Current Projects Federal Government News Research Projects Uncategorized What's New

JP Auffret to Co-Lead First-of-its-Kind Mason Center for Excellence in Government Cybersecurity Risk Management and Resilience

Join CARE Mailing List

Follow us on Twitter @ Mason Cyber


January 17, 2023 / By John Hollis

George Mason University will expand its research and real-world impact in Northern Virginia with a pair of projects that were made possible by the efforts of U.S. Representative Gerry Connolly (D-VA) to address cybersecurity and mental health care needs.

Mason will receive $1 million in federal funding to support the creation a first-of-its-kind Mason Center for Excellence in Government Cybersecurity Risk Management and Resilience, and nearly $1 million for the Saving Lives and Decreasing Health Disparities project. Funding for both efforts came as part of the federal omnibus appropriations bill that President Biden recently signed into law to fund the government through Fiscal Year 2023.

Connolly, whose 11th District includes Fairfax, is a senior member of the House Oversight and Government Reform Committee and his party’s lead on the Subcommittee on Government Operations.

“George Mason University is a pillar of our community, but the effects of its world-class education and world-changing research can be felt throughout the country,” said Connolly.

The future Center for Excellence in Government Cybersecurity Risk Management and Resilience will act as a strategic partner in federal government cybersecurity and IT modernization efforts, translate state-of-the-art research on technology modernization and cybersecurity in federal practice, collate and disseminate best practices on federal government agency cybersecurity, and foster U.S. government cybersecurity organizational capacity.

The center will bring together experts in IT modernization, cybersecurity, and critical infrastructure systems to develop and provide in-person, hybrid, live virtual, and online executive education, tabletop exercises and workshops for federal government IT and cybersecurity executives and middle managers. In addition, the center will leverage Mason’s Institute for Digital Innovation, which integrates transdisciplinary centers and labs with deep interdisciplinary expertise across all facets of cybersecurity research, governance, policy, and education.

Amarda Shehu, associate vice president of research at the Institute for Digital Innovation, and professor of computer science with Mason’s College of Engineering and Computing, will operate the center along with J.P. Auffret, the director of research partnerships and grants initiatives in the School of Business and the director of the Center for Assurance Research and Engineering in the College of Engineering and Computing.

“This is further evidence of the value and depth of Mason’s research, programs, and outreach in cybersecurity,” said Ken Ball, dean of the College of Engineering and Computing. “This funding will help us strengthen our programs and generate new discoveries that will make our nation more secure.”

“We are exceptionally grateful to Congressman Connolly for championing the central importance of cybersecurity for the federal government,” added Shehu and Auffret. “We are excited to engage with federal IT and cyber executives to modernize and secure systems, and advance excellence.”

Mason has a 25-year history in government IT leadership and governance education, including as a founding partner in the U.S. Federal CIO University and as a founding partner in the International Academy of CIO. Mason’s partners include the Cybersecurity and Infrastructure Security Agency (CISA), the Commonwealth Cyber Initiative, the Commonwealth of Virginia state government, the West Virginia state government, Connected DMV, and others.

Andre Marshall, Mason’s vice president for research, innovation and economic impact, praised Connolly for his continued leadership in the areas of federal cybersecurity and IT modernization.

“I am so proud to have secured funding for the Mason Center for Excellence in Government Cybersecurity Risk Management and Resilience, the first of its kind, and I can’t wait to see the results in action,” he said.

Current Projects News Research Projects Uncategorized What's New

Mason – NSF Local Government Cybersecurity Partnering Workshop – Northern Neck & Middle Peninsula

Join CARE Mailing List

Follow us on Twitter @ Mason Cyber

Northern Neck & Middle Peninsula – Mason & NSF Local Government Cybersecurity Partnering Workshop at the Historic Beale Sanctuary in Tappahannock, Virginia

Hosted by George Mason University and National Science Foundation

The workshop is follow-on to the Virginia workshop we held in Richmond in the fall of 2017 and subsequent regional workshops in Roanoke, Northern Neck and Middle Peninsula, and Leesburg, Purcellville, Richmond and more.

