Public Policy Students Work to Enhance Virginia Cyber Security Law

Trachtenberg School group provides analysis for governor’s commission.

April 6, 2015

Cyber Security Work Group

GW students and members of the Virginia Cyber Security Commission pose for a photo in Richmond, Va. (For GW Today)

By James Irwin

Connected by their experience in regulatory studies, a group of George Washington University public policy students have produced findings that could help shape the next generation of Virginia cyber crime law.

As part of their master’s degree capstone class in the Trachtenberg School of Public Policy, students Ewan Compton, Andrew Kim, Lindsay Scherber and Nadia Yassin spent the first half of the spring semester working with the Virginia Cyber Security Commission’s Cyber Crime Workgroup, which is developing policy and legal recommendations to improve the commonwealth’s cyber laws.

The fast-paced project—the group presented their findings to the commission March 18, while most students in the capstone class complete their work over the full semester—involved conducting an analysis of Virginia laws compared to federal law and statutes in other states.

“The work moved very quickly,” said Ms. Scherber. “Most of us didn’t have extensive cyber security experience before this. But we had a lot of background reading and produced work memos every week until we could analyze our findings and create recommendations.”

Ms. Scherber and her classmates examined several areas of cyber crime, including cyber intrusion, data breaching and the trafficking of passwords. They explored options to enhance Virginia’s laws, Mr. Compton said, including lowering the standard for proving intent in cases of cyber intrusion, applying Racketeer Influenced and Corrupt Organizations (RICO) laws to computer crime offenses and creating designations in the law for intrusion into government computers or critical infrastructure.

As part of their analysis, the group worked with representatives of Virginia’s attorney general’s office, the state police and offices of public safety and homeland security.

“They are on the ground and enforcing and prosecuting these laws,” Ms. Scherber said. “So they were able to tell us, ‘That one’s really relevant’ or ‘that hasn’t come up in our careers.’ It was very helpful.”

Constant evaluation is often needed to strengthen cyber security law, which can be more fluid because of rapid technological advances. Some of the group’s recommendations, Mr. Compton said, have a chance of being part of a cyber security reform package.

That legislation could come to fruition as early as January 2016, said Bill Adams, a professor of public policy and public administration who teaches the capstone class.

“We expect legislation to be submitted that draws on the research of the capstone team,” Dr. Adams said. “This is a rare and exciting opportunity that happened because these students were at GW, because they did a great job and because the people on the task force were so impressed with their work.”

The students, Dr. Adams said, are currently modifying their research in the hopes of submitting it for publication to academic and cyber security-focused journals. The Trachtenberg School, he added, was a natural academic partner for Virginia. GW, with its Regulatory Studies Center headed by U.S. regulation expert Susan Dudley, is one of the few places in the country where public policy students can concentrate in regulatory studies. David Baker, the university’s director of Virginia government relations, initiated the connection.

“David Baker was the man who made this possible,” Dr. Adams said. “And these students were the perfect candidates to look at evaluating the cyber security regulation law.”