DU program tackles lack of cybersecurity experts amid rise in computer hacking a
Source: Tom McGhee
Computer hackers have pirated classified government information, raided banking and commercial data, and stolen identities, but so far their crimes haven’t turned deadly.
That could change. At a security conference presented by Black Hat Briefings, a pair of cybersecurity experts, using a laptop they manipulated while riding in the back of a 2014 Jeep Cherokee, demonstrated how they were able to steal control of the wheel, slam on the brakes and cause the vehicle to accelerate at any speed, said Joe Loughry, one of three computer science Ph.D’s who will be teaching a new cybersecurity master’s program at the University of Denver this fall.
With a string of high-profile hacks in the news, and officials from hospitals, banks and even the Democratic National Committee searching for ways to protect their information and ward off cyber breaches, DU is joining the fight. A new fast-track program could help close the gap between open positions in industries anxious to stop cyber attacks and workers who know how to do exactly that.
The vehicle hackers, Charlie Miller and Chris Valasek, knocked an electronic control unit off-line, and took over its duties, Loughry said. “It’s like kidnapping and replacing the helmsman on a ship without the captain or anyone else on the bridge noticing.”
In order to take control of the vehicle their laptop had to be connected to a USB port under the dashboard, but their research shows that a sophisticated hacker on the wrong side of the law might find a way to mount a similar attack remotely.
Miller and Valasek informed Fiat Chrysler Automobiles, which makes Jeep, of the vulnerabilities they found and gave the company time to solve the problem before going public with the details of the hack.
The manufacturer recalled 1.4 million of the Jeeps, sending owners USB drives preloaded with a software patch to block remote access to certain systems, and updated software to eliminate the vulnerabilities found in the 2013 and 2014 computer networks in succeeding models.
While the chance that hackers will start running vehicles off the road in great numbers is remote, recent leaks of classified information by Edward Snowden, and cyber attacks on banks, and retailers, have rattled the worlds of finance, retail, and government.
In May, the Federal Bureau of Investigation reportedly told banks to look for signs that a group of hackers that plundered $81 million from the central bank of Bangladesh may have compromised their networks. In 2014, hackers stole personal information on millions of JPMorgan Chase customers.
Data breaches have also exposed credit card numbers and other crucial information of millions of retail customers.
Insurance company Lloyds estimates that globally, cyber attacks cost businesses $400 billion a year, according to Fortune Magazine. So as the danger to national security from and home-grown hackers and state actors like Russia, China and North Korea grows, so does the need for cybersecurity experts.
“On a per-capita basis, the leading states for cyber hiring are Washington, D.C., Virginia, Maryland, and Colorado; all have high concentrations of jobs in the federal government and with related contractors,” according to a 2015 cybersecurity job report by Burning Glass Job Market Intelligence.
Boulder and Denver have large numbers of cybersecurity jobs, but Colorado Springs alone ranks among the top five cities for the number of cybersecurity jobs, according to clearancejobs.com. The city will also be home to a new National Cybersecurity Intelligence Center that is expected to elevate its profile in the cybersecurity world.
There are thousands of cybersecurity job openings currently open in Colorado because there aren’t enough qualified job applicants for those positions, said Eric Hopfenbeck, deputy national director of the National Cyber Center.
“The telecommunications backbone that is built here in Colorado because of the military makes Colorado ideal. You have all the connectivity and high-speed network that you need,” said Andy Merritt, Colorado Springs Regional Business Alliance chief defense industry officer.
The average salary for cybersecurity professionals is $116,000, according to the National Initiative for Cybersecurity Careers and Studies. And in Colorado alone there are as many as 12,000 unfilled cybersecurity jobs.
“There is such a dearth of trained talent right now that industry is really anxious for more folks who have training,” said JB Holston, dean of DU’s Ritchie School of Engineering and Computer Science. “They will take as many of these students as you can graduate.”
DU is one of five schools in the state whose cyber education programs have earned a designation from the National Security Agency, and Department of Homeland Security, as Centers of Academic Excellence.
Other schools with the designation are: the U.S. Air Force Academy, Regis University, Colorado Technical University, and the University of Colorado, Colorado Springs.
DU’s masters level cybersecurity program differs from most, said professor Ramakrishna Thurimella, a professor in DU’s department of computer science. For one thing, students don’t need an undergraduate degree in computer science.
Someone with a degree in liberal arts, or other major unrelated to computers who does well in the quantitative portion of the Graduate Record Examination, which tests basic mathematical knowledge and reasoning skills, can be accepted, Thurimella said.
The program will provide an additional three months of instruction to those who come in without a computer background to bring them up to speed.
The program is also shorter than most. “If you come in with a computer science background it will only take nine months, otherwise, it will be 12 months,” Thurimella said.
Holston and Thurimella spent two months talking to various companies to find out what they needed in their cyber-security employees, Holston said. “We built it from the start in close conjunction with industry.”
Loughry, who recently received a Ph.D from Oxford University, spent 14 years working on security problems at Lockheed Martin, one of the world’s largest defense contractors.
Computer networks that are scattered throughout the chasis and under the hoods of modern vehicles give them potential vulnerabilities similar to those exploited to pilfer data from retailers, and government computers, Loughry said.
“They gain access to one non-critical part of the network and leap-frog to other networks. It is the same thing that (Edward) Snowden did to hack the NSA,” Loughry said.
A hacker who can get control of an unimportant computer in a bank, “maybe in the department that makes sure potted plants get watered in the offices,” can then find a path through the network to a jackpot of cash or information, he said.
The military and intelligence communities solved similar problems in the 1980s, Loughry said.
Today, Russia and the U.S. coordinate radar and fighter planes over war-torn Syria in order to avoid downing each other’s aircraft.
“The CIA doesn’t trust Russia, but we can connect our systems to Russia’s via cross-domain systems in a secure fashion, and information gets shared without compromising either side’s security. That’s one of the things I want to teach my students in cybersecurity. There’s a solution that already exists, let’s try using it.”
| }
|