Drained bank accounts, credit cards maxed out, stolen industry secrets, personal information compromised; these are all hazards of living online - in cyberspace.
"Securing the vast cyberspace from modern day attackers has become a critical issue for all cyber consumers," Shamik Sengupta, executive director of the University of Nevada, Reno's Cybersecurity Center, said. "This darker side of cyberspace costs millions of dollars every year to compensate and recover from cyberattacks. We now see findings that describes the most exploited vulnerabilities in hardware, software and network levels and how alarmingly frequent these same vulnerabilities exist across multiple sectors of organizations."
Since 2015, the Cybersecurity Center at the University of Nevada, Reno has been working to keep Nevada's businesses, government agencies and the general public protected from cybercrime. They are doing it with a three-pronged approach: education, research and outreach to Nevada businesses and agencies.
It is in that spirit that University's education programs in cybersecurity are training the next-generation of cybersecurity workforce and equipping them with knowledge of the technical, political, social and human factors needed to understand the mission-critical objectives of cybersecurity.
Other departments, besides engineering, that are part of the center include some - at first glance - unusual University partners: political science, information systems, criminal justice, journalism, psychology and history, among others.
Students and jobs
The types of jobs for which students are being prepared, and their courses of study, are numerous and have an interdisciplinary perspective. Students learn about cybersecurity from both the policy and technology sides of the industry through the new Minor in Cybersecurity program that began in 2016.
"They can learn the computer science side of it, such as cryptography, firewall, intrusion detection system, communication security, Internet security, smart-grid security and digital forensics," Sengupta said. "They can learn the information systems side of it; such as risk assessment, business continuity planning under cyberattack, digital forensics. They learn the political science side of it, which helps them to understand the actors and the policies. They also learn about the criminal justice side if it."
This knowledge gained at the University can help the students go into any cybersecurity field they want.
"The Computer Science Engineering students mostly get jobs such as chief information security officer, chief technical officer, cybersecurity administrators, cybersecurity analyst, firewall designer, penetration tester," Sengupta said. "These are the types of jobs which are in absolutely highest demand.
"With the business, policy and criminal justice side of the equation, students can even get jobs in the policymaking side of a company and can become a chief tecnical officer of a company. Similarly, students from information systems can also do any of the above jobs in the business continuity planning/disaster recovery area. Students from political science, criminal justice or psychology can also become a cybersecurity analyst with interdisciplinary and critical thinking capabilities."
The Cybersecurity Minor began with 14 undergraduates, and in 2017 that grew to 41 students. In 2018 that grew even bigger to 64. Many students from a variety of majors show interest in and take part in the minor.
"Many have graduated and gone on to cybersecurity-related jobs," Sengupta said. "It is our intention that many more students will follow in those footsteps."
Playing in the Sandbox
To help students learn in a real-world environment, last semester Sengupta and his team completed building a sandbox environment, a secure lab environment that can be used by students and faculty alike to complete studies and research.
The sandbox lab, called the Full Spectrum Cybersecurity Zone or FSC Zone, allows up to 20 students at a time to participate in hands-on research, testing and training that includes creating, attacking and defending servers and networks. Students and faculty test their theories, coding and results in the sandbox - which is essentially a staging server or mirrored production environment that helps keep critical systems on the regular network separate from testing.
Teaching the Teachers
Sengupta and his colleague David Feil-Seifer, an assistant professor in the Computer Science and Engineering Department, have been teaching Nevada middle and high school teachers about cybersecurity and helping them develop curriculum for their classrooms.
"We want students to be aware of cybersecurity issues before they reach the university level or the industrial level, and to teach them that when they're on their computers there is a digital footprint they're leaving that is going to stay," Sengupta said.
This first-ever-in-Nevada NSF "Research Experience for Teachers" initiative gives northern Nevada teachers the knowledge and resources to help future generations of young Nevadans learn the importance of cybersecurity and its potential as a career.
Entering the last year of the three-year summer program, they are excited at the success of the program that was funded by the National Science Foundation, and hope to get it funded for another three years.
"We've had an excellent response in number of applications each year, and the teachers have all done a great job in developing programs for their classrooms," Sengupta said. "Long term, we want to build an academic and digital community between teachers, researchers and students who are all aware of cybersecurity and how to understand it best. For the short term, right now we want to give teachers research experience in the field of cybersecurity so they may understand it better, and help their students understand what can be done using computers."
The University's Cybersecurity Center supports workforce development by producing high-value employees for both government and industry, Sengupta said.
