Cybersecurity

We Digitized Our Lives, We Just Forgot to Secure Them

Posted by | Cybersecurity, Graduate School Highlights, Uncategorized | No Comments

Screen-Shot-2018-04-06-at-3.47.48-PM-560x306

 

 

 

 

 

 

 

We are a connected, digital society that depends heavily on networks, databases and other digital systems to operate. Almost every aspect of our lives, from the most basic tasks at the workplace to our personal communication and social interactions, to the way we shop and the tools we use to study and learn, depends on some form of electronic interaction or data exchange. These digital environments are practical, useful and fast, but in our excitement to use, leverage and widely deploy them, we have forgotten to secure them.

The spree continues

Last year, the national fast food restaurant chain, Arby’s, acknowledged that malware installed on payment systems inside specific corporate stores might have compromised more than 355,000 credit and debit card numbers. A few months later, personal information and the medical diagnoses of at least 7,000 patients at the Bronx Lebanon Hospital Center in New York had leaked. By the end of the summer, Kmart and Verizon had revealed malware infections and data leaks, all leading to the Equifax compromise, a breach potentially affecting up to 143 million customers. Even Uber suffered a data breach allegedly exposing personal information of 57 million users and drivers. Even companies in cybersecurity can be affected. Take Deloitte for example, a company once named by Gartner Research as the “best cybersecurity consultant in the world,” which had its email system hacked. The naive justification of all these compromises can be attributed to profit-driven “corporate irresponsibility”—companies and organizations minding their bottom lines rather than exercising care about securing their data.

Not my problem

Terms like breach, data leak, attack, hack, exploit and malware have become common in our vernacular, and they are immediately associated with malicious intent. For most individuals, cybersecurity incidents remain distant acts of socially awkward—but brilliant—teenagers or nefarious hackers in far-away countries. That’s until someone’s financial or health records become available on the Internet.

Companies on the other hand are aware of the impact of breaches, but for many, they are only identified as risks that are hedged against with the cost of actively protecting digital assets and that of inaction. For small businesses, a hacking attack may be detrimental, with 60 percent of small companies being unable to sustain more than six months after a compromise. For large organizations, cybersecurity insurance policies give a sense of safety from financial risk, yet there is no policy that could ever recover the reputational cost and loss of trust.

Cybersecurity compromises are not always the product of malicious intent and unauthorized access. Data breaches are also caused by unintentional omissions, software errors, poor maintenance of systems and software operator negligence or misplaced trust in careless third parties. In all cases and at all levels, dealing with cybersecurity incidents, whether malicious or inadvertent, will not be reduced until all stakeholders, from organizations to individuals, assume their share of responsibility.

The hunt for cybersecurity talent

The need for qualified cybersecurity staff has become a mainstay discussion. Cybersecurity professionals are expected to have specific, technical, specialized skills that match each organization’s technology mix. The result has been the springing up of an entire industry of cybersecurity certifications that existing information technology professionals flock to obtain. These are good options to meet current demand, but their value is often as short-lived as the product or technology they are based on.

Unlike other fields, specific technology skills are required in cybersecurity, but they are not sufficient to succeed. The field is highly technical and requires professionals to continuously cross the lines between computer science, information technology and mathematics. It also requires many important skills such as problem solving and critical thinking. These skills can’t be obtained by a weeklong vendor training or series or set of professional certifications. These are skills that are cultivated with formal education, enriched with technical training and further enhanced with on-the-job work experience.

For information on our cybersecurity program, click here.

 

By George Dimitoglou, D.Sc., Associate Professor of Computer Science and Director of the Center for Computer Security and Information Assurance

Cotton Speaker Series Launches the Cybersecurity Master’s Degree at Hood

Posted by | Cybersecurity, Graduate School Highlights, GSA, Information Technology, Uncategorized | No Comments

29261699_10155019431981261_2321211411516096512_oOn April 5th, Hood College will present the first lecture in the John C. and Janet Hobbs Cotton Cybersecurity Endowed Lecture Series. Janet Hobbs Cotton ’59 and husband, John Cotton have provided the college’s new cybersecurity master’s program with a generous gift by establishing the lecture series, which will bring nationally and internationally recognized leaders in cybersecurity to campus.

