Q&A: Addressing Threats to U.S. Borders and Cybersecurity
The following is a transcript of the Q&A session from Addressing Threats to U.S. Borders and Cybersecurity, a webinar hosted by Columbia Southern University on Thursday, May 16, 2019. To review the transcripts for Part 1 or Part 2, follow the links below:
Transcript, Part 1: Protecting U.S. Borders Using Cybersecurity
Transcript, Part 2: How the U.S. Border Patrol Addresses Drug Smuggling, Human Trafficking and Terrorist Travel
Dr. Misti Kill: We'll now open it up to any questions that you all may have. It looks like we already have a few questions coming in here. Thank you so much for that.
Our first question will be for Dr. Mouras. What can the average law officer do to help reduce cybercrime? Dr. Mouras?
Dr. Tamara Mouras: This is a really good question. Having a solid understanding of cybercrime and being up-to-date on any current trends and research involved in this area, also higher education, either a degree in cybersecurity, criminal justice, and/or homeland security, will be beneficial.
We must also do our due diligence in keeping up-to-date on cybercrime, how it's shaping our criminal justice system and our national security, as well as our daily lives.
MK: OK, excellent. Thank you so much Dr. Mouras. It looks like we have another one here already.
Although law agencies are introducing more training and experts in technology, it seems we're still behind the criminal element. How can we get ahead? Dr. Manzano, what are your thoughts on that for the tech side of the question?
Dr. Sancho Manzano: Thank you, Dr. Kill. This is a big challenge. Every year we play catch up with the hackers, and they are always one step ahead of us. Cybersecurity must be a number one priority in all organizations.
We know that's not happening because one of the biggest deterrents are the budget constraints that are placed on cybersecurity. Because cybersecurity is not cheap, a lot of the equipment and personnel that the organizations must have or use are very expensive. Playing catchup is going to be a very big challenge. That relies on these organizations and how much they can afford. Where do they place their cybersecurity aspect? Is it at the top of their organization, or is it midway, or is it at the bottom? A lot of this has to play on what technology and personnel that they can actually afford to keep up with our criminal elements.
MK: Excellent, thank you so much, Dr. Manzano.
OK, we have a few more questions. It looks like we have another one for Dr. Mouras. With all of the hacking and cyberattacks going on, what can law, local and state law enforcement, do to prevent these attacks on those in their jurisdiction? Any thoughts, Dr. Mouras?
TM: Thank you, Dr. Kill. Actually, we'll go back to when I discussed boots on the ground and getting out into the community. You need those community-facing skills. First is reaching out to the community. Law enforcement are charged to serve and protect, and I definitely think that this falls under the “serve” aspect of their job. Our responsibility is keeping our community aware. Holding town hall meetings and making these meetings known to the public is the first step. A lot of times, the public doesn't even know that the law is there, that law enforcement is there to help them and not just to protect them, as it relates to criminal justice and crimes.
Within these meetings, have a cybersecurity professional there. One thing would that be most individuals carry a phone. Simply walking through phone safety would be beneficial. That would be the first step. We all carry a phone with us wherever we go, so security on our phone is probably the first step and first element.
MK: OK, absolutely. That certainly makes sense, thank you.
Another question coming in from Baltimore: What efforts have been taken into communicating to the populace that internal threats are just as important as external? Many threats come from people who feel disenfranchised and left behind or have skewed ideology. Dr. Manzano, any thoughts on that one?
SM: That's really a tough one. The internal threat is very important because in all organizations, or even culture, we tend to look on the outside for the threats, when actually, a lot of the threats are inside organizations or within our culture.
That would be a security culture, being able to pay attention and look around and see who might be a potential threat. Your next door neighbor could be a potential threat, even if you’ve known them for the past 20 years. It's that security conscience that one must have and looking around and knowing what your environment is and what it should look like.
If there is a change of that security culture, then that should be a red flag. They should contact law enforcement and say “This is something that’s different that I’ve never seen.” This is especially important when you're online, you're on a computer and something is different. It’s as simple as a normal application that you go to and all of a sudden looks different and just feels different. That is a situation when you don't go there, and you report whatever that you found.
