By Eric Barton
When the USS John S. McCain collided with an oil tanker off Malaysia in August of 2017, it became the fourth naval ship in less than a year to suffer such an accident. A theory emerged that hackers were to blame.
As an examination into the matter continues, Admiral John Richardson, chief of naval operations, has indicated that investigators are considering the possibility of a “cyber intrusion or sabotage.”
It’s the kind of scenario that will likely become all too common in the near future, and the need to plan for such situations is why FIU has become an international research and educational hub for cybersecurity, says Sundaraja Sitharama Iyengar, director and Ryder professor of the School of Computing and Information Sciences within the College of Engineering & Computing.
Previously, concerns about cybersecurity were confined to those working in IT fields. But in recent years, a cybersecurity industry has evolved as those who need to worry about hacking run all the way from governments and corporate executives down to public utilities, mom-and-pop businesses and ordinary individuals. In response, FIU has added new degree programs and expanded its cybersecurity courses across disciplines to bring in business and criminal justice students as well as the more traditional computing and engineering students.
“We are creating cyber warriors,” Iyengar says. “These cyber warriors from FIU will learn to protect us from cyberattacks and then go on to train the world.”
The need for cybersecurity and the industry being built around it is something Iyengar foresaw 26 years ago. In a series of academic papers long before the internet became well known, Iyengar predicted computers would one day be connected and that those communications would be susceptible to attacks.
That’s come to be reality in the past decade, and in the past few years several FIU departments have developed specialties in cybersecurity, says Brian Fonseca, director of the Jack D. Gordon Institute for Public Policy within the Steven J. Green School of International and Public Affairs. The institute has developed undergraduate and graduate tracks in cybersecurity and organizes a one-year cybersecurity fellowship program that pairs women with mentors and offers professional development. “
“There are cybersecurity policy implications in almost any field,” Fonseca says.
In just one example of that recognition, the Green School has collaborated with the FIU College of Business to jointly offer a Cybersecurity Leadership & Strategy Certificate geared to professionals in law, government, health care and other industries as well as policymakers in national security looking to defend their networks and secure their data against attack. Fonseca, a former senior researcher at U.S. Southern Command, helped create the program.
The certificate program has the backing of the Organization of American States (OAS), which has been working to build cybersecurity capacity throughout Latin America and the Caribbean for more than a decade. The OAS provides its top cybersecurity specialists to help teach the course and contributed to the development of the curriculum.
Earlier this year, FIU became the first university in the nation to offer a bachelor’s degree in the Internet of Things. The new degree addresses four major areas of IoT – hardware, software, communication and cybersecurity. Experts agree that soon billions of IoT devices (smart watches, smartphones, home security systems, autonomous vehicles) will be connected worldwide. What makes it possible for digitized applications to work remotely opens the doors for attackers to inject malware or gain complete control of the devices.
This new wave of technology is necessitating the need for highly trained IoT specialists.
“We are focused on preparing our students with specialized skills to succeed in the operations that help prevent and respond to these particular cyberattacks and the techniques required to strengthen the defense of vulnerable systems that employ IoT devices,” says Kemal Akkaya, program director of the IoT degree and associate professor in the Department of Electrical and Computer Engineering.
These efforts coupled with the College of Engineering & Computing’s strength in the field have made FIU a nationally recognized hub for cybersecurity study and research, says Vir V. Phoha, a national cybersecurity expert and professor of electrical engineering and computer science at Syracuse University.
“[FIU’s] faculty is world class, and at this point they are ranked among the top cybersecurity universities in the nation, both for funding and for the work they are doing,” Phoha says. “This cybersecurity work will bring FIU great national visibility.”
At the micro-level
While most agree bolstering cybersecurity is necessary in government and business, few individuals know how to protect themselves, says Jerry Miller, associate director of robotics and wireless research and an adjunct faculty member of FIU’s School of Computing and Information Sciences.
Before he retired as an Air Force colonel, Miller worked to identify potential risks to government computer systems. But he says the threat is often far more localized, down to the devices we all carry with us. Simply allowing a phone app to track our locations or uploading a family picture to Facebook can create security risks.
“We have no idea the vulnerability that we’ve opened ourselves up to by simply sharing our location or vacation photos,” Miller says.
Miller says his early-career experience as an Air Force helicopter rescue pilot helped him understand the importance of keeping information safe. Downed pilots who are taken as prisoners of war are more vulnerable if they have uploaded photos of themselves to the internet, possibly allowing captors to make specific threats against a pilot’s family. This prospect is something that’s becoming a reality now with hackers who are gaining access to computers and ransoming them back to their owners.
In response, Miller and others at FIU are studying new ways to protect phones and other devices from hackers. Two approaches now being studied at FIU, for example, could remove the need for typical passwords, thereby making electronics more secure. One relies on a phone’s accelerometer, which governs screen orientation, to monitor a user’s gait and confirm that the right individual is truly in control of the device. The other, called Pixie, gives a user the option of substituting a photo of a common object in place of an alpha or numeric password.