“My husband and I believe that funding a cybersecurity lecture series will be a unique way to promote Hood as it moves forward with the master’s program in this field,” said Janet. “It will give students a more in-depth understanding of the climate surrounding cybersecurity problems in the world. Members of the Washington, Baltimore and Frederick communities will be encouraged to participate and become more aware of the issues our society faces today.”

The first lecture, slated for 7 p.m. in Hodson Auditorium in Rosenstock Hall, will feature retired four-star general Keith Alexander and mark the official launch of Hood’s Cybersecurity Master’s Program. The importance of establishing a new cybersecurity program is especially emphasized in this time of “the global cybercrime epidemic”, predicted to cost the world $6 trillion annually by 2021 and creating an unprecedented shortage of cybersecurity workers, according to Cybersecurity Business Report.

More specifically, a shortage of 3.5 million cybersecurity workers is being predicted by 2021, with a cybersecurity unemployment rate of 0 percent (zero!) in 2016. This astonishing figure is predicted to stay constant till 2021, as there are currently two job openings for every one qualified professional. This lack of cybersecurity talent is obvious in both the US and abroad. The National Association of Software and Services Companies (NASSCOM) recently predicted that India alone will require one million cybersecurity experts due to its expanding economy. Despite having the largest IT talent pool in the world, it is highly unlikely that India will be able to produce an adequate number of professionals to meet the demand.

Upper level management positions related to this field are also in a pattern of steady growth. Approximately 65 percent of large U.S. companies have a Chief Information Security Officer (CISO) position, up from 50 percent in 2016, according to ISACA, an independent, nonprofit, global association. Cybersecurity Ventures predicts that all large companies in the world will have a CISO position by 2021. With all these astonishing predictions and numbers being generated in the last several years, the Hood Graduate School is proud to continue its leadership in the field with the establishment of the new Cybersecurity Masters of Science Program.

 

For more information about the John C. and Janet Hobbs Cotton Cybersecurity Endowed Lecture Series, please click here.

The Specter and Meltdown Vulnerabilities: a CPU/Architecture Perspective

Posted by | Computer Science, Cybersecurity, Information Technology, Management of Information Technology | No Comments

SpecterMeltdown-Pierce-HoodCSSpecter and Meltdown, names given to a recently discovered vulnerability that affects almost every computer chip manufactured in the last 20 years. If exploited, attackers could gain access to data previously considered completely protected. The Specter and Meltdown flaws work by exploiting two important techniques used to make CPU chips execute faster, called speculative execution and caching.

Speculative execution allows a CPU to attempt to predict the future to work faster. For example, if the chip determines that a program contains multiple logical branches, it will start calculating the values for all of the branches before the program decides which branch to take. When the correct branch is determined, the CPU has already produced the values for that branch. If the CPU sees that the same function is frequently used, it might use idle time to compute that function so it has what it thinks the answer will be ready if needed.

Caching is used to speed up memory access. Random access memory (RAM) is located on separate chips and it takes a relatively long time for the CPU to access data in the RAM. There is a special small amount of memory storage called CPU cache that is built on the CPU chip itself that can be accessed very quickly. This cache memory gets filled with data that the CPU will need soon or often. Data that is produced by such speculative execution is often stored in the cache, which contributes to making it a speed booster. The problem arises when caching and speculative execution start circumventing protected memory.

Protected memory is a foundational concept underlying computer security. It allows a program to keep some of its data private from some of its users, and allows the operating system to prevent one program from seeing data belonging to another. In order to access data, a process needs to undergo a privilege check, which determines whether or not it’s allowed to see that data.

A privilege check can take a relatively long time. Due to speculative execution, while the CPU is waiting to find out if a process is allowed to access that data, it starts working with that data even before it receives permission to do so. The problem arises because the protected data is stored in CPU cache even if the process never receives permission to access it. Because CPU cache memory can be accessed more quickly than regular memory and due to the long latency associated with privilege checks, the process can potentially access certain memory locations that it shouldn’t be allowed to access. As this problem exists in the hardware there is no direct way to correct it. Software patches have been offered to mitigate the exposure but have led to some degradation in performance of the CPU. In many cases, the software patch is targeted at a specific product and installing the wrong patch can severely impact system operation.

The most immediate action security teams and users can take to protect computer systems is to prevent execution of unauthorized software and avoid access to untrusted websites. Security policies must be are in place to prevent unauthorized access to systems and the introduction of unapproved software or software updates.

