In its milder forms, the problem is just about universal—every computer user has encountered a phishing scam message, had his or her Facebook account hacked, or has simply gotten spam messages.
But in addition to being widespread, computer crime is growing more serious. The U.S. federal government’s computer systems are probed or attacked an average of 1.8 billion times a month, and cyber crime costs the national economy an estimated $8 billion per year, according to a report by the Senate’s Sergeant at Arms last year. And a stunning display of malware’s destructive power emerged last year, when, expert observers believe, the Stuxnet worm may have caused up to 1,000 centrifuges in Iran’s Natanz uranium-enrichment facility to malfunction and destroy themselves.
Efforts to protect against such cyber attacks are underway, including in Delaware, where a U.S. Senator, state officials and college undergraduates are among those seeking solutions.
Senator Carper Pushes Legislation to Improve Cyber Security
Senator Tom Carper (D-DE) is a co-sponsor, along with Senator Susan Collins (R-ME), of the Cybersecurity and Internet Freedom Act of 2011, introduced by Senator Joseph Lieberman (I-CT). Carper believes it is critical that the United States beefs up its cyber security efforts in order to protect vital information and infrastructure.
Carper offers examples such as the incident in 2009 in which computer spies stole data on the design and electronics systems of the F-35 Joint Strike Fighter Program, or the Russian cyber attack on the nation of Georgia’s computer systems during their 2008 conflict. Carper says one thing his experience in the Navy taught him is the importance of adapting to new weapons and tactics—of being ready for the next war, not the last one. “This is the next war,” he said, “and we’ve got to be prepared to fight it.”
The bill Carper is co-sponsoring would establish centers in both the White House and the Department of Homeland Security (DHS) to bolster the government’s efforts to keep its computer systems secure. The two centers would have different roles—the White House center would help to underscore computer security as a policy priority for the president, and the DHS center would focus on finding and combating threats.
Carper says the bill would promote more intensive monitoring of vital computer systems, spur the purchase of equipment with the most sophisticated built-in defenses, and encourage training of computer-security professionals.
“We need a comprehensive approach,” Senator Carper said. “We think this is a comprehensive approach. And we’re anxious to get this show on the road. Time’s a wasting.”
State Agency Helps Other Agencies & Public Beef Up Computer Security
Even at the state level there is an effort to protect government agencies and private citizens from cyber crime. As the chief security officer for Delaware’s Department of Technology and Information, Elayne Starkey helps with computer security for two main client bases these days—the state agencies she’s directly responsible for, and then, indirectly, everyone else. The state has only had a dedicated security program since 2005, but two years into its operation the program staff decided that the updates and advice they were sending to the agencies could be equally helpful for the general public. “It’s kind of crazy to think it could only apply to employees,” Starkey said. “Why stop at the borders of state government?” Accordingly, the department today offers a broad palette of news and information on computer security for young people, parents, businesses as well as event listings and other resources. (See the state’s cyber security page here.)
Starkey is concerned that people, especially young people, aren’t aware of the potential problems they’re creating for themselves by posting private, overly revealing information and images. People apply for jobs, she says, and they discover that human resources departments will look at what they’ve posted about themselves online. “There’s this sense that there’s nothing off limits,” Starkey said. “They’re not guarding their personal information as tightly as they need to.”
To help kids get in the habit of using computers safely right from the beginning, Starkey conducts presentations for fourth-graders in schools around the state. She also collaborates with educators in the state to organize Cyber Challenge camps where older students can learn from some of the nation’s most prominent cyber security experts. Three states had such camps last year—New York, California, and Delaware. A similar event will take place this July at Del Tech’s Terry campus in Dover.
The growth in cyber crime offers at least one benefit: the prospect of good jobs for the young people who learn the skills to combat it. Starkey says many of the students she’s worked with have gotten four- year scholarships and jobs from their experiences, and she tries to make parents aware of the potential.
“It’s definitely something that we’re very excited about,” Starkey said. “This computer security field is just exploding.”
Delaware Educators Tap Into Growing Field of Computer Security
A number of Delaware educators are tapping into the potential of this growing area of specialization. One day six years ago, Mark Hufe, an associate professor at Wilmington University, was looking at an e-mail advertising books on computer security. “A light bulb went on,” Hufe said, “that this would be a good basis for an undergraduate degree program.”
Teaching Cyber Security
Wilmington University College of Technology
Bureau of Labor statistics bore out Hufe’s hunch—the field was indeed growing, and the university moved quickly to create the new program —”we’re a very agile institution,” Hufe said. Hufe designed and initiated the specialization in 2005, and it remains the only undergraduate degree program on computer security in the state.
Hufe, who chairs the university’s Web Information Systems and Computer and Network Security programs, included courses not only on keeping computers safe from intruders but also on the forensic aspects of security, such as retrieving data needed for court cases or criminal investigations.
The program may be unique in including the forensic aspect, Hufe says, and the program’s students, who now stand at close to 300, have excelled in international competitions on this subject. In 2009, four of its students formed a team that won first place in the undergraduate category of the Department of Defense Cyber Crime Center’s Digital Forensics Challenge, a yearly international competition sponsored by the Department of Defense, the SANS Institute, a prominent computer security training provider, and the International Multilateral Partnership Against Cyber-Threats. The student team secured third place in the overall competition out of 1,153 entries from more than 56 countries. In last year’s competition they did almost as well, coming in fifth in the world overall.
Hufe has collaborated with counterparts at the University of Delaware, Delaware Technical & Community College, and officials in the state Department of Technology and Information to bring students into programs such as the U.S. Cyber Challenge, a program to find, train and encourage young people with the potential to become security professionals.
One problem Hufe points out is how many bright students don’t get opportunities to delve into technology beyond using common applications. One of his priorities is letting students know about the professional opportunities in computer security. “If they don’t know anything about cyber security they’re going to pick business or marketing,” Hufe said. “I’m working on it.”
