DarkMarket, Silk Road, Heartbleed. For those concerned about illicit use of the Internet, these are all familiar terms that describe the ways and means criminals make millions of dollars through cybercrime.
For Virginia Kleist, associate professor of management information systems, they also suggest fertile ground for research, international scholarship and collaboration.
Kleist, who received a Fulbright specialist grant for work in Dnepropetrovsk, Ukraine, in 2012, learned that her second Fulbright specialist grant had been approved in early April, and she will leave for Ufa in Russia's Ural Mountains in September. On her previous Fulbright trip and in the next, she will teach students and work with administrators in management information systems and network security classes. She hopes to also continue her work on a research project involving information technology outsourcing and IT worker attitudes in Ukraine and Russia.
In addition to this international work, she is collaborating with other scholars on a research proposal that is under review at the United States Department of Homeland Security. The $1.65 million grant proposal is to fund ways to make cybercrime tougher through cooperation among banks and credit card companies.
Kleist is working with Dr. Bonnie Morris of Duquesne University, Cindy Tanner from WVU's Statler College, and Dr. Richard Dull of the College of Business and Economics. They have novel ideas on ways to help organizations such as banks and credit card companies share information to thwart cyber criminals. These will soon appear as "Secure Information Market: A Model to Support Information Sharing, Data Fusion, Privacy, and Decisions," which is forthcoming in the Journal of Information Systems.
Financial institutions are, generally speaking, wary about sharing information concerning any cyber attacks to which they may have been subjected. However, Dr. Kleist said, such information, pooled among institutions, could frustrate future attacks, especially if law enforcement is also in the loop.
The model she and her colleagues are proposing would ensure anonymity for information sources.
Cyber attackers such as Renukanth Subramaniam, accused founder/coordinator of the secret DarkMarket website, was, in fact, foiled and arrested recently. So was Ross William Ulbricht, who is accused of being Dread Pirate Roberts, owner of Silk Road, an Internet site for the purchase of illegal goods ranging from drugs to firearms and even hit men. After a two and one-half year investigation, the FBI closed the site and arrested Ulbricht. All of these arrests required the efforts of many agencies and much information sharing, Kleist said.
However, that's not the end of the story. For every Subramaniam or Ulbricht in custody, there are dozens, scores, waiting in the wings.
"Information security threats are ongoing," Kleist said. "It is like an arms race. Once those in information security figure out a good preventive control strategy, cybercriminals come up with a way to defeat it, and we are seeing exponentially escalating threats."
Indeed. The Royal Canadian Mounted Police this month arrested a teenager who, they say, used the Heartbleed Internet bug to hack into the country's tax agency. Shortly after the bug was revealed to the world in mid-April, the Canada Revenue Agency experienced a data breach that leaked information on taxpayers.
"I think it is really important to have our MIS students learn about threatening information security behaviors because they will be working at organizations where these kinds of predatory crimes can cost millions of dollars in losses," Kleist said. "Right now, firms spend as little as one percent to five percent of their entire IT budget on information security, yet one breach can cost $10 million or more in required identity theft insurance or lost intellectual property."
Kleist is co-program chair of the Global Information Technology Management Association 2014 meetings, and in 2012 presented research findings at the organization's annual conference, which was held in Bangalore, India. Further, she is on a team to create a data exchange, the IT World Project, within the association that will help members share research information and further collaboration.
An open water swimmer, Kleist recently swam three kilometers (1.8 miles) in a race at the Welland Canal in Canada, crossed Lake Chautauqua, and she hopes to one day swim the Dardanelles Strait in Turkey, which is a bigger challenge. She is married to Paul Kleist, an interventional cardiologist with Premier Medical in Pittsburgh. They have two sons: Paul, 27, an attorney in London; and Andrew, 25, who is completing M.D. and Ph.D. degrees at the Medical College of Wisconsin.
Kleist came to WVU 1999. She received a Ph.D. in management information systems (MIS) and telecommunications from the University of Pittsburgh in 2000. She received a master's degree in MIS from the University of Pittsburgh in 1991 and earned an MBA degree from Marquette University in 1981 and a master's degree in economics at the University of Pittsburgh in 1979. She received an undergraduate degree from Duke University in economics and history in 1978. She teaches data communications, network security and electronic commerce.
Kleist spent 10 years in industry involved with network management before becoming a professor. A long time member of the Faculty Senate and Faculty Senate Executive Committee, she served as chairperson of the WVU Faculty Senate from 2008 to 2009. She received the WVU Foundation Outstanding Teaching Award in 2003 and the College of Business and Economics Outstanding Service Award in 2009. She also won the International Conference on Information Systems Outstanding Dissertation Award in Brisbane, Australia, in 2000.
She is an active member of the Association for Information Systems, with membership in the security and accounting information systems special interest groups. She is also a member of the Association of Certified Fraud Examiners and the Fulbright Association. She is an executive group board member and coordinating editor for IS Frontiers, an associate editor of the International Journal of e-Politics, and has served as an associate editor of ICIS.