Bill Pierce

*Prof. Bill Pierce, the author of this article, is an Assistant Professor of computer science at the Department of Computer Science & Information Technology at Hood College in Frederick, Maryland. He teaches undergraduate and graduate courses in Computer Architecture, Digital Logic and Switching Theory, Digital Signal Processing and Musical Computing.*

Protect Yourself in 2018 with These Cyber Tips

Posted by | Computer Science, Cybersecurity, Graduate School Highlights, Information Technology, Management of Information Technology, Uncategorized | No Comments

17_CyberSecurity_Tshirt-1Each time we use our computer or device while on campus, we become a node on the College’s computer network. Being called a “node” may sound impersonal, but in reality it is an automatic assignment of personal responsibility. When it comes to computer security, a network is only as secure as its weakest link. This means that each one of us, (each node) must exercise a great deal of responsibility when using network resources and while connected on the campus network. Here are four common cases that may compromise your personal security and impact campus network security:

#1 Never Respond to Emails Asking for Personal Information
No colleague, friend, IT support professional or vendor with whom you interact should ever ask via email for account information, credit card numbers or passwords. Under no circumstance should you ever respond to such information requests via email.

#2 Never Respond to Calls about Tech Support You Did Not Initiate
A common new scam is receiving a call from a “Helpdesk” or “Microsoft Tech Support” about your computer. Legitimate technical support organizations respond to inquiries by their users, they don’t proactively call their users to “fix” unreported problems.

#3 Ransomware
Ransomware is a special type of malware. Be suspicious of any emails trying to trick you into opening infected attachments or clicking on malicious links. Common sense is your best defense. In addition, backups are often the only way you can recover from ransomware.

#4 Scam Alert: Your Trusted Friends Can Hack Your Facebook Account
If you receive a message from any of your Facebook Friends asking for urgent help to recover their Facebook account, because you are one of their ‘Trusted Contacts,’ don’t blindly believe it. Researchers have detected a new Facebook phishing scam that can trick even an experienced technical user into falling victim to the scam, helping an attacker gain access to your Facebook account.

Any of the above may compromise your system or device (e.g. tablet, phone) or allow scammers to obtain your personal information. More importantly, any of these will make you the “weakest link” in the College’s network, putting everyone else in danger of further exploitation. Computer security is, unfortunately, one more thing we must be vigilant about. But with some common sense you can keep yourself safe and contribute to keeping the campus computing environment safe for all of us.

 

By Eddie F. Hamad M.S.’18 (Cybersecurity), CISSP, CEH and George Dimitoglou, Ph.D., Program Director, Cybersecurity

How a Hood graduate degree can help you get a high-paying job

Posted by | Accounting, Bioinformatics, Biomedical Science, Business Administration, Computer Science, Cybersecurity, Financial Management, Graduate School Highlights, Information Technology, Management of Information Technology, Professional Development Institute, Uncategorized | No Comments

GS_Banner (1)

According to job and recruiting marketplace Glassdoor, nearly seven of ten people (68%) report that compensation is among the “leading considerations” when choosing where to work. In “25 Highest Paying Jobs in America in 2017,” physicians, software engineers and managers are among the highlighted highest paid jobs. “This report reinforces that high pay continues to be tied to in-demand skills, higher education and working in jobs that are protected from competition or automation. This is why we see several jobs within the technology and healthcare industries,” said Dr. Andrew Chamberlain, Glassdoor’s Chief Economist. Therefore, one of the crucial and initial steps to take if looking into such highly paid valued positions, is to obtain the needed education for executing them.

Whether one is looking into changing a career to IT or software architecture, getting a promotion to Software Engineer Manager or starting work in the ever-growing fields of Cybersecurity or Biomedicine, the Graduate School at Hood College is here to for those seeking advancement.

For advancement in jobs mentioned in the Glassdoor research, such as Pharmacy Manager, Information System Manager, Financial Planning and Analysis Manager, Hood’s Graduate School offers degrees in Business (Accounting, MBA, Financial Management), Computer Science (Computer Science, IT, Management of Information Systems and Cybersecurity) and Bioinformatics, Biomedical Science and Geographic Information Systems, all designed to deepen intellectual understanding and to broaden competencies for career advancement. The Graduate School is also providing graduate-level courses for non-degree-seeking individuals who wish to pursue continuing education for career growth or personal interest or to sample a particular program.

