Program to Create Next-Generation Computer Security Experts
Source Newsroom: Mississippi State University
Newswise — Mississippi State's emergence as a leader in the field of computer security research promises to strengthen national defense and improve law enforcement while creating a new generation of experts skilled in the methods of detecting, dissecting and deflecting the growing menace of cyberspace crime.
"We're here to help people and grow a national capability in training computer security engineers," said Ray Vaughn, associate professor of computer science and engineering, and director of MSU's Center for Computer Security Research.
A retired Army colonel who once directed communications and computer systems for the Pentagon, Vaughn joined the MSU faculty in 1997 and led the university to National Security Agency certification in 1998 as one of only 26 initial Centers of Academic Excellence in Information Assurance Education in the nation.
"We're often cited as one of the top computer security research centers in the United States," said the Hattiesburg native, noting there currently are some 50 college-based programs nationwide with the NSA's official certification. "We have efforts under way to make that known to the new U.S. Department of Homeland Security."
He said faculty members from various academic disciplines utilize MSU's high-performance computer capabilities to prepare future computer security engineers for careers in government and private industry. Students at the 3-year-old center train in a 2-year-old computer lab containing some $200,000 worth of the latest equipment.
"We have a wonderful, dedicated computer security lab where these kids can crack passwords, sniff networks and learn how to defend against attacks on computer systems," said Vaughn, whose department is a part of the Bagley College of Engineering.
The new breed of specialists deal with a wide variety of cyberspace security issues such as the protection of critical U.S. infrastructures from Internet attacks, ballistic missile defense, industrial espionage, and computer hacking. Other critical areas include: medical records confidentiality, integrity of banking transactions, attacks on computer systems by overload and information-hiding techniques used by terrorists.
A unique computer forensics course taught by Dave Dampier, one of Vaughn's department colleagues, focuses both on investigative techniques for exposing computer-related crimes and the tracking of their perpetrators through retrieval and analysis of electronic evidence. Dampier initiated the popular course this past spring.
"There's been a computer security problem ever since there's been a computer," said Vaughn, whose Kansas State University doctorate in computer science includes an emphasis in computer security. "You tell me what isn't digitized today, from your medical records to your driver's license information? Computers are inherently insecure, and there's a growing shortage of computer security people.
"We're making a difference," he added. "We're putting kids into key positions, we're working with private industry and the government is investing heavily in us."
Over the past five years, Vaughn and department colleague Susan Bridges—an authority on the application of artificial intelligence to computer security problems—have secured nearly $5 million in government and private industry grants.
"We use artificial intelligence to detect activities by unauthorized intruders in computer systems," explained Bridges, an Elkins, Ark., native who holds a doctorate in computer science from the University of Alabama in Huntsville. "We model the typical behavior of activity to detect deviations from normal behavior. This abnormal behavior is considered to be suspicious and is reported to the system administrator."
Grants since 1998 have included nearly $3 million for the MSU center's Cybercorps Scholarship Program. Support comes from two separate areas: the Scholarship for Service program funded by the Federal Cyber Service Training and Education Initiative and the Department of Defense's Information Assurance Scholarship Program.
This fall, more than 20 students will benefit from full scholarships paying nine-month salaries ranging from $8,000 to $15,000, plus free tuition and supplies, all fees and, in some cases, housing assistance. Summer internships also provide extra money and practical training.
"It's a one-for-one payback," Vaughn said. "The government pays their way through school and they owe one year of federal service for each year of schooling. The scholarships are worth a minimum of $50,000 over two years for a graduate student, but what's really important is that when they graduate, they have a career waiting for them."
He said the government also provides collaborative grants that enable the MSU center's eight-10 faculty members to work with a variety of historically black and other under-represented educational institutions in and outside of Mississippi.
At present, they are helping Jackson State University, Chicago's Illinois Institute of Technology and other schools establish certified computer security centers of their own. Additionally, unfunded computer security consultations are being provided to such higher education institutions as Dakota State in South Dakota, Maryland's Bowie State and New Mexico Tech. Plans are under way to host a 2004 spring workshop for about 35 students and faculty from these and other schools.
Meanwhile, Vaughn is collaborating with officials at Iowa State University and the University of Kansas to establish a national Center for Information Protection, which will involve academia, private industry and the government in a joint effort to solve computer security problems in the future.
He also is working with the Mississippi attorney general's office and representatives of the universities of Mississippi and Southern Mississippi to help develop a regional cyber-crime center to train state and local law enforcement officers.
"State and local police receive no training at all in this area," said Vaughn, a 1969 computer science and ROTC graduate of USM.
Pausing, Vaughn recalled his attendance at a Sept. 11, 2001, meeting in NSA's Washington headquarters. Upon learning of the two-pronged terrorist attacks, he and the other researchers were quickly evacuated from the location.
"As we stood in the parking lot at NSA trying to get on a bus to get out of there, we talked about how the world would never be the same," he said. "The work we do is fundamentally important to protect against that type of thing."