News

SU programs lead the way in cybersecurity education

Illustration by Tony Chao Art Director

Every day Syracuse University’s data is under attack.

Sometimes it’s “door rattling,” or hackers poking at SU’s network trying to find vulnerabilities in the system. Other times it’s phishing, when fake emails appear to be from SU but aren’t.

Though the information is constantly attacked, it is protected.

Information security officer Chris Croad and his four-person team of students are at the front lines, protecting the university’s information.

SU isn’t just trying to protect itself from cyberattacks; it’s also training students in the College of Engineering and Computer Science in cybersecurity so they can protect others beyond the university in the future. As personal information continues to go online, the field of cybersecurity is growing. SU is taking that trend a step further, incorporating cybersecurity into its curriculum and campus.



One of the first steps in protecting data, Croad said, is performing risk assessments to understand the potential damage caused if information is stolen. Croad and his team have to ask themselves important questions.

“What is the risk to the university if types of data are exposed? How many resources do we have to spend to try and protect that data and where can we best spend those resources?” Croad said.

What was once a person in their basement trying to prove themselves to the hacker community is now organized crime. Originally, Croad said, most attacks were done by individuals but now attackers are often organized criminals. They want NetIDs and passwords of SU students so they can gain access to other SU resources, send more spam and enter databases with valuable information like social security numbers and financial records.

“That’s all stuff that can be sold on black markets,” Croad said. “It’s pretty profitable work.”

At the forefront

With constant development in cyberphysical systems like power grids, automated manufacturing and cars, cybersecurity is a growing field, said Steve Chapin, a professor of computer science.

“Having a system that you can trust is going to be increasingly important,” he said.

SU is at the forefront of these developments.

The National Security Agency and the Department of Homeland Security named SU a National Center of Academic Excellence in Information Assurance and Cyber Defense. The university is one of 18 institutions across the nation to receive the distinction this year, which is the first time it was awarded, according to an Aug. 15 press release.

One of the scientists doing research at SU is Kevin Du, a professor of computer science. He has published a series of open-source lab exercises known as the SEED Project, to enable instructors to give students hands-on experience in cybersecurity. Du began developing the labs in 2001 when cybersecurity education was in its infancy. After 13 years of developing the labs and spreading the word about them at conferences, Du said faculty at about 250 universities in 30 countries use the labs.

“I just wanted a student to be able to do something in class, in addition to learning the theory and principles,” Du said.

In August, Du received an $800,000 grant from the National Science Foundation to bring professors to SU so they can be trained to use these labs in their classrooms. He said he hopes to have two workshops for about 60 faculty members to train them in using the exercises.

Du teaches two fundamental courses in cybersecurity at SU: one on computer security and another on internet security. Each class has about 80 students in it, Du said, with a mixture of undergraduates, graduate students and some taking the class online.

Specialized programs

The university also offers specialized programs to immerse students in the study of cybersecurity. One is an Educational Partnership Agreement with the Air Force Research Lab in Rome, New York and the other is the Cyber Engineering Semester, said Vijay Srinivas, senior director of corporate relations and technical alliances in SU’s Office of Technology Transfer.

The Cyber Engineering Semester launched in 2011 enables scientists from Rome to come to SU and teach students about cybersecurity as part of the base’s public outreach. The semester is open to ROTC students from other universities as well.

The 18-credit semester consists of courses in computer architecture, secure computer hardware and operating systems, among other things.

“In too many curricula, security is taught as an add-on, as a standalone module or as a standalone course, and the students don’t seem integrated with the other courses that they take,” Chapin said. “And so we’re teaching it in an integrated fashion.”

But this semester, the program is not running because not enough students enrolled. It can be difficult to recruit for and fill the program because it’s difficult to meet the criteria, Srinivas said.

“This is a technically and mathematically intensive program, so you need to have the right background to be able to take it,” Srinivas said.

Outside opportunities

In addition to the semester program, students also have the opportunity to participate in a paid 10-week internship at the Air Force Research Lab in Rome during the summer. The internship focuses on concepts like mission assurance, which involves facilitating digital communications between people on the battlefield, said Shiu-Kai Chin, a professor of electrical and computer engineering.

Another program is SU’s 10-year $30 million partnership with JPMorgan Chase. The bank runs a technology center on cybersecurity and risk management in Lyman Hall. JPMorgan Chase funded Chin’s research on the authentication of money transactions between corporations. Chin spoke about the role identity played in his work.

“How do I know it’s really you telling me it’s OK to transfer $200 million out of your bank account to somebody else?” Chin said.

Students in the cybersecurity programs have been able to intern for JPMorgan Chase.

Senior computer science major Carter Yagemann said he worked for JPMorgan Chase as part of its ethical hacking and their cyberthreat and intelligence teams and has taken Du’s course in internet security.

“Being able to tell an employer that you have some awareness in security,” Yagemann said, “that’s very valuable to them.”

Correction: In the Sept. 17 story, “SU programs lead the way in cybersecurity education” the name of the College of Engineering and Computer Science was misstated. The Daily Orange regrets this error. 





Top Stories