Take a first step towards your dream job at the Hood College Graduate School. Contact us at gofurther@hood.edu.

The full list of Glassdoor’s highest paying jobs can be found at http://bit.ly/2EvThqd

Hood College Graduate School launches new MS Program in Cybersecurity

Posted by | Cybersecurity, Graduate School Highlights | No Comments

cyberrrr

Interview with Dr. George Dimitoglou; Cybersecurity Program Director and Director of the Center for Computer Security and Information Assurance

 

 
How will this program serve the region’s cybersecurity needs?
The regional needs for properly trained cybersecurity professionals is staggering. There are over 60,000 unfilled positions in the two major metropolitan Mid-Atlantic areas (Baltimore, DC) alone. Our goal is for graduates of our MS in Cybersecurity program to fill as many of these positions as possible at all levels, depending on their interests: from the highly technical to the managerial.

Can you tell us more about creating the Cybersecurity degree?
The MS in Cybersecurity was created to address the growing regional needs for cybersecurity professionals. Creating the degree did not start from scratch. The Department of Computer Science & Information Technology has been offering a graduate Certificate in Cybersecurity for over seven years and it became our foundation for our master’s program. But we wanted to make sure that we adhere to the state of the art in cybersecurity education so we build the new program.

What are the strengths of the program?
The most important aspects of the program are the hands-on, experiential learning component and the Capstone experience. While we are committed to providing all the necessary theoretical background, cybersecurity is an applied field, so our courses have a heavy hands-on, laboratory component to reinforce the lecture material and sharpen student skills. The Capstone is unique because it is the culmination of what our students learn during the program, applied to a regional organization. Our students become “embedded” to an organization and work on real-life cybersecurity projects. Students that already work in the industry have the option to work one-on-one with faculty and an industry mentor on a significant research project.

What is unique about this program?
There are several courses that are really interesting — our Forensics course provides students with hands-on lab experience using state of the art forensic analysis tools (think of CSI but solving computer and network hacking incidents). Our Ethical Hacking course is training students how to think like hackers to better protect computers and networks. We are constantly introducing interesting topics and my top priority is to recruit and retain the best faculty to teach in our classes.

Who will be teaching the classes?
Aside from our regular, full-time faculty we always bring in highly qualified industry professionals — for example, our Cryptography course is taught by a former US Army code breaker.

What can you tell us about current interests of and from students?
Students are very interested in system and network security because it is the foundation of skills and knowledge in this area. We see a lot of interest in forensics and ethical hacking.
The program was approved by the Maryland Higher Education Commission (MHEC) in late August and within weeks we had a full class of students in the new program. We are now accepting applications for the spring semester.

Hood’s Graduate School at the CyberMaryland conference

Posted by | Cybersecurity, Graduate School Highlights | No Comments

CyberMDHood College Professors Ahmed Salem and George Dimitoglou attended the 2017 CyberMaryland conference October 11 & 12 in Baltimore. Titled “Leading the Cyber Generation”, the conference included opening remarks by Governor Larry Hogan, Senator Chris Van Hollen, and talks by several nationally recognized speakers and thought leaders from Maryland’s cybersecurity sector, and panelists on cyber and technology innovations. The Hood Graduate School also participated in the Cyber Maryland Industry Showcase with an exhibitor space, joining today’s top cybersecurity companies and organizations while showcasing Hood’s educational offerings, including the new MS in Cybersecurity, set to officially begin with the spring, 2018 semester. The conference promoted Maryland as a nationally and internationally recognized cybersecurity leader, with the development of cybersecurity experts, education and training programs, technology, products, systems and infrastructure. Such development is crucial, as the United States is at risk with over 10 million cyber hacks a day resulting in an annual worldwide cost of over $100 billion.

CyberMaryland was a place to talk about the tens of millions of Americans who have had their identities and bank accounts threatened or compromised. The conference’s website states: “Ensuring that our nation has the workforce, technology and resources to protect our citizens, businesses, infrastructure, intellectual property and more is of paramount importance. Maryland continues to be a leader on this front”.

​Dr. Dimitoglou says that there is a significant regional need for qualified cybersecurity professionals. “Hood College is in one of the most exciting states in the US for cybersecurity, as there are over 60,000 unfilled positions in the two major metropolitan Mid-Atlantic areas of Baltimore and DC alone. We are really in the heart of where everything happens.”