Topics and discussion will include: ransomware update, cyber insurance, Commonwealth of Virginia update, CISA update, election security, K – 12, regional SOCs and new DHS and CISA funding opportunities amongst others.

Please RSVP: No cost to register / attend – Lunch provided.

Who should attend: State and Local Government Administrators, IT and Cybersecurity Administrators, K-12 IT and Cybersecurity Administrators and Police and Emergency IT Managers

For more information:

Hosts and Organizers: George Mason University and the National Science Foundation.

About the Workshop:

The workshop builds upon many state and local government cybersecurity workshops held in 2019, 2020, 2021 & 2022 with the objective of discussing current cybersecurity challenges and associated potential partnering and funding opportunities.

The workshop is part of the George Mason-National Science Foundation Cybersecurity City and County Cross Jurisdictional Collaboration project, having the goal of furthering U.S. city and county cybersecurity efforts by developing foundations and policies that enable and foster city and county cybersecurity partnerships.

The Mason-NSF project has co-hosted 13 successful local government cybersecurity partnership workshops in Virginia and West Virginia between 2017 and 2022.

Follow us on Twitter @MasonCyber for more up-to-date discussions on cybersecurity and innovation.

Current Projects News Research Projects Uncategorized What's New

Bringing the ‘economic miracle’ to Central African Republic November 2nd, 2021 / By Benjamin Kessler

Join CARE Mailing List

Follow us on Twitter @ Mason Cyber

In 2019, Serge Adouaka, an IT executive from Central African Republic (CAR), paid a six-week visit to George Mason University as part of his Humphrey Fellowship, a Fulbright-affiliated program for scholars and professionals from developing countries. His Mason host was J. P. Auffret, who directs both the Center for Assurance Research and Engineering (CARE) in Mason’s College of Engineering and Computing and the Research Partnerships and Grant Initiative for Mason’s School of Business. This short stint laid the groundwork of a lasting partnership between the two that may help foster economic growth in one of the world’s most challenging contexts.

Adouaka was the seventh Humphrey Fellow to be hosted by Auffret, who believes that information and communication technology (ICT) “for development and entrepreneurship is a good path to enable careers and raise a country’s per-capita GDP and standard of living while reducing poverty.”

During Adouaka’s time at Mason, the pair explored how ICT ecosystem development could point the way toward a brighter future for CAR. Adouaka returned home inspired and determined to put these ideas into action.

He worked with Mason and the University of Bangui to launch an accelerator for CAR-based tech founders and start-up managers. The U.S. State Department has provided funding for the project. Participants in the three-month program receive mentoring from the Mason community, as well as from experienced professionals within the CAR and neighboring countries.

The initial cohort of 20 entrants represents a wide range of areas, including agriculture tech, health and geographic systems, computer design, system integration, IT placement, video games and financial technology (fintech). Their primary goal for the three months is to devise a “next-step” plan for achieving scale, with the help of their mentors.

It is also hoped, however, that by forming relationships with other accelerator participants and mentors from CAR and beyond, they will foster a culture of entrepreneurship in the small African country and build strong professional networks that are more than the sum of their parts.

Almost as soon as the program began, there were hints that this was starting to happen. Recently, participants decided to hold some meetings face-to-face at the University of Bangui instead of remotely. The final presentation that officially concludes the program’s first iteration—where participants will unveil their future plans—will also be an in-person event.

CAR’s small population and challenging rural terrain mean that networking across national borders is essential for fueling future business growth. Any viable plan for scale must involve penetrating regional markets outside CAR. Sub-Saharan Africa has an increasing number of regional role models. For example, five-year-old Nigerian fintech unicorn Flutterwave has expanded to 20 African countries and even has an office in San Francisco (so it can tap into the $48 billion remittances business driven by the sub-Saharan Africa diaspora). Microloan app Tala launched in Kenya in 2014 and has since spread to the Philippines, Mexico and India.

