The U.S. Department of Homeland Security and National Security Agency designated WilmU a National Center for Academic Excellence for Information Assurance and Cybersecurity. That’s critical, since our digital day-to-day lives depend on the ever-changing discipline.
Dr. Mark Hufe learned an early lesson about cybersecurity the hard way.
About 17 years ago, he created a website for his daughter that taught her how to build websites. He hosted the site on a server he administered himself. And he discovered that it had been hacked when he received a cease-and-desist order from a multinational bank, which had identified the site as the source of a phishing attack on its user data.
“I’d set the password as my daughter’s name, and an automated dictionary attack cracked it,” recalls Dr. Hufe, now WilmU’s director of Cybersecurity Education and chair of its associate and bachelor’s degrees in Cybersecurity. “That’s what sub-optimal knowledge will do for you.”
The Delaware State Police’s High Tech Crime Unit investigation traced the attack’s origins to Shanghai, China. “Who has jurisdiction over Shanghai? At that point, nobody knew,” says Dr. Hufe. He contacted the bank to explain the hacked website attack. “The guy said, ‘We get about 20 of those a day.’ It’s only gotten worse since then.”
From business transactions and medical records to electronic com-munications and wireless internet connectivity, our day-to-day lives now depend on what is ultimately a vulnerable system. Especially since the ransomware attacks, data breaches, social engineering scams and other cybercrimes that make big news headlines are just the tip of the iceberg. According to information technology experts, tens of thousands of computer networks are hacked every day, potentially impacting hundreds of millions of people.
“They say there are only two kinds of companies: those that have had their data breached and those that are going to have their data breached,” says Dr. Hufe. It’s one of his favorite sayings about his academic specialty. Another one is this: “When there’s a data breach, that’s not the right time to be exchanging business cards.”
Which is why the U.S. Bureau of Labor Statistics, among other occupational observers, currently ranks cybersecurity among the nation’s fastest-growing career fields. “Cybersecurity is a frontline issue for business,” says Dr. Hufe. “It’s also a matter of national security. There’s a critical need for cybersecurity professionals in corporate America, as well as in government, law enforcement, military, and intelligence. The College of Technology is uniquely qualified to train students, and mid-career professionals, to meet this demand.”
A Short History of Cybersecurity
The first generation of digital computers, developed in the wake of World War II, were room-sized mainframe machines. Access was limited, often by a locked door, to the programmers who were trained in their complex operations, which were not connected to other computers.
By the time men walked on the moon, reductions in the size and cost of computers were leading to their adoption at the world’s largest companies, which soon began to rely on remotely networked computers to conduct their business between different locations. Passwords were added to protect individual accounts.
But the networks’ multiple entry points exposed them to the threat, and occasional reality, of unauthorized access. The Cold War thriller WarGames (1983) dramatized this liability on the silver screen.
Through the 1970s and ‘80s, university researchers and Advanced Research Projects Agency Network founders studied operating system security and developed automated techniques for identifying computer viruses and vulnerabilities. Today, companies that want to understand their vulnerabilities hire ethical hackers to attack and penetrate their organizations. These “pen testers” use the same techniques that bona fide cybercriminals use but operate lawfully through written authorizations.
The tsunami of floppy disks and CD-ROMs advertising internet service providers that flooded mailboxes in the mid-1990s kicked off a massive increase in internet and e-mail traffic worldwide. The widespread availability of high-speed internet access about 10 years later brought even more personal and business data online. As the internet has evolved from computer science research project to household furniture and personal accessory, its security threats and their potential impact have multiplied and diversified.
In response, antivirus programs, firewalls, and other cybersecurity defense tools have also proliferated. While the technicians who assess a network’s operational risks and defend its data don’t generate revenue for any organization, they’re a critically necessary insurance policy against catastrophe and chaos.
Learning to Be Paranoid
“It’s so much easier to attack than to defend,” says Dr. Hufe, “to find one vulnerability than to prevent any vulnerability anywhere. That’s the challenge in teaching and studying cybersecurity. It changes every year; you’re focusing on the attack of the year. Textbooks go out of edition pretty quickly.”
Dr. Hufe joined the faculty of then-Wilmington College in 2001 after a career as a software developer. A few months before his daughter’s website was hacked, he’d been tasked with revising the curriculum for the Internet and Network Design degree program. Classes in software development and information technology already existed, but information security, which he’d seen trending, wasn’t widely known as a course of academic study. “I asked my senior adjuncts, ‘what do you think? Are there jobs here?’” he recalls. “They said, ‘definitely.’” The website hacking incident was also a motivating factor. “I’ve learned to be paranoid,” he says.
Then-Wilmington College launched its Bachelor of Science in Computer and Network Security (renamed Cybersecurity last year) in 2005.
Six years later, thanks to Dr. Hufe’s efforts, the school and the degree were designated a National Center for Academic Excellence for Information Assurance and Cybersecurity by the U.S. Department of Homeland Security and National Security Agency. This stamp of approval acknowledges that the coursework (continually updated to remain on the cutting edge) and faculty (who’ve worked in law enforcement, banks, and other information security hotspots) meet the federal government’s rigorous standards on the subject.
“When I was earning my Doctor of Education degree, we were encouraged to think big,” he says. “National Center for Academic Excellence: that resonates. That’s jobs. That’s what I wanted to see happen. For our students and faculty to be able to put that on their résumés, how cool would that be?”
Possibilities and Purpose
That would be pretty cool. Just ask Roman Sheriff, deputy chief information security officer for the City of Baltimore, who credits his career in part to a bachelor’s in Computer and Network Security from WilmU in 2010.
“The degree helps first,” he says. “You can build a reputation through your coursework and build a network through the contacts it offers. A degree will get you in the door, if you apply yourself and ask a lot of questions. I learned as much as possible from those I worked with. My mentors at WilmU were very helpful. They were busy, but they took the time for us students.”
As a student, Sheriff was part of a Cyber Wildcats team that competed among 1,153 teams from 56 countries in the U.S. Department of Defense’s Cyber Crime Center Digital Forensics Challenge. The Wildcats took first place in the undergraduate division and third place worldwide.
“There are a lot of open possibilities in cybersecurity,” he says, “for someone who likes technology, who has an investigative mind, who wants to explore why something’s not working, and when something’s happening, why it’s happening.”
Rebecca Choynowski works as a senior cloud security architect for the Mitre Corporation, a McLean, Virginia-based research and develop-ment nonprofit. In 2013, she was taking community college classes in Maryland when hackers stole the personal data of 110 million customers of a nationwide retailer during the holiday shopping season.
“I thought, this seems like a huge problem that I could be interested in, that I could help with,” says Choynowski. She transferred to WilmU and earned her bachelor’s in Computer and Network Security in 2015.
“In information security, you’re assessing an application both for how it’s actually being used and for all the possible ways it can be exploited,” she says. “That was my main takeaway from the degree program: how can you bend something and break something beyond what its intended purpose is?”
It’s a question that offers new challenges and problems. “It still surprises me how fast technology changes,” says Choynowski. “It can be exhausting.”
By David Bernard