Department of Computer Science and Electrical Engineering
Inspiring Innovation
NSA highlights strong partnership with UMBC through Featured School campaign
NSA highlights strong partnership with UMBC in Featured School campaign
Over the past two decades, UMBC and the National Security Agency (NSA) have developed a strong relationship, which has led to research, internship, and career opportunities for faculty, students, and alumni. UMBC is the first institution to be highlighted in NSA’s Featured School Series, which launched on September 4.
“UMBC’s long-standing partnership with NSA has provided valuable experiences for our students, faculty, and alumni to pursue internships, careers, and collaborative research opportunities,” said President Freeman Hrabowski. “Through this work we are helping to address the need for well-trained cyber professionals by creating a network of talented people to protect the state, nation, and world.”
More than 1100 NSA employees are UMBC alumni, including Darniet Jennings ‘98, M.S. ‘99, Ph.D. ‘03, information systems management. Jennings continued his dissertation research when he took a job at NSA, where he developed a system to manage big data effectively, which was patented in 2010.
The opportunities at NSA include careers in a broad range of disciplines including cybersecurity, engineering, computer science, language, and biological and chemical sciences. Regina Hambleton ‘87, mathematics, has held a number of positions at NSA and is currently the Agency’s deputy director of Engagement and Policy. She began working at NSA while she was a student at UMBC, and participated in a program that allowed her to spend a semester at UMBC taking courses followed by a semester working at NSA.
The partnership between NSA and UMBC also helps prepare an increasing number of graduates for careers in cybersecurity-related fields, to protect the nation from cyber threats.
Charles Nicholas, professor of computer science and electrical engineering, is also highlighted in the Featured School Series campaign. He has spent two sabbaticals at NSA during his time at UMBC, and has mentored students who completed NSA internships, in addition to students who went on to pursue careers at NSA. Nicholas is interested in the intersection of cybersecurity and data science, and the tools that are used to compare malware specimens.
“There are so many opportunities in the intelligence community, including at NSA,” Nicholas says. “It is important for students interested in those careers to develop technical ability, as well as critical and creative thinking, and I enjoy the chance to help them grow those skills.”
For more information about the partnership, and a few UMBC alumni who work at NSA, visit the UMBC page on the NSA website.
Adapted from a UMBC News article by Megan Hanks. Banner image by Marlayna Demond for UMBC.
Weaponized information seeks a new target in cyberspace: Users’ minds
The Russian attacks on the 2016 U.S. presidential election and the country’s continuing election-related hacking have happened across all three dimensions of cyberspace – physical, informational and cognitive. The first two are well-known: For years, hackers have exploited hardware and software flaws to gain unauthorized access to computers and networks – and stolen information they’ve found. The third dimension, however, is a newer target – and a more concerning one.
Some observers suggest that using internet tools for espionage and as fuel for disinformation campaigns is a new form of “hybrid warfare.” Their idea is that the lines are blurring between the traditional kinetic warfare of bombs, missiles and guns, and the unconventional, stealthy warfare long practiced against foreigners’ “hearts and minds” by intelligence and special forces capabilities.
However, I believe this isn’t a new form of war at all: Rather, it is the same old strategies taking advantage of the latest available technologies. Just as online marketing companies use sponsored content and search engine manipulation to distribute biased information to the public, governments are using internet-based tools to pursue their agendas. In other words, they’re hacking a different kind of system through social engineering on a grand scale.
More than 2,400 years ago, the Chinese military strategist and philosopher Sun Tzu made it an axiom of war that it’s best to “subdue the enemy without fighting.” Using information – or disinformation, or propaganda – as a weapon can be one way to destabilize a population and disable the target country. In 1984 a former KGB agent who defected to the West discussed this as a long-term process and more or less predicted what’s happening in the U.S. now.
The Russians created false social media accounts to simulate political activists – such as @TEN_GOP, which purported to be associated with the Tennessee Republican Party. Just that one account attracted more than 100,000 followers. The goal was to distribute propaganda, such as captioned photos, posters or short animated graphics, purposely designed to enrage and engage these accounts’ followers. Those people would then pass the information along through their own personal social networks.
Starting from seeds planted by Russian fakers, including some who claimed to be U.S. citizens, those ideas grew and flourished through amplification by real people. Unfortunately, whether originating from Russia or elsewhere, fake information and conspiracy theories can form the basis for discussion at major partisan media outlets.
As ideas with niche online beginnings moved into the traditional mass media landscape, they serve to keep controversies alive by sustaining divisive arguments on both sides. For instance, one Russian troll factory had its online personas host rallies both for and against each of the major candidates in the 2016 presidential election. Though the rallies never took place, the online buzz about them helped inflame divisions in society.
