Universities, NSA Partnering on Cybersecurity Programs

By Peter Sclafani, Capital News Service

Universities across the country are racing to prepare the next generation of cybersecurity experts before a major cyberattack leaves the country’s networks struggling to reboot.

Schools—including the University of Maryland, Towson University and Johns Hopkins University—have partnered with the National Security Agency and the Department of Homeland Security to meet the growing need.

NSA, headquartered in Fort Meade, and the DHS have partnered with 181 schools to come up with new programs in hopes of drawing more students to the booming field while securing the nation’s information infrastructure.

For a school to be considered a National Center of Academic Excellence in Information Assurance or Cyber Defense it must adhere to the criteria outlined by the NSA and DHS. Certification ensures students leaving school with a background in cybersecurity have the necessary skills to help secure major networks for the government or private sector. 

The requirements are broken down into 10 sections to evaluate the school’s cybersecurity program in areas including academic content, the number of faculty who actively teach courses in cybersecurity, and student involvement in cyberresearch. 

Schools must offer classes in C programming language, networking, discrete math and cyberdefense, among other topics, in order to meet the NSA’s academic content requirements.

In addition to government agencies, private companies have also partnered with computer science programs across the country in an attempt to educate students on how to effectively fortify and locate security breaches in computer networks.

With the help of $1.1 million from Falls Church, Va., based Northrop Grumman, a defense and information technology company, the University of Maryland created a new cybersecurity program emphasizing multidisciplinary solutions called Advanced Cybersecurity Experience for Students. The program contrasts with more technical approaches to cybersecurity problems preferred by other programs.

"Cybersecurity is really a systems problem. Some say it is a technical problem, but you need to look at the problems globally," said Michel Cukier, the director of ACES.

To combat the problem, Cukier said the new ACES program aims to focus on multidisciplinary approaches to cybersecurity. The program brought together 57 freshmen -- from the computer science, engineering, and business majors -- to analyze problems and discuss solutions in cybersecurity.

"Things will change, it’s a field where you need to learn all the time," Cukier said. "We want to teach students that they need to keep their eyes open to get the most global picture to solve the problem."

Cybersecurity experts, who gathered at the Atlantic Council’s first Cyber RiskWednesday recently in Washington, continue to warn that a substantial cybersecurity attack may occur in the U.S. at any time. The same experts also believe the government and the private sector are woefully underprepared to deal with a major attack.

Larry Castro, managing director of The Chertoff Group, said at the Atlantic Council’s panel that the government lacks the ability to efficiently prepare for or recover from a major  cyberattack.

"Our country quite frankly does not have a governance structure that allows us to begin to either prepare for, or recover from, in some other than very chaotic way from a massive cyber outage," Castro said.

Although a cyberattack leaving the U.S. without power for an extended period of time may not be realistic, cybersecurity experts believe an attack could compromise the networks of an entire industry, according to Jason Healey, director of the Cyber Statecraft Initiative at the Atlantic Council.

Similar to how the risk management decisions of companies like Lehman Brothers affected companies that did not have a key role in the sub-prime mortgage crisis, the interconnectedness of information technology can leave entire industries vulnerable to the fallout of a successful cyberattack on just one company.

"There is a widespread understanding that this is an unmet need and universities are a good vehicle to bridge that gap," said Steven Weber of Drexel University’s Department of Electrical and Computer Engineering in Philadelphia.