How UMBC is pushing the frontiers of research and training in cyber security – and keeping its own networks safe from attacks.
Earlier this year, for instance, Mike Carlin ’96, biological sciences, Ph.D. ’09 information systems, was driving to New York. UMBC’s assistant vice president of Infrastructure and Support paused to check his Blackberry at a rest stop in New Jersey when he received what looked to be an official UMBC e-mail, informing him that his UMBC account password was about to expire, and that he should log in and re-register immediately.
The spammers had sent their e-mail to one of the people at UMBC who knew definitively that it was a fake.
Carlin and his department responded swiftly. First, they alerted all UMBC e-mail account holders about the fake notices, and followed up with a campus-wide blog post providing more information. They also blocked the Web address of the fake UMBC log-on, so people on campus couldn’t access the site – and alerted the university’s help desk to respond to incoming inquiries.
“This has been going on throughout higher education,” said Jack Suess ’81 mathematics, M.S. ’95 operations analysis, vice president of information technology and chief information officer at UMBC. Suess and others in the division acknowledge that spammers see higher education as a prime target. Universities have open networks. They have good bandwidth. Universities also boast powerful servers and a fresh crop of new students each year who may know little of the spammers’ scheming ways.
UMBC is not alone in battling electronic intruders seeking profit, secure data, or even a bit of mischief. Network security has become a key demand for almost every organization – and the stakes for getting it right only grow.
The good news is that UMBC is playing offense as well as defense in this increasingly critical arena. The university also helps government, business and other organizations keep the bad guys at bay through research and training that provide expertise and tools to secure the online world today and in the future.
UMBC associate professor of computer science Alan Sherman has been part of an effort to create such a foolproof electronic voting tabulation system. Noted cryptologist David Chaum originated the idea, and Sherman and fellow researchers from the Massachusetts Institute of Technology, George Washington University, the University of Ottawa and Waterloo University have all pitched in to try and make it a reality.
In a functioning democracy, no one wants to make the choice between getting the count right and the right to cast one’s vote privately in the sanctity of the ballot box. But Sherman and his fellow researchers think they’ve cracked the problem. Last November, they tested Scantegrity - a prototype electronic voting system - in Takoma Park in a local election.
What’s different, however, is that the voter casts a vote with a special pen that holds invisible ink. A pen stroke reveals a unique code in the bubble where the mark was made. The voter can write down the code on a receipt. Later, in the privacy of their home, the voter can check the code on a Web site to verify that a vote with this code has been tallied.
About 66 of the 1,700 Takoma Park voters who used the system checked their votes online. The next step is to try the system state-wide, Sherman says.
So it’s not surprising that the federal government sees network security as a matter of national security, and believes that attacks on our networks will be thought of as acts of war in the future.
Though the ultimate creators of the Google attacks remain hidden in the murk of cyberspace, the message is clear – aggression can be unleashed in virtual space as well as in real space. And the effects can be nearly as devastating.
UMBC is lending a hand in this battle, as well. Though the university does presently offer a specialized degree in computer security, Sherman says that the fundamentals it teaches its students should give future security professionals the solid basis in computer science which will allow them to quickly formulate knowledgeable responses to future threats. “Computer science is evolving very rapidly,” said Sherman. “It is very important that our priorities are on the fundamental skills and teaching students how to learn to keep up with things.”
The lab runs a mobile cyber defense exercise. Thirty laptops are loaded on a cart, which can be wheeled around from classroom to classroom. On the laptops are pre-configured scenarios covering many of the typical attacks of the day: buffer overflows and wireless intrusions. The students work through the exercises to get a better feel of how to handle an attack.
UMBC students are also motivated enough to find those experiences for themselves. A group of undergraduates recently created a team to compete in various intercollegiate cyberwarfare competitions. Teams are assessed on their ability to reduce vulnerabilities to cyber attacks and to keep systems running, and UMBC’s contingent took first place overall in the qualifying rounds of the 5th Mid-Atlantic Regional Collegiate Cyber Defense Competition.
The federal government’s Base Realignment and Closure (BRAC) plan is helping to settle an influx of 60,000 military people moving into the area to work at the U.S. Army’s Fort George G. Meade. Among those reassigned will be those who will need to defend the country on its computer networks, both public and private. And last December, the state of Maryland awarded UMBC an $83,000 grant to help train this workforce.
The new grant money will go towards expanding those offerings and developing 15 new programs that will meet the specific needs of the NSA and Defense Department, says Kent Malwitz ’92, information systems, vice president of the UMBC Training Centers. Some courses will be taught at UMBC. Others will be designed to allow employers the chance to offer the courses at their offices or other remote sites.
“You will see thousands of people coming into the area, people coming out of the military and looking to get retrained with the G.I. Bill and then go back into careers in the computer field - those will all be big drivers for us,” says Malwitz.
“We can really dive into addressing what is the mission you are ultimately trying to accomplish, not just what skills you need,” adds Malwitz.
These days, such specified help is sorely needed. The military has a long backlog of workers who need to get security clearances. So those who do have them need to be trained on the latest cyber-security measures. Right now, one contractor will pilfer workers from another contractor, which keeps the entire U.S. military and security establishment weaker as a whole.
* * * * *
Comments? Write a Letter to the Editor
Original story appears in UMBC Magazine : http://www.umbc.edu/magazine/summer10/feature_battlefield.html