Tackling International Issues in Cybersecurity and Policy
The Cybersecurity and Policy MS degree program, launched through Fletcher and the Department of Computer Science in the School of Engineering at Tufts, offers an interdisciplinary combination of technology and policy within the context of international issues.
The program is led by faculty with deep expertise across the expansive cybersecurity landscape. Here, Fletcher and the School of Engineering highlight the work and impact of select faculty members whose work shapes public policy around the most pressing cybersecurity issues, ensuring that governments, businesses, and individuals are protected, safe and secure in our rapidly evolving cyber-focused world.
Ming Chow, Associate Teaching Professor
Professor Chow addresses the cybersecurity skills gap by ensuring this topic is built into computer science curricula. He teaches the tangible security skills that attackers and defenders use all the time, such as how to attack networks, read and analyze computer network traffic, build a system to monitor attacks, crack passwords, gain access to websites and data without authorization, and analyze malware.
He sits on the MassCyberCenter’s Cybersecurity Mentorship Pilot Program Steering Committee, which addresses the lack of diversity in the cybersecurity workforce by assisting with mentors and student mentee recruitment, advises on mentorship techniques and best practices. The Committee helped develop two career panels on cybersecurity careers during Massachusetts Cybersecurity Month.
Susan Landau, Bridge Professor in Cyber Security and Policy
Professor Landau recently co-authored a paper on individual privacy concerns associated with client-side scanning of mobile phones titled Bugs in our Pockets: The Risks of Client-Side Scanning, an issue she has discussed with European policymakers. She has testified before Congress and briefed U.S. and European policymakers on encryption, surveillance, and cybersecurity issues. She is currently advising a Carnegie Endowment on International Peace study on encryption policy in India.
Post September 11th, the U.S. government began collecting Call Detail Records—who called whom, when and for how long—in bulk. Landau’s work on why such collection in the 2010s was no longer efficacious in the deterrence of terrorism was cited by the U.S. Privacy and Civil Liberties Oversight Board.
Based on the work of Landau and her coauthors regarding software vulnerabilities, a New Jersey Appellate Court ruled in 2021 that legal defense teams have the right to examine software code used in providing evidence.
On the health care front, Landau's new book, People Count: Contact-Tracing Apps and Public Health, covers the technology and policy issues of contact-tracing apps in Singapore, India, the U.K., Switzerland, and the U.S.
Laurin Benedikt Weissinger, Lecturer
Professor Weissinger’s policy work related to Domain Name System (DNS) Security includes briefing and engaging lawmakers, industry groups, and representatives of various interest groups at the International Corporation of Assigned Names and Numbers (ICANN), the organization that oversees the global naming system.
From 2018-2020, he vice-chaired the global security review SSR2 (Second Security, Stability, and Resiliency Review) for ICANN, and recently served as main author of a survey of WHOIS users like cybersecurity professionals, operators, and law enforcement on how to fix security and safety concerns under the current redaction regime (the WHOIS allows querying databases that store data about the assignees of a domain name, which various players use for attribution and data analytics). Professor Weissinger also authored and coauthored pieces on vaccination verification applications as well as on Apple’s proposed scheme to detect Child Sexual Abuse Material (CSAM) on users’ devices.
Josephine Wolff, Associate Professor of Cybersecurity Policy
Professor Wolff works with the Cyberspace Solarium Commission on improving data and statistical collection about cybersecurity incidents, including the possibility of establishing a Bureau of Cyber Statistics to track how often different types of incidents occur, what types of countermeasures and controls are most effective at preventing or mitigating these risks, and how the threat landscape is changing over time.
Collecting better data is crucial for informing future policies, given how surprisingly little is known about cyberattacks--who's targeted and how, impact of these incidents, and best ways to prevent them. Wolff recently spoke to the Massachusetts legislature's newly formed Joint Committee on Advanced Information Technology, the Internet, and Cybersecurity about mechanisms for undercutting the ransomware business model and improving reporting requirements for cybersecurity breaches. Her current research includes the impact of cyberinsurance on ransomware victims and ransom payments, and what kinds of data would need to be reported about cybersecurity incidents to enable better measurement of the effectiveness of security controls and mitigations.
Please visit here to learn more about the joint Cybersecurity and Policy MS degree program.