The trolls also set up Twitter accounts purportedly representing local news organizations – including defunct ones – to take advantage of Americans’ greater trust of local news sources than national ones. These accounts operated for several years – one for the Chicago Daily News, closed since 1978, was created in May 2014 and collected 20,000 followers – passing along legitimate local news stories, likely seeking to win followers’ trust ahead of future disinformation campaigns. Shut down before they could fulfill that end, these accounts cleverly aimed to exploit the fact that many Americans’ political views cloud their ability to separate fact from opinion in the news.
These sorts of activities are functions of traditional espionage: Foment discord and then sit back while the target population becomes distracted arguing among themselves.
Fighting digital disinformation is hard
Analyzing, let alone countering, this type of provocative behavior can be difficult. Russia isn’t alone, either: The U.S. tries to influence foreign audiences and global opinions, including through Voice of America online and radio services and intelligence services’ activities. And it’s not just governments that get involved. Companies, advocacy groups and others also can conduct disinformation campaigns.
Unfortunately, laws and regulations are ineffective remedies. Further, social media companies have been fairly slow to respond to this phenomenon. Twitter reportedly suspended more than 70 million fake accounts earlier this summer. That included nearly 50 social media accounts like the fake Chicago Daily News one.
The best protection against threats to the cognitive dimension of cyberspace depends on users’ own actions and knowledge. Objectively educated, rational citizens should serve as the foundation of a strong democratic society. But that defense fails if people don’t have the skills – or worse, don’t use them – to think critically about what they’re seeing and examine claims of fact before accepting them as true.
These efforts are a good start, but the real solution will begin when people start realizing they’re being subjected to this sort of cognitive attack and that it’s not all just a hoax.
UMBC’s Sherman receives $5.4m in funding for cybersecurity research and scholarships
UMBC receives $5.4m in funding for new cybersecurity projects
NSF and NSA Fund Three Cybersecurity Projects by Prof. Alan Sherman
Professor Alan Sherman and colleagues were recently awarded more than $5.4 million dollars in three new grants to support cybersecurity research and education at UMBC, including two from the National Science Foundation (NSF) and one from the National Security Agency (NSA). Dr. Sherman leads UMBC’s Center for Information Security and Assurance which was responsible for UMBC’s designation as a National Center of Academic Excellence in Cybersecurity Research and Education.
This summer, NSF funded Sherman’s second CyberCorps Scholarship for Service (SFS) grant (Richard Forno, CoPI) that will fund 34 cybersecurity scholars over five years and support research at UMBC and in the Cyber Defense Lab (CDL). The $5 million award supports scholarships for BS, MS, MPS, and PhD students to study cybersecurity through UMBC degree programs in computer science, computer engineering, cyber, or information systems. SFS scholars receive tuition, books, health benefits, professional expenses, and an annual stipend ($22,500 for undergraduates, $34,000 for graduate students). In return, each scholar must engage in a summer internship and work for government (federal, state, local, or tribal) for one year for each year of support. The program is highly competitive and many of the graduates now work for the NSA.
A novel aspect of UMBC’s SFS program is that it builds connections with two nearby community colleges—Montgomery College (MC) and Prince Georges Community College (PGCC). Each year, one student from each of these schools is selected for a scholarship. Upon graduation from community college, the student transfers to UMBC to complete their four-year degree. In doing so, UMBC taps into a significant pool of talent and increases the number of cybersecurity professionals who will enter government service. Each January, all SFS scholars from UMBC, MC, and PGCC engage in a one-week research study. Working collaboratively, they analyze a targeted aspect of the security of the UMBC computer system. The students enjoy the hands-on experience while helping to improve UMBC’s computer security. Students interested in applying for an SFS scholarship should consult the CISA SFS page and contact Professor Sherman. The next application deadline is November 15.
With $310,000 of support from NSF, Sherman and his CoPIs, Drs. Dhananjay Phatak and Linda Oliva, are developing educational Cybersecurity Assessment Tools (CATS) to measure student understanding of cybersecurity concepts. In particular, they are developing and validating two concept inventories: one for any first course in cybersecurity, and one for college graduates beginning a career in cybersecurity. These inventories will provide science-based criteria by which different approaches to cybersecurity education can be assessed (e.g., competition, gaming, hands-on exercises, and traditional classroom). This project is collaborative with the University of Illinois at Urbana-Champaign.