To be sure, CAR has unique challenges. It has experienced only intermittent intervals of peace in its 61 years as an independent nation. To this day, the government and people, security forces and U.N. peacekeepers struggle to quell rebel violence and stabilize the country. Amid these volatile conditions, CAR has been left out of the economic growth enjoyed by many other sub-Saharan countries. Rwanda, for example, is on a path to becoming an upper-middle-income country within 15 years despite the turbulence of its recent history. Could CAR, too, join in the “African economic miracle”?

Auffret cites CAR’s increasing mobile phone adoption as a meaningful sign of hope. Mobile technologies enable developing countries to leapfrog the need for heavy physical infrastructure such as telephone wires and bank branches.

Also, Auffret says that underdeveloped countries like CAR may also be able to use their relatively open regulatory environment to gain an advantage in commercial drone technology. Already, companies in Kenya and Nigeria are widely deploying drones for last mile delivery, cartography and other business purposes.

In the meantime, ambitions run high for the Mason accelerator. With the initial three-month program nearly concluded, plans for the second cohort are underway. Eventually, Auffret and Adouaka would like to secure support from private companies, both in Africa and the United States.

Another short-term goal is to recruit major international development agencies as venture partners. Auffret expects these influential parties will share his view that the uncertain security situation in CAR makes this accelerator—and ICT innovation in general—an urgent priority for the country.

Increasingly the Mason mission is to contribute and have impact globally, and this project is one of many Mason initiatives aligned with the U.N. Strategic Development Goals,” Auffret said. “Through international work, such as this accelerator, one can gain a better sense of the wonder of the world, as well as make a contribution to the well-being of societies.”

For the article, please go to:

Current Projects Research Projects

Cybersecurity on Enterprise Risk and Mobile Security

Join CARE Mailing List

Follow us on Twitter @ Mason Cyber

This NSA granted curriculum development project focuses on two security areas: Enterprise Risk and Mobile Security.

Motivation and Background
With the rapidly increasing role of technology in society and the  increasing cybersecurity threat,  industry and government have a great need to scale cybersecurity leadership and governance.  In turn, there is a great need for educators to scale cybersecurity leadership and governance education and training.

The courses are multidisciplinary, covering leadership and management, technical and engineering and policy.


Course I: Enterprise Risk Management and Cybersecurity Governance

The course provides an introduction and overview of the changing nature of cybersecurity risk management and cybersecurity governance.

Main Topics

  • Technology Innovation, Adoption and the Changing Nature of Cybersecurity Risk
  • Enterprise Risk Management, Cybersecurity Governance and Cybersecurity Strategy
  • Legal and Compliance Landscape
  • Roles of Boards and CISOs
  • Benchmarking, Information Asset Classification and Developing a Consensus of Cybersecurity Risks
  • Developing a Cybersecurity Strategy and Risk Mitigation Program
  • Enterprise Risk and Cybersecurity Frameworks
  • Role and Considerations for Cybersecurity Insurance

Learning Outcomes

  • Describe the cybersecurity risks resulting from new and rapidly developing technologies such as IoT, Cloud and mobile and analyze and describe the changing nature of the cybersecurity threat
  • Explain the complementary roles of enterprise risk management, cybersecurity governance and cybersecurity strategy
  • Discuss the evolving role of Boards and executive committees in enterprise risk management and cybersecurity and the evolving role of the CISO
  • Analyze cybersecurity governance in recent major cybersecurity compromises such as OPM
  • Apply cybersecurity lifecycle and the elements of identify, protect, detect, respond and recover
  • Outline the process and considerations for developing a cybersecurity strategy and risk mitigation program including benchmarking and information asset classification

Course II: Mobile Cybersecurity Management

This course provides an introduction and overview of the rapidly changing enterprise mobility environment, associated cybersecurity risks and approaches for developing a mobile cybersecurity strategy.

