CCT Student Erika Heeren-Moon Published in Telecommunications Policy

Posted in News

Erika Heeren-Moon

CCT is proud to highlight that second-year student Erika Heeren-Moon recently had a paper published in Telecommunications Policy. Her article, “Risk, reputation and responsibility: Cybersecurity and centralized data in United States civilian federal agencies” dives into how existing U.S. federal interagency cybersecurity policy needs to be more cohesive and focus on incorporating cybersecurity into data policy. Heeren-Moon explores the unintended effects of overlooking or ignoring the risks connected to a fragmented cybersecurity approach to centralized data policy and focuses on the need for a more standardized security administrative infrastructure combined with additional regulatory efforts. She argues that this will more effectively secure the centralized data initiatives delineated in Title III of the Foundations for Evidence-Based Policymaking Act of 2018. 

Heeren-Moon’s paper was inspired by one of her CCT courses “Data and the Politics of Evidence” taught by Professors Meg Jones and danah boyd, which she acknowledged was one of the more pivotal classes she has taken at CCT. She explained how her professors took what could be considered a more tedious topic (the census) and brought it to life. In the class, they discussed how the history of the census was used in social elements for local and national policy development, then moved into looking at the Foundations for Evidence-Based Policymaking Act of 2018, which is a precursor to the National Secure Data Service. This service aims to provide open access to federal data for research and policy development, but also raises different privacy issues and implications. Heeren-Moon noted there have been many attempts to create a U.S. centralized data service prior to the Foundations for Evidence-Based Policymaking Act. However the second iteration of the National Secure Data Service is still a demonstration project on the Congressional Record. She explained how this class challenged her academically and how both professors pushed her to look at things differently. She de-black boxed the policy and noted how we often more readily focus on privacy, but that there are different areas impacted by this legislation that are overlooked. Specifically, the simultaneous and interwoven need for cybersecurity of data privacy is mostly absent from the legislation.

In this paper Heeren-Moon focuses on the US interagency cybersecurity conversation, as some agencies receive substantial funding while others don’t. She noted that, under the Evidence for Policymaking Act, all agencies are going to be centralizing their data. Yet the Government Accountability Office found that three years into the implementation of the Act, only 63% of agencies say they feel confident in their tools, infrastructure, and funding to secure their data on their own. This fragmentation of security resources has been a known policy issue through three separate administrations (Obama, Trump, and Biden), yet there is still a lack of standardized cybersecurity across the board.

Heeren-Moon’s paper also explores the argument for centralized data government and transparency regarding federal data. She notes the problem is a tradeoff and knowingly transfers the risk of a cybersecurity breach to the individual U.S. resident. Ultimately, without recourse for the individual. She also explores the involvement of the private sector in the current cybersecurity infrastructure and how certain elements need to be addressed to improve federal interagency security. 

After submitting this paper for her final class project, Heeren-Moon spent the following summer further developing the research and policy theory. She recognized that the innovative stance of this paper is needed in the academic community, so she proceeded to work with Professor Jones on edits, shopping around to various journals, submitting it, and getting the article published. 

Heeren-Moon emphasized that her experience in developing the article is a true endorsement of the CCT program, as the combined encouragement in the course and the subsequent assistance she received from Professor Jones was extremely helpful. She credits the CCT program for allowing her to be able to dive into her diverse academic interests and playing an instrumental part in getting published.

Heeren-Moon notes that as a country we talk a lot about privacy, but not enough about the practical applications of cybersecurity, and yet you can’t have one without other. She is very excited to see where this this area of study is headed as she continues her research.  Heeren-Moon will be pursuing a joint Ph.D. and law degree after graduating from CCT in May 2023. Cyber policy and cybersecurity will be a significant part of Heeren-Moon’s PhD focus. In addition, the focus of her time in law school will be exploring the future of work and competition policy considerations in this sector. 

Currently, Heeren-Moon is working as a research assistant for Commonwealth Cyber Initiative (CCI) at Virginia Tech for Dr. Eric Burger, and has co-authored a second article on the policy implications of spectrum sharing on the 12 GHz band. That article will be published in the IEEE Communication Magazine in the near future. At Virginia Tech, she continues to explore security and commercial policy implications related to the implementation of 5G in various capacities.

Heeren-Moon recently was admitted to a PhD program at Virginia Tech and a JD program at Rutgers University.

All individuals with Georgetown credentials can read Heeren-Moon’s full article at the library: https://doi.org/10.1016/j.telpol.2023.102502