How Univ. of Md.’s business school hopes to prevent future cyberattacks

Inside the business school’s Van Munching Hall.

Researchers at this university’s Supply Chain Management Center at the business school created a portal that could prevent hackers from exploiting companies’ cyber weaknesses. 

This has been a five-year project, said Sandor Boyson, the center’s co-director, in which researchers at this university have explored the new discipline of cyber supply chain risk management through funding by the National Institute of Standards and Technology. 

The research was funded by NIST and has involved research on the current state of company practices. So far, Boyson said, they have surveyed approximately 350 companies about their cybersecurity systems.

“We all recognize the extent of disruptions associated with cybersecurity breaches,” said Thomas Corsi, the center’s co-director. “There are almost daily occurrences of major companies experiencing a release of customer data to cyber pirates. As a result, companies are scrambling to reassess their existing measures to protect against these attacks.” 

Boyson said that this process has involved focus groups with experts from the fields of IT security, risk management and supply chain management. 

“It has built a body of knowledge about the ways in which best-practice companies organize themselves to manage a global IT platform composed of hardware, software, networks and integration services,” Boyson said. 

Corsi said that businesses need to approach their cyber systems as a supply chain of connected activities. Routers, servers, operating systems, applications and system integrators are all connected, he said.

“Each connection represents an opportunity to embed a virus in the software code or to attack a vulnerable link connecting routers with servers, as an example,” he said. 

Corsi added that well-established practices in supply chain management have relevance to companies who are addressing their system’s vulnerabilities.  

“The Supply Chain Management Center adapted these learning experiences from the supply chain world to the challenges faced by companies in addressing their cyber threats,” Corsi said. 

Holly Mann, the director of IT at the business school, who also worked on the portal’s design, emphasized the importance of preventing cyberattacks. 

“The research we are doing is extremely important in helping private industry and government agencies better understand their global supply chain risks and the actions they can take to improve their strategic readiness,” she said. 

Mann said they have developed custom components such as enterprise risk-assessment tools, scenario-based vulnerability mapping, and an executive dashboard to provide organizations insights on identifying, protecting, detecting, responding and recovering from cyberattacks. 

The center received additional funding from NIST to continue working on the portal, Corsi said. 

The additional phase of the work will have a focus on enhancements to the existing portal, he said, as well as a systematic education effort to explain the portal to a wider audience of companies.