Graduate Certificate in Cybersecurity
In its first year, the graduate certificate program emphasizes developing real-world cybersecurity solutions for current graduate students as well as working professionals in the community.
"Anyone with a four-year Bachelor degree can take the grad certificate program," Sengupta said. "We have more cybersecurity resources here than anywhere else in Nevada. Students will gain a lot of knowledge as well as contacts within the industry and government."
"The certificate provides students essential knowledge to address evolving cybersecurity challenges," he said. "We asked industries how this center could benefit them, and then designed the curriculum and formalized that and combined it with what we already had."
The cybersecurity program teaches students how to identify cybersecurity risks and to work in teams to develop appropriate, user-friendly protection and response options.
"Students in the program will not only use existing approaches when resolving cybersecurity threats, but learn to create new approaches, particularly ones relevant to the challenges that face small businesses," he said. "These are more than just computer science courses. We're looking at adding other courses to the possible class choices so people can focus their studies on what helps them most.
The certificate requires four courses: Computer Science 650, Fundamentals of Integrated Computer Security; Information Systems 670, Computer Security, Controls, and Information Assurance; Political Science: Problems in American Public Policy; Criminal Justice 740: Crime and Criminal Justice.
To learn more about the new graduate certificate and how to apply, visit the University's cybersecurity certificate website.
Research and Outreach
One of the missions of the Cybersecurity Center is to perform cutting-edge interdisciplinary cybersecurity research. So far, the Center has received about $3.7million in funding from the National Science Foundation for a variety of research.
"We're working on building a community of research and outreach, with great progress already," Shamik said. "We are truly interdisciplinary, with 20 faculty members contributing. We are doing basic research, we look at the science of it."
"The NSF infrastructure grant of $1 million started it all," Sengupta said. "And now our centerpiece is the CYBEX project, which gives us the economic feasibility to become assimilated into the community; we are creating a structural format for information that makes it secrecy and privacy secured. We're developing a framework, a big hub for Nevada. The state is a big player with us in cybersecurity planning."
The CYBEX initiative is developing a way for business, government and industry to share data safely and securely. The Center has built relationships with the State of Nevada Office of Cyber Defense Coordination, with Reno Police Department through their new Cybersecurity Center Advisory Board. They now have eight invited advisory board members, who have formally accepted, from different industry sectors such as the cybersecurity industry, IT industry and Ex-FBI agents.
The Center is reaching out to the community for partnerships related to critical infrastructure, smart grids, and smart transportation systems. In addition, the Center is working on trainings for state employees on risk management, psychology, ethics/legal issues and economics.
On campus, along with Sengupta, the team of Jeff Springer, Mehmet Gunes, Ming Li, and Nancy LaTourrette contribute to the new cybersecurity infrastructure project from NSF.
"We envision that through this and other existing NSF projects, our students will be able to explore cutting edge research; they will be able to develop new tools and they will be the next generation cybersecurity-aware workforce," Sengupta said.
The goal of the research is to design, develop and operationalize a Cybersecurity information Exchange with Privacy platform - known as CYBEX-P - using trusted computing paradigms and privacy preserving information, sharing mechanisms for cybersecurity enhancement. It identifies malware and does spam profiling and use the same method for all communication. A computer server, a non-human environment, looks for compatibility, looks for threats and then shares what it finds with all users/collaborators and makes it a proactively secure scenario for an identified virus.
"Essentially, we're working on enhancing the thinking and sharing methods around cybersecurity," Sengupta said, "and then bringing this to organizations across the state and then across the nation."
"We envision that this will help organizations to share their threat information in a privacy preserved manner and in turn giving every organization a proactive and unified security defense approach," Sengupta said. "This is how we started the idea of this grant."
More tangible applications
In other approaches geared to the general public, assistant professor in Computer Science and Engineering Ming Li is researching ways to make mobile computing more secure. Her approach to safeguarding privacy is through combining traditional cryptography technology with techniques from other computing fields.
Rather than solutions geared toward helping users turn off invasive functions or avoid transmitting personal data online, she is interested in developing technological innovations that maintain the convenience of mobile computing but with more privacy and security built in.
"Because there are more wireless technologies, there are more security threats so we need to pay more attention to the physical layer," said Li. "This is the same for the application layer, because currently we have more and more applications. Since we have more software, there are more vulnerabilities."
"These days, almost everything is in the cloud," Sengupta said. "We store information using Google Drive, Amazon Web Services, or other services that give us the convenience of storing or accessing data from anywhere, but it also gives us a problem of exposing ourselves to cyber threats. We are focusing on making things as secure, robust and reliable as we can."