Cyber is the new Plastics

Dr. Chase Cotton,
Professor of Practice, Electrical and Computer Engineering, University of Delaware

Though it dates me, I smile over the line in the classic movie “The Graduate”, where a young college graduate is counseled to consider what “Plastics” could mean to his future.

And, yes, looking back, the introduction of plastic materials into our world was indeed a sweeping change that affected everyone ­ consumers, manufacturers, designers, engineers, and business in general.

So too, the introduction of computing and communications ubiquitously into our lives again has affected almost everyone and everything around the planet.  We call this the “Internet of Things.”  Almost everything we use has a computer inside, and increasingly is getting connected to the global network – phones, cars, thermostats, sound systems, watches.

But all new things have pros and cons.  Plastics made goods less expensive and lightweight, but sometimes less durable.  And it took many years for us to learn how to use plastics without introducing new problems.  The problem we face today is that there are bad guys out there that have learned to take advantage of vulnerabilities in our new devices, the software that runs in them, and the networks they are connected to.  They have also learned to take advantage of us as human beings, fooling us into making mistakes and doing things we should not.

Cybersecurity is all about combating these vulnerabilities and making these attacks less costly and destructive for people and organizations.

Why is this happening you ask?  Well, no one is perfect.  Everyone makes mistakes.  And the bad guys use these mistakes against us whether exploiting a flaw in computer software, a less than perfectly designed communications system, or too often, getting us to click on a bad link in an email and giving away secret information, like our account passwords.

So, what is the solution?  Nothing indicates we’ll be discovering a “magic bullet” because a vaccination against human mistakes seems unlikely.  At best we can identify and protect the things most valuable to us, minimize the potential for loss by following best practices, and better prepare to quickly recover when an attack is eventually successful.   And all of these steps require education at many different levels, for our current and future scientists and engineers, our governments, corporations and businesses, ourselves, and our children.

Multi­level Education is the Key

At the top of the educational pyramid, we must accelerate advanced cyber education and research so we will have sufficient numbers of the best prepared cybersecurity professionals who will be manning the front lines.  And behind them, a working knowledge and appreciation for the cybersecurity challenge and best security practices is critical for all our future scientists, engineers, computer, and business professionals that will build and evolve our electronic online world.  Individuals too need to expand their current computer literacy skills to include ​ cyber literacy. Everyone needs to know:  What is security?  What is privacy?  What is safe?  How do I protect myself, my family, my assets?  What should I teach my children about cybersecurity? Like parents teach children “for your safety, do not to speak to strangers” and “wash your hands to prevent colds”, we must all develop a greater sense of “cyber hygiene” where our safe and private use of computers and online systems become second nature.

At the University of Delaware, we are aggressively pursuing these educational agendas at all levels.  UD has been ramping up research and education in cybersecurity since about 2008. Since 2010, we have been partnering with other Delaware educational institutions and the state to bootstrap technical interest and skills in a yearly series of college and now high school level cybersecurity summer camps.  As of this Spring, five new cybersecurity courses have been introduced for both undergraduate and graduate students at UD and a Minor in Cybersecurity available to all majors was introduced this past Fall.  Planning is ongoing for a graduate degree and certificate programs in cybersecurity to be introduced in the near future.  Student interest has been strong with almost 100 students registered for cybersecurity courses this coming Spring semester.

Research, education, and collaboration with industry and government are key to the University of Delaware Cybersecurity Initiative (UDCSI).  Under the leadership of Dr. Starnes Walker, a leading national expert in cybersecurity and founding director of the initiative, UD has been crafting educational programs in collaboration with regional cybersecurity employers such as the financial services industry here in northern Delaware and the U.S Army’s engineers and researchers in northern Maryland.

We believe that students pursuing careers in engineering, computer science, and other disciplines need to understand cybersecurity more in greater depth since most of things they invent, design, write, manufacture, or even manage will need to become ever more resistant to cyber­attacks.  And working professionals in the field need to also upgrade their knowledge of cybersecurity and secure design practices for the same reasons.

In closing, very few of us can financially afford to “go off the grid” to sidestep future cybersecurity challenges, and most of us would not want to anyway, as we very much enjoy the conveniences of our modern wired world.  But with a little extra care going forward, we may get to enjoy that world with less fear of the cyber bad guys.  No flying cars though <sigh>.