, a risk assessment expert with the United Kingdom's Civil Contingencies Secretariat, was awarded a Fulbright Award last year and is now earning his master’s degree from San Diego State University’s homeland security graduate program. Through the program, Foale hopes to gain a better understanding of the risks posed to national security by cyberattacks, and that knowledge into U.K. national policy.
“Cyber is still so new to most people,” said Foale, whose office helps the government prioritize various risks and threats. “People haven't yet cracked how best to prevent or deter it, or how to handle responses to it. This is in part because cyber is a fluid threat, with continuing innovation and adaptation to new technologies on all sides.”
SDSU’s Graduate Program in Homeland Security
(GPHS) offers a realistic, sober assessment of the risks associated with hacking and other threats to cybersecurity, said faculty member and information security expert Steven Andrés
“We endeavor to separate the attention-grabbing from the realistic in this poorly understood cyber realm,” said Andrés.
Many people imagine nefarious hackers breaking into cybersystems with ingenious programming skills, but nine times out of 10, Andrés said, the reality is much more pedestrian—such as giving your password over the phone to someone who claims to be from the information technology department.
“In our program, we are steering the future leaders of cyber policy to understand what’s likely so they can make realistic policy decisions,” Andrés said.
At SDSU, Foale is studying a broad range of cybersecurity issues, such as the rising threat of state-sponsored hacking, known as “hacktivists,” and how to balance threat assessments with proportionate response. Even though he’ll be employing these skills in a different country, Foale said the same lessons apply.
“Cyber does not respect borders,” he said.
The best defense against threats to cybersecurity is having well-designed systems to prevent attacks in the first place and protocols in place to respond quickly and efficiently in case things do go wrong, Foale said.
“With the knowledge I’m gaining here, I hope to improve the resilience of our electronic systems and our regulatory frameworks related to cybersecurity,” Foale said. “It’s all about striking the right balance, neither sensationalizing nor underappreciating the threat of cyberattacks.”