Graduate Women in Science Establishes Local Chapter at Hood College

Posted by | Bioinformatics, Biomedical Science, Computer Science, Cybersecurity, Environmental Biology, Graduate School Highlights, Information Technology, Management of Information Technology, Mathematics Education and Leadership | No Comments

Picture

FREDERICK, Md. — An international organization dedicated to empowering women in science is launching its 25th United States chapter Jan. 23.

The Greater Maryland Chapter of Graduate Women in Science (GWIS) will launch at 6 p.m. in the Whitaker Campus Center Commons at Hood College. The event begins with an informal mixer followed by a lecture by featured speaker Col. Andrea Stahl, deputy commander of USAMRIID at Fort Detrick. Afterward, there will be a business meeting to discuss upcoming events for this new chapter.

The GWIS mission is “to build a global community to inspire, support, recognize and empower women in science. The organization strives to build a powerful international network of women scientists, mentor the leaders of today so that they can inspire the leaders of tomorrow and empower women scientists to excel in their careers.”

The event is free and open to the public. For more information about GWIS, visit www.gwis.org. For more information about the launch event, contact April Boulton, Dean of Hood College’s Graduate School and Associate Professor of Biology, and co-founding member of the new chapter, at 301-696-3600 or boulton@hood.edu.

16_ABET-Accreditation

Hood College receives ABET accreditation

Posted by | Computer Science, Cybersecurity, Graduate School Highlights, Information Technology, Management of Information Technology | No Comments

Hood College’s Bachelor of Science program in computer science recently received the ABET accreditation which is a demonstration of its commitment to providing students quality education. The ABET accreditation is a voluntary peer-review process that requires programs to undergo comprehensive, periodic evaluations. The evaluations focus on program curriculum, faculty, facilities and institutional support and are conducted by teams of professionals from industry, academia and government with expertise in the ABET disciplines of applied science, computing, engineering and engineering technology.

This accreditation is noteworthy for students in our graduate programs who pay their way through school via tuition reimbursement from their employers. Several employers are only willing to reimburse students who enroll in schools with ABET accreditation. These employers see the accreditation as a measure of the quality of the programs at a school.

According to Xinlian Liu, Ph.D., co-chair of the Department of Computer Science and Information Technology, “this accreditation is expected to attract a lot more students to our programs, especially with our proximity to the I-270 technology corridor. We hope to see a lot more interest in our programs going forward”.

Find out more about the computer science department and programs, visit cs.hood.edu.

Fall 2016 Computer Science and Information Technology Department Events

Posted by | Computer Science, Cybersecurity, Graduate School Highlights, Information Technology, Management of Information Technology | No Comments

This fall, the Computer Science and Information Technology Department at Hood will be co-hosting a number of exciting events here on campus. All students, faculty and staff are welcome.

Python Frederick- 2nd Wednesday Talk – Jupyter Notebook
Whitaker Commons
Thursday, September 14
6:30 p.m.

Python Frederick has a talk the second Wednesday of each month. This month:
Jupyter Notebooks (http://jupyter.org/) are helpful tools for anyone working with data. Popular with scientists of all types, Jupyter Notebooks let you work with Python right from your web browser! You can easily graph data and share your findings with others.
You’ll learn how to use Jupyter Notebooks so you can learn to supercharge any research you’re involved in.

Python Frederick – 3rd Saturday Open Workshop – Python Serverless Microframework for AWS
Coblentz Hall Seminar Room
Saturday, September 17
10:00 a.m. – 12:00 p.m.

Python Frederick has an open workshop the 3rd Saturday of each month. You can work on a common project selected for the day or bring your own project and enlist the help of others.

Hack Frederick Hackathon
Coblentz Hall Seminar Room
Saturday, October 8
10:00 a.m.

Registration is required to attend this event. Additional information is available at https://www.hackfrederick.com/. Interested students should contact Dr. George Dimitoglou at dimitoglou@hood.edu to form teams.

Python Frederick- 2nd Wednesday Talk – pygame
Whitaker Commons
Wednesday, October 12
6:30 p.m.

Python Frederick’s Second Wednesday talk for October will talk gaming!  We’ll discuss pygame, a Python library for making video games, with the Frederick Game Development meetup.