Securing Cyberspace in the Midst of Challenges
From intricate systems such as your smartphone and your connected car, to such simple requests as asking Siri what the weather will be this weekend or requesting Alexa play your favorite song, the billions of hi-tech devices that compose the IoT can make life more convenient — but also more complicated at the same time. With an ever-flowing stream of devices networking around the world comes a flood of vulnerabilities — including those that trail from device to device — making cybersecurity an increasing priority for governments, private companies and even members of the public.
“Computing has infiltrated all aspects of peoples’ lives. When I started it was pretty much mid-sized and large companies,” said professor of computer science, Dr. Jeff Donahoo. “The internet existed but nobody had it at their house, almost nobody had it at their business.”
Trends have changed and computation has become a commodity, he said. “Because it’s everywhere and anybody can have it, and it’s cheap, that drives you to put more and more data out there. That exposure also drives the need for cybersecurity professionals.”
At Baylor, Donahoo is developing curriculum in the areas of undergraduate, master’s and continuing education, with the possibility that some of the offerings could be available online. “Cybersecurity is one of those programs we believe that will greatly benefit from an ongoing relationship with the university that you graduated from. The field changes so quickly that we hope to remain connected to the students,” he said.
“The field of cybersecurity is so huge that it’s hard to wrap your mind around all of the points where you need to defend your infrastructure. With a scope so large, vulnerabilities can change by the day.”
In the last three years, Donahoo’s focus on cybersecurity has gone from a week of topics in each of his classes to the development of a semester-long undergraduate Introduction to Cybersecurity course. That course covers the concepts of cybersecurity and defensive programming, or writing a program so it doesn’t get hacked.
“The field of cybersecurity is so huge that it’s hard to wrap your mind around all of the points where you need to defend your infrastructure,” says Dr. Donahoo. “With a scope so large, vulnerabilities can change by the day.”
Those fluid vulnerabilities require a highly competent and technical workforce, in both “boots on the ground” and leadership roles, adds Dr. Donahoo. “Without well-trained cybersecurity professionals, we as a nation are vulnerable to cyber weaponry by economic hacks as well as nation-state espionage. An attack on our power grid could undermine our economy, jeopardize our military infrastructure and be exploited to distribute propaganda,” he says. “As we defend our nation heading into the midterm elections, there are also implications for democracy.”
Another critical component to Baylor’s cybersecurity education is intercollegiate cyber competition, a tool that allows students to drive their skillsets in cybersecurity. One such competition is the Collegiate Cyber Defense Competition (CCDC). Through this program, students act as cybersecurity professionals brought in to help a company whose systems have flaws. With little information about the IT infrastructure, they walk into a secure room and must break into the computer — without any logins or passwords provided. At the same time, a “red team” of professional hackers is attempting to wreak havoc every step along the way. The teams are scored on their ability to minimize system infiltration, maintain critical service operations and prevent the exfiltration of sensitive data. The team with the most points — meaning, prowess — emerges the victor.
For the past three years, Baylor University has fielded a team in the competition, with part of its preparation entailing working as a single unit as well as on individual areas of expertise on a system that can be hacked without posing danger to any campus network.
After taking his first group of students to the Collegiate Cyber Defense Competition two years ago, Donahoo began offering a competitive cybersecurity class to provide the team a focused practice time to hone their skills.
In its second year in the competition, the Baylor team took the top prize in the Southwest Collegiate Cyber Defense Competition, and in this past spring’s event, the team advanced to the National Collegiate Cyber Defense Competition in Orlando, Florida, where it earned the number-four spot among the 10 best teams in the nation.
The competition underscores the need to ramp up training and education to develop qualified cybersecurity professionals, says Donahoo, who also coaches the team. “You can find survey after survey about the lack of cybersecurity pros, with about one- to two-million unfilled jobs globally,” he notes. “When you don’t have qualified professionals, bad things happen. And with low supply and high demand, the vast majority of small businesses are being priced out of the cybersecurity market.”
Baylor is helping to develop high-caliber talent in myriad roles of cybersecurity, and everyone from large corporations to the NSA and FBI are already looking to hire them. Case in point: due to their stellar performance in the most recent competition, all eight members of the team received attractive job offers in cyber defense from Walmart.
“Baylor uses the success of the competition to recruit students and companies to partner with our ECS program,” says Dr. Donahoo. Engineering and Computer Science (ECS) professors and students also work with middle-school and high-school students, helping them participate in cybersecurity competitions and a course.
“The competition is set up like a real company – demonstrating how the skills are applicable in industry,” said Maddie de la Torre, a Baylor junior who’s training for this year’s competition.
“Having not only the information but also the know-how to set up and secure various services on various machines, as well as defend against attacks nonstop, really sets cybersecurity members apart to companies,” said de la Torre.
Competitions present challenges in which both success and failure have educational value and serve to develop today’s students to become tomorrow’s cybersecurity experts, observed Donahoo.
In 2017, Baylor held its first Cyber Day to help bring attention to the critical work of the profession and help grow the talent pool. The goal of the event is to develop a partnership with industry.
Executives from large companies that provide cybersecurity or those that are consumers of cybersecurity services, including IBM, ExxonMobil and Verizon, are invited to a roundtable discussion on the industry.
In the afternoon, a public forum is offered where students can ask questions about cybersecurity as a profession. In the evening, students are invited to take part in a hackfest, an intense cyber game of king of the mountain, with teams of students trying to hack into a server and plant their flag.
“If you can hack into it, then other people can hack into it. Once you hack into it and plant your flag, if you want to keep it, you’d better fix whatever was broken that let you hack into it,” said Donahoo. “The game starts as a cyber offensive operation with students trying to get into the server and turns quickly to a defensive operation trying to keep other teams out.”
October 2018, Baylor hosted their second Cyber Day with a focus on cybersecurity in healthcare.
Getting an Early Start
Donahoo knows that to train the best, he has to build a pipeline that starts at a young age. He has partnered with local school districts to develop their cybersecurity programs and to help students compete in the CyberPatriot competition, a national youth cyber defense competition. Several rounds of the competition have been held on Baylor’s campus.
One of the first local school districts Donahoo worked with was Midway ISD. Because of the success, the number of students in their cybersecurity class has doubled.
“There is not a set curriculum to follow in this field, and so we’re really trying to help fill in the holes where necessary,” said de la Torre, who is assisting with the program.
This year, Donahoo will also work with Temple ISD. As the need for cybersecurity continues to evolve, he hopes to one day develop a summer camp that could be held on Baylor’s campus.
Donahoo notes that changing trends will only continue to drive the need for cybersecurity professionals. “You rely on it as an individual just to be able to conduct your daily life. You answer things with Google and Wikipedia. You figure out where you’re going with whatever map you use. You ask your devices for help almost like they’re humans,” he said.