The National Cybersecurity Center of Excellence (NCCoE), part of the National Institute of Standards and Technology (NIST), hosted an Open House for Education and Workforce Development on October 15th. The NCCoE launched an internship program in June as part of the center’s commitment to address the critical national need for computer security professionals. Guest speaker Ari Schwartz, Senior Director for Cybersecurity, White House National Security Council, stated in his opening remarks that, “We are experiencing negative unemployment in the field of cybersecurity.” Meaning, there are more jobs available, especially on the managerial level, than there are qualified people to fill them.
The NCCoE internship program selected 10 students from the University System of Maryland to work as guest researchers for the 2014-2015 school year. Seven of the students are enrolled in programs at The Universities at Shady Grove (USG). Jeffrey Scheirer and Zach Rich are students in UMBC’s Professional Masters Cybersecurity program. Joseph Penda Ntonga is in UMUC’s Computer Networks and Security B.S. degree program and Dinh Phan, Samuel Zelaya, Stacey Curry and Sohail Sattari are in UMUC’s Cybersecurity B.S. degree program. The students were divided into three groups, each with a pre-selected field: Health IT, Financial Services and Industrial Control Systems. Each group was responsible to submit a new project within the field that combats a tangible real-world problem. The groups spent the last few months developing and testing a solution for the selected security challenges by working with vendors in the NCCoE labs. They presented their research at the Open House.
The Financial Services Group, consisted of Stacey Curry, Sohail Sattari, Jeffrey Scheirer, and Samuel Zelaya, presented on “Stepwise Construction and Testing of an E-Commerce System.” Their goal was to create a secure foundation for small businesses in order to keep their data safe. Jeff commented, “Although it is not a revolutionary idea, it is a good base for companies who do not have a security system in place. The defense side of IT security is always playing catch-up to the offense side of the IT world.” Stacey replied, “It is important to have a strong password, but it is more important to have a strong firewall. It is pretty easy to manipulate code to circumvent a password, but it is much harder to circumvent a secure firewall.”
Don Tobin, Senior Security Engineer, National Cybersecurity Center of Excellence, provided an example of combing strong passwords with a secure firewall, “Even though you lock your car, it won’t stop someone from breaking in, but it may deter them so that they move onto the next car. To lower your chances of a break-in even more, park your locked car in a locked garage. This really illustrates the concept of creating a strong password and combing it with a secure firewall.”
The Health IT group, consisted of Dinh Phan, Zach Rich and Joseph Penda Ntonga, presented on “Risk Analysis and Standards Mapping in Health IT Systems.” Joseph shared the inspiration for the project, “We found that physicians have a hard time performing risk analysis. We decided to create a template to help them simplify the process. We focused on the security for mobile devices and electronic health records.” Zach commented on the experience thus far, “I have really enjoyed developing my problem solving skills and providing a solution for this real-world cybersecurity issue.”
The third group focused on “Intrusion Detection in Industrial Control Systems” and included Ambika Agarwal, Zhi Xiang Lin, and Bhumbibhat Kerdsuwan from the University of Maryland, College Park. All three groups presented their research and conducted demonstrations. Don Tobin concluded, “Our goal is to give the students real-world experiences that can’t be learned in a classroom. They are creating real solutions that are mature enough to be adopted by technology companies.”
For information about the NCCoE, visit http://nccoe.nist.gov.
Click here for pictures of the event.