Report: Graduate schools failing on cyberthreats

Cybersecurity experts are increasingly concerned that the nation’s future leaders are unprepared to deal with the digital threats programmers and cryptographers are wrestling with.
A report this spring from a fellow at Salve Regina University’s Pell Center for International Relations and Public Policy warned that the top graduate schools in the country are “failing” to educate their students about cyberthreats.
The report mentioned key fields, including law, business, health administration, public policy and criminal justice among the areas where knowledge of cybersecurity issues could be vital for future leaders.
“There are only some schools offering cybersecurity classes and most don’t offer anything other than seminars,” said Francesca Spidalieri, author of the report titled “One Leader at a Time.”
“None offer it as a core component,” she said. “We are looking at private sectors as the most common vulnerabilities and most threats happen because employees are not trained properly.”
Spidalieri didn’t survey any Rhode Island schools, because they didn’t rank top 10 nationally in any of the graduate fields covered.
But she said Ocean State universities are generally in line with national counterparts on cybersecurity training, with a chance to move ahead because of the state’s overall cybersecurity resources.
Those resources include the interest of the state congressional delegation, and the work at the Pell Center, the University of Rhode Island’s Digital Forensics and Cyber Security Center and the U.S. Naval War College in Newport.
The kind of training Spidalieri’s report focuses on can’t just be confined to the experts in computer science departments, but needs to be diffused across curriculums to reach the result she’s looking for. At Roger Williams University in Bristol, host to the state’s only law school, future lawyers are learning cybersecurity concepts from professors in the School of Justice Studies.
While it is not a core requirement, professor Peter Margulies said at Roger Williams cybersecurity courses are offered as electives to law students and faculty are consciously infusing aspects of it into relevant parts of the curriculum.
“It is a growth area and I think all law schools and universities need to do more on this,” Margulies said about cybersecurity. “I do worry that the population in general and students have not realized the importance.”
In the legal world, cybersecurity touches on a number of areas such as protecting communication with clients, scrubbing metadata from documents, understanding privacy law with big data and navigating international law on cyberattacks.
Margulies and Roger Williams professor of networking, security and forensics Douglas White are involved in a conference this June titled “Cyber Threats, Cyber Realities: Law, Policy & Regulation in Business, Professions & National Security.”
Among the different areas she studied, Spidalieri said law and public- administration schools seemed to be doing the best job of infusing cybersecurity into the curriculum.
She singled out Syracuse University’s Maxwell School of Citizenship and Carnegie Mellon University’s Heinz School of Public Policy as examples of programs that had committed to education in the field in the master of public administration and master of public policy realm.
On the other hand, she said she was surprised how little business schools had embraced it.
On the 1-to-4 scale she used to rank schools, none of the top MBA programs in the country did better than Harvard and MIT’s 2.5. “I expected the MBAs would be the most prepared, but that was my lowest rank other than health care management,” Spidalieri said. “Few of them had strong cybercomponents.”
In some cases, the condensed nature of MBA programs could be the reason cybersecurity hasn’t gained more of a foothold in the curriculum.
At Johnson & Wales University in Providence, the School of Technology is doing a lot of work in cybersecurity, and it’s available to undergraduates in the business school, but it hasn’t migrated over to the MBA program.
Thomas Calabrese, associate professor in Johnson & Wales’ School of Technology, said he wasn’t sure why the MBA program doesn’t utilize cybersecurity classes, but he hopes it does soon.
“If you use proper cryptology tools, no one can break those codes,” said Calabrese, whose specialty is cryptology. “The real issue is, will you use those things. You have to educate a whole group of leaders and you have to have policies that include it in their business model. Now, you have executives who are unaware of all there is that they need to do.”
Back at Salve, Spidalieri is working on another cybersecurity study, this time of military higher education policies, and finding a much greater awareness in the armed forces.
Eventually, her goal is to get funding to convene enough experts to put together model cybersecurity curriculums for different fields that could be used in universities around the world.
“We don’t need people just with technical and engineering degrees to know about this, we need leaders of universities, courts, corporations and hospitals to know,” Spidalieri said. “It is not a technical problem but an operational issue and legal and governance problem.” •

No posts to display