MK: Absolutely, thank you so much, Dr. Manzano. Dr. Mouras, I think that our listeners would probably like your take on this one as well, so I'm going to ask you the same question.
TM: What really struck my attention about the question is what the disenfranchised is. This definitely falls in line with the radicalization process. We talk about individuals that are radicalized from within. It could be the lone wolf. It could be religious radicalization, ideological or political. A disenfranchised individual is an individual that's at a crossroads in their life.
Maybe things aren't going well in their personal life or their job. They sometimes let down their guard, and they could be easily picked up by an extremist group willing to radicalize them because now they have a purpose in their life. They're not so much at that crossroads in their life, now that they have a direction. This is definitely a vulnerable individual, and we have many of those in the United States. This is definitely a direct threat for us from the internal approach.
MK: OK, thanks so much.
We have another question focusing on cybersecurity here. This is a really good one that I think comes up quite often. When it comes to cybersecurity, what do you see as the biggest threat in the next five to 10 years? Dr. Manzano, I'm going to hand that one over to you, please.
SM: Technology is always advancing. When technology evolves, so will the cyber threats. This hinders our process when we try to do catchup and know what all the cyber threats are, when all of a sudden, technology starts to advance. Also when technology starts to advance, the criminals out there know because they've been hacking systems. They try to stay at least one step ahead of us.
The biggest thing I put forward that was hindering the process are these budget constraints when it comes to cybersecurity protection, from equipment to personnel. Today, there's some legislation going on in different states that companies or organizations must have some sort of cyber insurance. In the event that personal data is being stolen, then they have insurance that lets folks know that if there are problems, they’re going to provide some sort of restitution for the information being captured.
At the same time, one of the basic things that still need to be done as we progress is developing the cybersecurity culture within the work environment, and not just at work, but at home. Get more education and stop being complacent once everything looks so good. That's when everybody starts saying “There's not going be a threat.” Once we leave our guard down, something happens. We need to always be prepared.
Data privacy is even more important, especially when we're going to the cloud. We need to make sure that we're still in that security culture and that we are trying better. Today, there's multi-factor authentication. A great new one that just recently happened is on your iPhone, now they are taking facial ID. If you wanted to look at some of your bank statements on your mobile device, not only do you have to have a PIN, but you're going to have your facial ID. If it doesn't recognize your facial ID, they're not going to allow you into that.
In the next five to 10 years, it is still a big challenge for not just the vendors or the software folks, but also for the hackers out there. They're always one up on us and trying to beat the system.
MK: Awesome, thank you so much for really great and thorough answer.
Dr. Mouras, we have another one for you. If someone is interested in working for the Border Patrol, what do you think are the most important skills needed for that job?
TM: Good question. I'm thinking about this, and communication, as I said earlier, is a key component in any level of law enforcement, as well as making sure you have a team-effort approach. Remember, national security is a team effort. We can't do it alone, or a person can't do it by themselves.
Having that degree in cybersecurity, criminal justice or homeland security is fundamental. You have to have it to understand and move into some critical thinking aspects.
Some specific skill sets would include good observation skills and physical fitness. The ability to work under challenging conditions and the ability to work under pressure is key here, and being able to think on your feet and be creative and a critical thinker very quickly.
MK: OK, thanks so much. That's a really great question, considering we do have a lot of positions being open now for the Border Patrol. A lot of our listeners today might be interested in that type of a role.
It looks here like we're up on our time for today. Thank you so much to our presenters, Dr. Manzano and Dr. Mouras, for your time and sharing your expertise with us.
Thank you to our participants for joining us today. I do apologize if we weren't able to answer your questions here today, but if you did submit a question that wasn't answered, we'll be sure to follow up with you personally via email after our webinar. Thanks again, and have a great rest of your afternoon everyone.
CSU offers a bachelor’s degree in information technology and cybersecurity, as well as a bachelor’s in homeland security. CSU also offers an associate, bachelor’s and master’s degree in criminal justice.