After Frederic Lemieux spoke at a DC Chamber of Commerce forum on cybersecurity, he came away with a disconcerting realization: Many people were unsure about how to protect their businesses from cyber threats.
“I could see many businesses didn’t know where to start, which was very concerning to me,” said Lemieux, Ph.D., Faculty Director for the Georgetown University Master’s in Applied Intelligence and Master's in Cybersecurity Risk Management programs.
That uncertainty is understandable given all the “noise” out there about a threat that seems both formidable and amorphous.
“It’s not that there are no materials on cybersecurity—there are too many,” including promotional materials from firms trying to market their services, Lemieux said.
Minimizing Threats
The experience got Lemieux thinking about how the Applied Intelligence and Cybersecurity Risk Management programs could educate local businesses about the real cyber threats they face and how those threats can be minimized. The result, after much discussion and planning, was an agreement between Georgetown and the D.C. Chamber of Commerce to launch the Cyber Watch program this fall, leveraging the Georgetown curriculum, which focuses on risk management and cyber intelligence.
Lemieux will select about five top students to serve in a “Red Cell,” which will analyze security threats and write a monthly cybersecurity report for members of the D.C. Chamber. The group will also suggest solutions to a variety of security issues and investigate and explain any recent security breaches that are in the news. In the future, students from the program could also assist individual companies facing specific security concerns.
According to Foreign Policy magazine, a Red Cell refers to a “group of contrarian thinkers that challenges conventional wisdom in the intelligence community and mitigates the threat of additional surprises through alternative analysis.”
“The type of analysis that can be produced [at Georgetown] includes but is not limited to: cyber watch, cyber threat intelligence, cyber defense analysis, risk assessment, and strategic security analysis,” according to a concept brief on the new group.
Making Sense of the ‘Noise’
The businesses at the Chamber forum represented three distinct groups, Lemieux said. At one end of the spectrum were companies in the cybersecurity sector itself, which would naturally be the most fluent in the topic; second were technology companies that don’t deal specifically with cybersecurity but were relatively familiar with those issues; and finally, were those firms that are not technology companies per se, but, like most businesses, use technology regularly.
“There is so much corporate and government literature that small and medium businesses don't know where to start reading about best practices in cybersecurity, what they should be really worried about, and how they can effectively protect themselves,” Lemieux said. “It's all mixed up, and making sense of that requires time that small and medium businesses don't have. That's why providing them with a cyber watch will help them to keep their eyes on the ball instead of being distracted by information overload.”