When Charles Harry, a CISSM Senior Research Associate, began his career in economics, he had a general interest in technology, which led him to work at the National Security Agency. By broadening his knowledge and skill set within this role, Harry uncovered his passion for creating effective policy engagement regarding cyber operations.
Although cybersecurity is commonly regarded as a field isolated to computer scientists, Harry says that, because technology is so interconnected within our society, all policymakers need to understand how it impacts their policy interests or constituents.
“Our ability to understand the interface between technology, people and process, which is the definition of cyber, is something that I think needs to percolate through our students, not as a separate pillar,” explains Harry. “With the way the world is really developing, we need better ways of assessing the interdependence and complexity that all this technology is bringing.”
Many of the greatest challenges within cyberspace also pose important policy questions, including one that Harry is currently addressing. Data regarding cyber events is inconsistent, expensive to access and poorly organized. Harry is leading the development of a cyber attacks database categorized by industry, threat actor and motive, allowing policymakers and industries to better understand the typical impact and magnitude of cyber events.
“Not all industries are facing the same cyber threat, which makes sense when you think about it,” Harry says. “There are differences, and not having data is a fundamental problem.”
Harry is also working on another project that maps critical infrastructure to estimate strategic risk. This risk assessment would help to inform policymakers and industries about the consequences of cyber events and how they can effectively prevent and respond to a cybersecurity crisis.
“Instead of just kind of assessing and classifying events that we see around the world and around industries, I also want to be able to say, what is the strategic risk to a critical infrastructure sectors?” explains Harry. “We created an agent-based model to model the dynamic propagation impact. For example, if I take down an airport, here's how it cascades. Here's how flight delays ripple through the entire national and regional area infrastructure.”
So, how can policy students begin addressing cyber challenges? Harry recommends enrolling in PLCY388C or PLCY688C to become better acquainted with cyber operation and issues. These courses, which are designed for students without a background within computer science, are intended to provide students with the ability to converse about cybersecurity, even if they lack the technical skill set.
“The idea is to get people interested in this very rich and fascinating area and being able to bring different skills,” says Harry. “Technical skills are great, but I would also argue people, who like myself are trained in a different discipline, can do very well. Some of the best hackers I've ever met are actually English Literature majors.”
Overall, Harry encourages students, regardless of their discipline, to explore the role and major challenges of technology and cyberspace within their field.
“Don't be afraid of these technical topics because you have to understand technology. You have to understand how that technology is brought to bear, some of the limitations, some of the great advantages, some of the security problems, and then, more importantly, how you use new analytic techniques as a way of trying to better understand policy problems,” he concludes.