With $97,000 of support from NSA, Sherman is developing a virtual Protocol Analysis Lab that uses state-of-the-art tools to analyze cryptographic protocols for structural weaknesses. Protocols are the structured communications that take place when computers interact with each other, as for example happens when a browser visits a web page. Experience has shown that protocols are so complicated to analyze that there is tremendous value in studying them using formal methods. Sherman and his graduate students are making it easier to use existing tools including CPSA, Maude NPA, and Tamerin, applying them to analyze particular protocols, and developing associated educational materials.
2018 Maryland Cyber Challenge registration opens for student teams
2018 Maryland Cyber Challenge seeks student teams
The 2018 Maryland Cyber Challenge seeks teams willing to test a range of skills simulating real-word cyber scenarios. Teams will climb a ladder of challenges demonstrating an ability to work together, understand both simple and complex vulnerabilities, defensive operations and gamified offensive operations.
Registration is now open. An initial orientation session start the week of August 13 and qualification Round 1 will be September 8-9..
The finals will take place live at CyberMaryland 2018 in Baltimore on October 10. Prizes (TBA) will be presented LIVE by during a closing session at CyberMaryland.
Inexpensive sensors and information storage and processing have enabled the large-scale production of robots: autonomous systems capable of acting on the world. These systems represent an enormous technological and economic opportunity that will change society in countless and unpredictable ways. They will also bring new policy challenges. This presentation examines the missions the government will need to undertake to address the challenges raised by this new technology, identifies critical gaps the government faces in carrying out these missions, and discusses institutional options to address these gaps.
Dr. Aaron Mannes is the Senior Policy Advisor at ISHPI Information Technologies, where he supports the Apex Data Analytics Engine (DA-E) at the Department of Homeland Security Science and Technology Directorate. In supporting DA-E, Dr. Mannes collaborates on big data projects that support the Homeland Security Enterprise and researches technology policy. He started at DHS as an American Association for the Advancement of Science Policy Fellow in September 2015. From 2004 to 2015, Dr. Mannes was a researcher at the University of Maryland Institute for Advanced Computer Studies (UMIACS) where he was the subject matter expert on terrorism and international affairs collaborating with a team of inter-disciplinary scientists to build computational tools to support decision-makers facing 21st century security and development problems. Dr. Mannes earned his Ph.D. at the University of Maryland’s School of Public Policy in 2014. His dissertation topic was the evolving national security role of the vice president.
Dr. Mannes is the author or co-author of four books on terrorism and has written scores of articles, papers, and book chapters on an array of topics including Middle East affairs, terrorism, technology, and other international security issues for popular and scholarly publications including Politico, Policy Review, The Wall Street Journal, Foreign Policy, The Journal of International Security Affairs, The Huffington Post, The National Interest, The Jerusalem Post, and The Guardian.
This research was conducted with the support of the Apex Data Analytics Engine in the Department of Homeland Security (DHS) Science and Technology Directorate (S&T). In no way should anything stated in this seminar be construed as representing the official position of DHS S&T or any other component of DHS. Opinions and findings expressed in this seminar, as well as any errors and omissions, are the responsibility of the presenter alone.
UMBC’s cybersecurity research partnership featured in WBAL-TV piece
Baltimore’s WBAL-TV ran a short news item on UMBC’s new partnership with Keio Research Institute (KRIS) in Japan, and Royal Holloway University of London (RHUL) in the UK to investigate the use of common system simulation tools for modeling critical national infrastructure. This partnership is part of a broader international collaboration, the International Cybersecurity Center of Excellence (INCS-COE). It will also involve Hitachi, an international operator in power systems, telecommunication, railways, and other core infrastructure areas.
Because cybersecurity attacks may not be limited to national borders, this collaboration argues that defense against such attacks should not be siloed either.
UMBC launches cybersecurity research collaboration with Japanese and UK partners
University leaders, including Karl V. Steiner, third from right, signed the three-nation agreement in a ceremony at the sixth International Cybersecurity Symposium in Japan. Photo courtesy of Karl V. Steiner
UMBC launches infrastructure-focused cybersecurity research collaboration with Japanese and UK partners
UMBC is one of three leading academic institutions collaborating on a new research initiative focused on cybersecurity for critical national infrastructures, including information technology, public transit, and financial services. University leaders signed the three-nation agreement in a ceremony at the sixth International Cybersecurity Symposium in Japan.
UMBC, Keio Research Institute (KRIS) in Japan, and Royal Holloway University of London (RHUL) in the UK will partner to investigate the use of common system simulation tools for modeling critical national infrastructure. This partnership is part of a broader international collaboration, the International Cybersecurity Center of Excellence (INCS-COE). It will also involve Hitachi, an international operator in power systems, telecommunication, railways, and other core infrastructure areas.