Main Topics

  • Mobility and Organization Strategy
  • The Changing Landscape of Mobile Technologies -from Smart Phones and Tablets to IoT
  • Mobile Policies and BYOD
  • Leadership and Governance for Mobile Security
  • Rapidly Evolving Mobile Device Management Technologies
  • Mobile Life Cycle Management
  • Cybersecurity Risk Framework and Mobile

Learning Outcomes

  • Understand the evolving nature and capability of mobile technologies
  • Understand mobile security risk including endpoint, network and process/policy
  • Evaluate mobile cybersecurity policy and BYOD alternatives in light of organization’s cyber strategy
  • Understand and evaluate new mobile device management technologies
  • Understand and apply the mobile device life cycle to mobile strategy
  • Outline the process and considerations and apply to developing a mobile cybersecurity strategy



Dr. J.P. Auffret


Research Projects

NSF “Bridging the Cybersecurity Leadership Gap: Assessment, Competencies and Capacity Building” Project

Join CARE Mailing List

Follow us on Twitter @ Mason Cyber

The goal of the 2013 – 2016 NSF “Bridging the Cybersecurity Leadership Gap: Assessment, Competencies and Capacity Building” project is to help address the cybersecurity leadership gap developing Chief Information Security Officer (CISO) core competencies.

Current Projects Research Projects

City/County Cybersecurity Partnership

Join CARE Mailing List

Follow us on Twitter @ Mason Cyber

The objective of this NSF-funded project (NSF Award #1623653) is to develop and provide focused and context specific cybersecurity leadership education and training for city and county governments.

Current Projects Research Projects

Extreme DDoS Defense (XD3)

Join CARE Mailing List

Follow us on Twitter @ Mason Cyber

The threat of distributed denial of service (DDoS) attacks has been well-recognized in the data networking world for two decades. Such attacks are orchestrated by sets of networked hosts that collectively act to disrupt or deny access to information, communications or computing capabilities, generally by exhausting critical resources such as bandwidth, processor capacity or memory of targeted resources. The nature of DDoS attacks can span a wide range. Botnet-induced volumetric attacks, which can generate hundreds of gigabits per second of malicious traffic, are perhaps the best-known form of DDoS. However, low-volume DDoS attacks can be even more pernicious and problematic from a defensive standpoint. Such attacks target specific applications, protocols or state-machine behaviors while relying on traffic sparseness (or seemingly innocuous message transmission) to evade traditional intrusion-detection techniques.

The current art in DDoS defense generally relies on combinations of network-based filtering, traffic diversion and ”scrubbing” or replication of stored data (or the logical points of connectivity used to access the data) to dilute volumetric attacks and/or to provide diverse access for legitimate users. In general, these existing approaches fall well short of desired capabilities in terms of response times, the ability to identify and to thwart low-volume DDoS, the ability to stop DDoS within encrypted traffic and the need to defend real-time transactional services such as those associated with cloud computing and military command and control.

DARPA’s Extreme DDoS Defense (XD3) program will focus on three broad areas of opportunity to improve resilience against DDoS attacks. The program aims to thwart DDoS attacks by: (1) dispersing cyber assets (physically and/or logically) to complicate adversarial targeting; (2) disguising the characteristics and behaviors of those assets through networked maneuver to confuse or deceive the adversary; and (3) using adaptive mitigation techniques on endpoints (e.g., mission-critical servers) to blunt the effects of attacks that succeed in penetrating other defensive measures. This research program will include formulation of new algorithms, demonstrations and field exercises with software prototypes, development of performance metrics to assess effectiveness and integration of systems across the three aforementioned areas to maximize overall defensive capabilities.

Current Projects Research Projects

LADS Project

Join CARE Mailing List

Follow us on Twitter @ Mason Cyber

The main goal of the project is to enhance the cyber security of digital devices, such as Embedded and Mission‐Specific Devices (EMSD), by developing a monitor capable of detecting attackers by analyzing involuntary analog emissions across a variety of modalities, including power consumption, electromagnetic, and acoustic emissions.