Let's face it. It seems like our cyber security is pretty horrible.
We re-use simple passwords. We download apps and click on links we probably shouldn’t. Our bank sends us a new credit card when someone makes a fraudulent transaction with our number. In fact, CSOonline, which provides security information to corporate security professionals, estimates $6 trillion in losses to cyber crime by 2021.
As bad as that seems, cyber hackers are now moving beyond credit cards and other personal information to target the computers controlling the world around us.
In December of 2015 a group of Russian hackers known as the “Sandworm Team” caused a power outage in several rural areas of Ukraine. A year later the same group used a more sophisticated attack to knock out power to a fifth of Kiev, Ukraine’s capital. The Department of Homeland Security acknowledged that this same group had successfully infiltrated many industrial facilities within the United States.
“We call these specialized computers ‘cyber-physical systems’” says Sean McBride, who Idaho State University hired to train students to defend against emerging threats, “because the computers are controlling the real, physical world -- things like power plants, manufacturing facilities, and water treatment.”
McBride is a world-renowned cyber threat analyst who joined ISU from leading cyber security firm FireEye, where he developed the company’s strategy for protecting these critical systems. FireEye is well known for investigating attacks against Global Fortune 2000 firms such as JP Morgan Chase, Sony Pictures, Target, and many other high-profile breaches.
“Just like your parents didn’t grow up with cell phones, these industrial facilities didn’t grow up in a connected world,” explains McBride, “Just like you have to teach your parents how to use their phone, you have to teach these facilities how to connect up securely -- or the consequences could be very damaging.”
Workforce studies predict impressive demand for cyber security professionals. According to a recent Forbes article, there will be 1.5 million unfilled cyber security positions globally by 2019. A growing number of these openings deal with cyber-physical systems.
“I’ve been watching job postings for 8 years,” relates McBride “and have never seen this level of interest. Just recently Disneyland and Post Cereals advertised openings, in addition to the government contractors you might expect. They don’t want their rides getting hacked or their cereal getting burned.”
ISU’s new cyber physical security program seeks to help meet this demand.
“We are the first technical school in the country to offer a cyber physical systems security degree program,” claims McBride, “We take students through the fundamentals of operating systems, virtualization, programming and databases, then teach them about AC and DC circuits, show them how to program PLCs, have them assess risks, and apply strategies to defend operational systems against intentional attacks.”
Students can expect to gain an edge over the competition because the program features more than 80 hands-on laboratory exercises, dedicated laboratory space, and top-of-the-line cyber security equipment. Experienced instructors from the FBI and the Informatics Research Institute guide the students through the program.
ESTEC -- the college department that houses the new program -- already enjoys a stellar reputation with industrial employers ranging from Simplot and INL to Orbital ATK and Las Vegas Valley Water District.
“I took this job because our country has a real need, and ESTEC is perfectly positioned to meet it”, remarked McBride. College of Technology alumni, working industry professionals, and high school graduates are welcome to apply.
To kickstart this program, ESTEC has partnered with ISU Continuing Education and Workforce Training to host a Cyber Physical Security Open House on January 24th from 8:30 a.m to noon on the ISU campus for regional government and industrial leaders, faculty, alumni, and students. It will be a great opportunity to tour the ESTEC facilities, meet the faculty, and discuss customized cyber physical security training. Free breakfast will be provided.
For those interested in attending, register at cetrain.isu.edu/cyber-security or call (208) 282-3372 for more information.