An expert concerned about the GAO’s findings and the current level of risk to the nation’s cyber infrastructure is Darren Hayes, a leading expert in the field of computer forensics and security and a professor at Pace University’s Seidenberg School of Computer Science and Information Systems in New York.
Contact: Bill Caldwell, Office of Public Information, Pace University, 212-346-1597, email@example.com
An October report by the U.S. Government Accountability Office found that only two of the 24 recommendations have been fully implemented that were made to President Obama last spring in a review report he ordered about combatting “pervasive computer-based (cyber) attacks against the United States” with “potentially devastating impacts.”
An expert available to comment on the GAO’s findings and the current level of risk to the nation’s cyber infrastructure is Darren Hayes, a leading expert in the field of computer forensics and security and a professor at Pace University’s Seidenberg School of Computer Science and Information Systems in New York.
He says: “We will remain vulnerable in the short-term.” Among his other views:
People: “It is understandable that some of the President’s initiatives have not been carried out because they are long-term in nature. For instance, we are lacking in the number of professionals. The U.S. does not have enough students graduating with IT degrees. Foreign-born nationals studying in the U.S. are denied jobs in IT, including security. And most IT security government and government contractor jobs are only open to U.S. citizens.”
Diplomacy:“International cooperation is essential because many of the attacks come from abroad, especially from hackers. These include ‘bot herders’ from countries like Russia, Ukraine and Israel. But international agreements and the disparity between the U.S. and international legislation are problematic and will require negotiations that also are long-term. We will remain vulnerable in the short-term.”
Expertise: “I am concerned that the President’s efforts will simply be a government initiative without embracing input from corporations and academia. I am also concerned that the focus will just be on security without proper input from incident handlers, like computer forensics examiners, who have a different skill set and have the potential to provide vital feedback about the types of incidents and trends that they are encountering.”
The banking system: “Security breaches, identity theft or financial fraud can all be fixed, but an attack on the infrastructure of the banking system or utilities would be a lot more damaging. If the banking system is attacked or infiltrated, people will lose trust, and the consequences would be a lot more serious.”
Phone: (212) 346-1005; e-mail: firstname.lastname@example.org .
BACKGROUND: Professor Hayes has special sensitivities to security: he began a 10-year career in the financial services industry in 1990 with Cantor Fitzgerald at the World Trade Center. At Pace he manages the computer forensics laboratory, conducting research with computer science and information systems students. Much of this research has been published through Institute of Electrical and Electronics Engineers (IEEE). A training consultant in Computer Forensics, he has cultivated partnerships in security areas with agencies including the United Nations, the New York City Police Department and the city departments of Education and Parks and Recreation.