There’s also research being done at FIU to keep even smaller devices like the Fitbit and Apple Watch safe, again something individual users probably never think about. Just like computers and phones, these can be susceptible to hackers, who could access sensitive health and other information.
Students on the front lines
Over the past four years, the Department of Defense has invested more than $4 million in the university’s cyberspace test technology research and development and STEM workforce development program (Cyber Fellows program), which provides hands-on research experience to FIU students studying computer science, computer engineering and information technology. A half-dozen STEM students are inducted formally as cyber fellows each year. They acquire work experience by conducting technology research and development at FIU’s Applied Research Center (ARC), which administers the program, and they participate in summer internships at Department of Defense facilities across the country.
“The specialized training and excellent education received at FIU makes our students extremely attractive to government agencies and government contractors,” says Leonel Lagos, director of research at ARC.
Jennifer M. Fernandez majored in computer engineering and participated as a cyber fellow. She completed an internship at global defense and aerospace firm Lockheed Martin, where she was offered a full-time job and started within a few months of her graduation in May of 2016. With that position in hand, Fernandez curtailed her job search but nonetheless received another offer, from Boeing, and says interest from other recruiters was likewise high. Currently four other FIU graduates work with her in the cybersecurity area in Lockheed’s Orlando office, where the tools and terminology she learned at FIU—in courses such as malware reverse engineering and digital forensics, among others—have positioned her well.
“I had good exposure, good experience from school” says Fernandez, who is helping establish the infrastructure for future cybersecurity testing.
As part of their training—and something that makes them so desirable to potential employers—students within the Department of Electrical and Computer Engineering, from which most of the fellows come, get a lot of training and practice in how to hack into systems and how to prevent others from gaining access, says Shekhar Bhansali, department chair.
“The reality is, everything is hackable. It’s a very humbling thing to realize even the best built system is not hack-proof,” Bhansali says. “By teaching our students how to hack into another system, we are teaching them how to think like a hacker, and that’s how we can work to prevent being hacked.”
Students interested more in policy issues surrounding cybersecurity, on the other hand, are enrolling in FIU’s Undergraduate National Security Studies Certificate Program within the Steven J. Green School of International & Public Affairs. Martha Rivera, who earned an undergraduate degree in international relations and poli-science in 2013 from FIU, returned to FIU to complete the program in 2017.
As part of Rivera’s studies, she attended a gathering organized by FIU in Washington, D.C. There she met some of the top cybersecurity experts in business and government from the United States, the Caribbean and Latin America. During workshops, Rivera recounts, the students brainstormed ways to crack real-life cases with those who actually had a hand in their resolution.
“It was exciting to sit there across the table from the top trainer at Microsoft and people who are the top cybersecurity experts in their countries and try to solve some very difficult scenarios.”
The bigger picture
The size and frequency of hacks in the past few years—breaches of online retailer eBay in 2014 and at credit bureau Equifax in 2017 each impacted more than 140 million consumers—suggest that they are getting bigger and potentially more dangerous. FIU remains ready to play a role in foiling them.
In December, in efforts to educate the greater community, the university hosted more than 300 attendees of the Florida Cybersecurity Conference at the Modesto A. Maidique Campus. Recognizing that cyberattacks are among the most urgent threats to national and economic security, leaders from the Florida Small Business Development Center Network, the Greater Miami Chamber of Commerce and the U.S. Chamber of Commerce gathered with FIU faculty and graduate students to discuss, among other topics, the role of Homeland Security, how to secure the electronic data collection that is common today within so-called “smart cities” and how, generally, to manage all related risks.
Meanwhile, inside the Applied Research Center’s Cyberspace Test Technology laboratory, researchers are working with cyber fellows to develop a cyber threat automation and monitoring system to detect, analyze and monitor malware behavior during cyberattacks, says Himanshu Upadhyay, a senior research scientist in ARC. Such a system would allow the federal government to run, for example, cyberattack test scenarios on defined Department of Defense missions and explore a variety of responses to determine which ones work best. Says Upadhyay, “This will be a platform that allows us to model multiple scenarios that could happen in the real world.”
FIU is also working on ways to prevent unauthorized access to smart grids, thanks in part to the work of Osama A. Mohammed, associate dean of research in the College of Engineering & Computing. Smart grids control the nation’s power system and could lead to crippling blackouts. Students are collaborating on ways to build firewalls for patient records stored at health facilities that could be held ransom against those who wouldn’t want their information shared publicly.
All of this research will help prevent such attacks by working to predict the way hackers work in the future. “We are taking steps to become the preeminent cybersecurity research center and university, and we already have several advantages, such as cross-cultural awareness, which will help us to become so,” says Miller, the former Air Force colonel. But he recognizes that cyberattackers never let their guard down— and neither should the university. “To be the best, and maintain that position,” he says, “it will require us to be rapidly innovating to keep one step ahead of the threat.”