EWU is training the next generation of cybersecurity experts and helping local governments defend themselves from attacks | Scholastic Fantastic | Spokane | The Pacific Northwest Inlander
Last year, students at Eastern Washington University those in charge of monitoring Spokane Valley’s municipal computer networks noticed something unusual: repeated pings from Russian IP addresses.
Stu Steiner, an assistant professor of computer science at Eastern Washington University, says hackers were probably trying to find access to the system through the back door so they could install ransom software and steal data. As soon as they realized what was happening, the students took action.
“It simply came to our notice then I should not it came from Russia and then immediately increased the tickets of the assistance service, “says Steiner.
After seeing these entries, the city authorities were able to quickly blacklist Russian IP addresses, permanently blocking their access to the servers.
Students were monitoring the network as part of the Public Infrastructure Security Cyber Education Systems, or PISCES project. The Washington state program combines cybersecurity students with small public sector organizations, which often lack the computer resources to monitor and detect threats. It is an association that benefits everyone (except hackers). Small municipalities get free tracking of students from their computer networks, while students gain real-world experience analyzing large amounts of data without being held accountable if something goes wrong.
Steiner says the threat of cyberattacks has increased dramatically in recent years. The Washington State Attorney General’s Office reported 150 ransomware attacks last year, more than the total number of ransomware attacks in the previous five years. combined. The total number could be higher, as organizations often hesitate to publicly report attacks because it could indicate their vulnerability to other hackers.
Steiner attributes the increasing severity of the threat to three main factors: increasingly smart hackers, improving tools, and a critical shortage of trained cybersecurity experts.
The demand for cybersecurity experts has grown rapidly, but the workforce is struggling to catch up. There are more than 600,000 cybersecurity sites open across the country, and the Biden administration has said filling them is a national security priority.
Steiner hopes the rapid growth of the East Washington University Center for Network Computing and Cybersecurity can help address the sector’s labor shortage. The program began hosting students four years ago in the school’s computer and electrical engineering department. The program had only four graduates in its first year, but Steiner says he expects to graduate 61 this year.
In November, EWU obtained a designation of the National Security Agency as the National Center for Academic Excellence in Cyber Defense. Eastern was the first school on the east side of the state to get the designation, and Steiner hopes it will help consolidate the school’s status as a regional center for cyber defense. Steiner says the center expects to hire six to eight full-time professors in the next four to five years and plans to offer a master’s program in cybersecurity soon.
The program currently offers a cyber defense title. Starting in the fall, the program will also offer a degree in cyber operations. While cyber defense Professionals often focus on strengthening an organization’s systems and implementing tools to defend against potential attacks, cyber operations professionals focus on the other side of the equation: attacking.
Steiner says older students with families tend to be more attracted to the cybersecurity defense side, while younger students are more attracted to attack.
“It’s more exciting to attack,” says Steiner, “because you can see that you’ve suddenly taken over this machine or compromised that network. And now you can do whatever you want.”
Steiner points out that when his students do attacking a system is always in an ethical way. It is known as a penetration test. Basically, an organization accepts that attackers try to hack their systems and find places to exploit or weaknesses. Once these vulnerabilities have been identified, cyber defense professionals can intervene and try to fix the holes in the system.
Most ransomware attacks make them criminals who hope to steal data and keep it for a ransom. When an organization is the victim of a ransomware attack, it usually has two options: pay hackers or go through the intensive process of rebuilding its systems from scratch and wait for the data to recover.
Steiner says it’s an old dilemma in the world of cybersecurity. In general, private companies will choose to pay, while public sector organizations, with less desire to negotiate with criminals, usually choose the latter option.
It’s a difficult place to be, and no choice is ideal. But Steiner hopes the work his students are doing at Eastern will help ensure that fewer organizations have to make that choice in the first place. ♦