The 2010s was the decade of the hack, and despite the ever-increasing prevalence of data breaches, cybercrime and malware attacks, the cybersecurity world is still playing defense into the 2020s.
According to Cyberseek.org, there were more than 504,000 cybersecurity job openings in January — nearly twice as many from a year prior — in the United States. By 2021, it’s estimated there will be 3.5 million unfilled cybersecurity positions globally, according to Cybersecurity Ventures.
In an effort to hack that gap, while hacking off devious hackers in the process, West Virginia University is grooming the next generation of cybersecurity experts while hoping to spark a new economic engine.
“We are focused on investing in and developing curriculum and programs that prepare students for current and emerging fields where there is demand,” said Provost Maryanne Reed. “In particular, we know there is a significant demand for professionals with cybersecurity expertise, both nationally and within our own region.
“As West Virginia’s flagship, land-grant institution, we are committed to connecting students to jobs available in the Mountain State and engaging in research that advances the state’s economy and future growth.”
These are the kind of keyboard warriors we can get behind.
THE EVOLUTION OF CYBER MISCHIEF
When Katerina Goseva-Popstojanova, professor of computer science and electrical engineering, came to WVU in 2001, the University did not offer classes focused solely on cybersecurity. The first came two years later and, even then, the gravest fear of a casual internet user might have been opening an infected email attachment that erased computer files or reset their homepage.
And who could forget landing on some dodgy website that would generate a never-ending array of pesky popup windows.
Those problems were so 2003.
Hacking has morphed into a more sinister creature. Espionage, extortion, election meddling, data tampering, credit card and identity theft are among the list of immoral activities committed via cyberattacks.
The Lane Department of Computer Science and Electrical Engineering recognized this and put ideas into action: weave more cybersecurity into computer science classes, establish a cybersecurity program, and apply for grants and funding to ultimately help fill the cybersecurity void.
The National Science Foundation awarded the department, in a highly competitive process, $1 million for a project called Attracting and Cultivating Cybersecurity Experts and Scholars through Scholarships. Much of the funding will provide 120 annual scholarships of $5,000 to 40 undergraduate students over a five-year period.
WVU started doling out the funds this year. Recipients must be in good academic standing (at least a 3.5 high school GPA for incoming students or 3.0 GPA for current University students), have demonstrated financial need and be enrolled in an eligible bachelor’s program in the Lane department. Students will also have access to seminars, lectures, mentors and internship opportunities.
“The outcomes of the project will reach beyond West Virginia and are likely to be applicable to other states that have similar population characteristics and face similar challenges,” Goseva-Popstojanova said.
Students will learn how to program and design systems that not only thwart attacks but also allow them to continue operating if compromised.
“Developing resilient systems is important,” she said. “Attacks will happen. So how can systems keep working even if they’re attacked? You don’t want the electrical grid to get attacked and be completely out of power. The key is to make systems resilient.”
DEFENDER DEPLOYED
Jarilyn Hernandez, PhD ’19, Computer Science, is one recent alumna filling the gap.
After earning her doctorate, she joined the Massachusetts Institute of Technology Lincoln Lab, a Department of Defense-funded research and development center that addresses national security. There, Hernandez develops new machine-learning algorithms for the classification and detection of anomalous co-channel interference, which can affect wireless networking.
“With the advancements in technology, everything nowadays is automated,” she said. “These technological advancements need to be updated often and the code should be written in a secure way to develop robust systems, thus start reducing the number of cyberattacks.”
Hernandez, originally from Puerto Rico, wound up at WVU after being recruited from a career fair at the Oak Ridge National Laboratory. Hernandez wasn’t even considering a PhD program, yet Constinia Charbonnette, then with the WVU Office of Graduate Education and Life, encouraged her to check out the University. Hernandez met with Lane Department faculty and she was sold.
“The courses worked because they provided us with the opportunity to learn more about the field besides focusing merely on computer science,” she said. “Overall, my WVU experience let me solve real-life problems related to cybersecurity.”
Since 2006, WVU has been designated by the National Security Agency and the Department of Homeland Security as a National Center of Academic Excellence in both cyber defense education and research.
BEYOND ENGINEERING
Options for cybersecurity education at WVU aren’t limited. The John Chambers College of Business and Economics offers its own degree program — an online master’s in business cybersecurity management.
“Cybersecurity is a technical problem and it is a business problem,” said Virginia Kleist, associate dean for graduate programs, academic operations and research at the Chambers College. “Given the growing demand for cybersecurity expertise, it’s imperative we help establish a reputation for quality and workforce ready cybersecurity education.”
Kleist cited a 2013 data breach investigation report by Verizon that recapped 47,000 security incidents, 2,500 data disclosures and 44 million compromised records, indicating that all types of businesses are targets.
Despite the job gap and effects on large corporations and national security, cybersecurity awareness must be boiled down to the microlevel.
You don’t want to be a victim, Goseva-Popstojanova said.
She highlighted ransomware as a newer type of malicious software. Ransomware is designed to extort money by encrypting files on a computer system, and thus making them unusable until ransom is paid.
She also cautioned against the use of certain apps, even if they seem harmless on the surface. Case in point: FaceApp, the Russian mobile app that uses artificial intelligence to create a realistic rendering of what you might look like in a few decades. Despite its popularity, the app raised questions over privacy concerns.
“When you download an app, it asks for permissions, such as access to your location,” said Goseva- Popstojanova, whose research focuses on software security, information assurance and intrusion tolerance. “Apps don’t need to know that. Maybe Google Maps, but why would other apps? Apps collect data about users, track behavior and may sell your data for financial gain. Just remember, apps are always selling your information.”