Hacked? New Cyber Security Center trains next generation cybersleuths

Within the cyber security community there's a running joke that there are two kinds of companies in the U.S.: those that have been hacked and those that don't know they've been hacked.

That should be troubling news for a society that increasingly relies on computers to transmit and store everything from bank information to medical records. In response, the University of Nevada, Reno is launching an interdisciplinary collaboration that offers a holistic approach to the cyber security challenge.

George Bebis

George Bebis, professor and chair of the Computer Science and Engineering Department, serves as co-director of the Cyber Security Center along with School of Journalism professor Larry Dailey.

"Most other programs across the nation don't have this integrated ability to look at cyber security from multiple points of view," said George Bebis, professor and chair of computer science and engineering. "That's the uniqueness that we hope to achieve."

Bebis is one of two co-directors of the newly created Cyber Security Center. The other director is Larry Dailey from the School of Journalism. The Colleges of Business, Liberal Arts, and Science are also playing an important role in the Center.

Nevada's unique mix of industries, including start-up companies, large corporations and government contractors, means cyber security presents specific risks and opportunities in the Silver State.

"Casinos and the wealth of customer data they own have special cyber security needs. There's a strong focus by the state on small businesses, which tend to believe they are not a target," said Carolyn Schrader, president of Reno-based Cyber Security Group, Inc. "All these markets present both a tremendous cyber security risk to Nevada's economy and opportunity for the University to provide a strong impact."

Cyber security also plays a critical role in two other research thrusts the College of Engineering is developing: advanced manufacturing and unmanned autonomous systems (UAS). Both areas rely on gathering, processing, and storing huge amounts of potentially sensitive data. Nevada's designation as an FAA test site means research and implementation of aerial autonomous systems can move forward, but hot-button issues such as privacy suggest ensuring data integrity will be necessary before autonomous systems can be more fully integrated into daily life.

The University hopes the Center will grow into a statewide collaboration, incorporating expertise from faculty at the University of Nevada, Las Vegas and reaching out to industry, law enforcement and government agencies statewide.

"I applaud that the University is looking to do that. There's an opportunity in every discipline," said Chris Ipsen, Chief Information Security Office for the State of Nevada. "We can encourage business development in the state. I think this is one of the economies of the future. I also think we can provide students with a marketable skill set to contribute to a company."

A key component of the new Center revolves around graduate education. First up is a new interdisciplinary certificate in cyber security, which Bebis calls the Center's number one priority. The graduate certificate program will most likely start in January 2015, with the help of three new faculty members with multidisciplinary expertise in cyber security. Plans are also underway to develop an undergraduate certificate in partnership with Truckee Meadows Community College.

The graduate certificate program aims to offer a holistic education in cyber security that touches on key concepts across fields. That kind of education, area employers say, could make graduates in high demand in this growing field.

"Cyber security is beyond an IT issue," Schrader said. "This is a HR issue, finance issue, risk management issue. Skills I look for are certainly IT proficiency, but also ability to do critical thinking, understanding of human behavior and awareness of business operations."

While a number of the Center's industry partners already have considerable cyber security expertise, like companies nationwide they are facing a significant shortage in qualified cyber security professionals. Data from the U.S. Department of Labor projects 37 percent growth in job openings for information security professionals over the decade from 2012 to 2022.

"There is a big gap and that's why everybody is worried about this," Bebis said. "So hopefully we will be able to create a workforce that will have the background to be able to come up with more innovative solutions."

Already a number of companies and statewide agencies have offered support. One of those companies is Vere Software, a Nevada-based digital forensics company. Todd Shipley, president and CEO of Vere Software, has stepped forward to offer his company's expertise in online investigative tools and e-discovery methods.

"In the forensics field a lot of the people, particularly in law enforcement, are not engineers," said Shipley, a former detective sergeant with the Reno Police Department. "That's where the Cyber Security Center can really come in in bridging the gap between those multiple levels. They're taking a much broader look at the problem and being inclusive. As the students do research, the business community can respond and provide resources, and that becomes the catalyst for individuals to respond."

The University's IT department is also taking an active role in the Center, according to University Information Security Officer Jeff Springer.

"As a Tier 1 research institution we are under constant probing and attack. This requires us to have a robust security infrastructure along with a large data analysis environment," Springer said. "I believe it is incumbent upon us to use these resources to assist in the instruction and research mission of the University."