorism.

]]><p> <em>By Michael Cunningham</em></p> <h2> Heinz alumnus builds groundbreaking tool to counteract the financing of terrorism</h2> <p> Terrorist activities, like many things in life, cost a lot of money. And much of that money is laundered.</p> <p> Money laundering is the process of creating the appearance that large amounts of money obtained from serious crimes, such as drug trafficking or terrorist activity, originated from a legitimate source. Money launderers often achieve this by utilizing transfers involving foreign banks or legitimate businesses.</p> <p> The U.S. Department of State has prevented more than 300 terrorist attacks by tracing and recovering illegal money meant to fund terrorist activities. But even with that rate of success, the World Bank estimates that approximately $3.61 trillion is laundered annually across the globe, making laundering a colossal challenge for counterterrorism experts.</p> <p> One of the keys to fighting terrorist attacks is further preventing the illegal laundering of money, usually disguised as legitimate business transactions, to fund terrorist activities.</p> <p> That&rsquo;s exactly what Ian Kloo (MSPPM-Data Analytics &#39;14) has done. Through his work as a Presidential Management Fellow, Kloo developed an innovative app for the Center for Army Analysis that helped analysts at <a href="http://www.centcom.mil/" target="_blank">United States Central Command</a> (USCENTCOM) find links between known and unknown money launderers that support terrorism.</p> <p> Kloo&rsquo;s app has had a monumental impact at USCENTCOM, enabling government officials to seize and interdict what Kloo described as a &ldquo;significant&rdquo; amount of money from known terrorist organizations. For his efforts in developing the app, Kloo was awarded the 2016 David Rist Prize by the Military Operations Research Society (MORS). The Rist Prize recognizes the practical benefit sound operations research can have on &ldquo;real life&rdquo; decision-making.</p> <p> &ldquo;USCENTCOM had a lot of data that had been subpoenaed through various legal actions,&rdquo; said Kloo. &ldquo;We came up with a methodology to go through and create some visualizations based of all of that data.&rdquo;</p> <p> The key to developing this groundbreaking technology, which was unprecedented in financial counterterrorism, was something called &ldquo;entity resolution&rdquo; &ndash; the practice of determining whether two similar names in the same financial transaction data set are actually the same person.</p> <p> &ldquo;We were trying to answer the really hard question of, &lsquo;which two people in this data set are actually the same person, but using different names or different monikers,&rsquo; so getting after that is where I think we had the greatest impact,&rdquo; explained Kloo. &ldquo;We created an interface for analysts to use, where they could go through and create some relatively complicated rule sets to do some fuzzy matching of these names.&rdquo;</p> <p> For example, using Kloo&rsquo;s app, an analyst could determine that they wanted to create a data set where everyone who has the same date of birth, and similar names based on some key metrics, is considered to be the same person.</p> <p> &ldquo;In a typical data set, it would be several hundred million pair-wise comparisons to do that by hand, which is impossible,&rdquo; explained Kloo. &ldquo;But the analysts had the intuition to do it. So we were able to leverage the analysts&rsquo; insight and the power of computers to fit where appropriate instead of trying to shoehorn one into the wrong place.&rdquo;</p> <p> In addition to the Rist Prize, Kloo&rsquo;s work to counteract terrorist financing also landed him a job. With his two-year Presidential Management Fellowship set to expire next month, Kloo was hired on by the Center for Army Analysis full-time to continue leading data science projects that make a positive impact on society.</p> <p> Currently, Kloo is developing an app to optimize space in the Arlington National Cemetery, and he is creating tools to help Army analysts predict which digital news stories will attract the most public attention.</p> <p> &ldquo;Being able to use data science to have a positive impact on society is very fulfilling, and it&rsquo;s one of the main reasons that I wanted to get involved in government work in the first place,&rdquo; said Kloo.</p> <p> &nbsp;</p> <p> <a href="https://www.pmf.gov/" target="_blank">Read more about the Presidential Management Fellowship &gt;&gt;</a></p> <p> <a href="http://www.mors.org/Recognition/Rist_Prize" target="_blank">Read more about the Rist Prize &gt;&gt;</a></p> <p> <a href="http://www.heinz.cmu.edu/school-of-public-policy-management/public-policy-management-msppm/msppm-track-options/data-analytics-track/index.aspx" target="_blank">Read more about the MSPPM Data Analytics Track &gt;&gt;</a></p>
http://www.heinz.cmu.edu/news/news-detail/index.aspx?nid=3905Mon, 03 May 2017 09:30:00 GMThttp://www.heinz.cmu.edu/news/news-detail/image.aspx?width=250&mar=1&id=10530Bankrupting Terrorism: Heinz Alum Hits Extremists Where It Hurts

]]>