Because cybersecurity attacks may not be limited to national borders, this collaboration argues that defense against such attacks should not be siloed either.
“Cybersecurity can no longer be treated as a national issue,” emphasizes Karl V. Steiner, vice president for research at UMBC. “Long-term and productive international collaborations are needed to make significant progress.”
Jun Murai, professor of environment and information studies at Keio University, notes, “We look forward to working with our research colleagues in the UK and U.S. to help address the increasingly challenging cyber threats to the security of our respective critical national infrastructures.”
Working with a common toolset will enable mixed nationality teams to run simulations together. This will help cybersecurity experts learn how to more effectively address human factors, including cultural differences, in predicting how attacks and responses to those attacks might play out across different geographies.
“We are excited to participate in this new research collaboration with our colleagues in Japan and the UK to help us better understand and address some of the key cybersecurity challenges that our nations face from increasingly aggressive international adversaries,” says Anupam Joshi, director of UMBC’s Center for Cybersecurity.
The partners in this research see the modeling of system security as increasingly vital for industry and government, for both training purposes and vulnerability analysis.
“This initiative creates many future opportunities including, for example, the opportunity to address the impact on critical national infrastructure security of the exponential growth of the internet of things, and for potential exchanges of expert staff and students,” explains Keith Mayes, head of the Information Security Group (ISG) at Royal Holloway University.
Steiner shares Mayes’s excitement about expanding opportunities for both established and emerging researchers in this growing field. Thanks to leading academic programs in cybersecurity, the bwtech@UMBC Cyber Incubator, and UMBC’s internationally-known Center for Cybersecurity, he says, “UMBC is uniquely positioned in Maryland to become a major global force for research in cybersecurity.”
“This partnership,” says Steiner, “builds important connections to move this essential work forward.”
Adapted from a UMBC News article written by Megan Hanks. Photo by Marlayna Demond ’11 for UMBC.
UMBC Scholarship for Service Cybersecurity Spring Meeting, Fri 25 May 2018
UMBC SFS Cybersecurity Spring Meeting
Student Project Reports and
Cybersecurity from the view of NSA’s Cybersecurity Threat Operations Center
Dave Hogue, Technical Director of NSA’s Cybersecurity Threat Operations Center (NCTOC)
11am-3pm, Friday, 25 May 2018, ITE 456, UMBC
Open to the public
Scholarship for Service (SFS) students will present their cybersecurity research from spring 2018. Eight SFS students from Montgomery College (MC) and Prince George’s Community College (PGCC) will present their results solving IT security problems for their universities and county governments. In spring 2018, these students worked collaboratively in a special applied research course at their school to help their schools and county governments. In fall 2018, these students will transfer to UMBC to complete their four-year degrees. This activity is part of a pioneering program centered at UMBC to extend SFS scholarships to community college students. In January 2018, all SFS scholars at UMBC, PGCC, and MC worked collaboratively to analyze the security of UMBC’s WebAdmin system.
David Hogue will talk about cybersecurity from the view of NSA’s Cybersecurity Threat Operations Center, including the key threats, techniques, and challenges posed by the sophisticated threat actors that NCTOC is charged to defend against.
11:00am Introductions
Alan T. Sherman (UMBC)
Casey W. O’Brien (PGCC)
David Kuijt (MC)
11:30am-1:00pm Student Project Reports
PGCC students
MC students
UMBC – Mohammad Khan, UMBC parking system
UMBC – Enis Golaszewski, winter research study on UMBC’s WebAdmin
1:00pm-2:00pm Lunch
2:00pm-3:00pm Dave Hogue, Technical Director, NSA Cybersecurity Threat Operations Center (NCTOC)
Cybersecurity from the view of NSA’s Cybersecurity Threat Operations Center: Key threats, techniques, and challenges posed by the sophisticated threat actors that NCTOC is charged to defend against.
3:00pm Adjourn
Host: Alan T. Sherman,
Alan T. Sherman is a professor of computer science and Director of the UMBC Center for Information Security and Assurance (CISA), which center is responsible for UMBC’s designation as a National Center of Academic Excellence in Cyber Defense Education and Cyber Defense Research.
Casey W. O’Brien is Executive Director and Principal Investigator of the National CyberWatch Center, Prince George’s Community College.
David Kuijt is an associate professor at Montgomery College, Rockville.
Joe Roundy is the Cybersecurity Program Manager at Montgomery College, Germantown.
Support for this event is provided in part by the National Science Foundation under SFS Grant 1241576.
talk: Big Data, Security and Privacy, 11am Wed 5/16
Big Data, Security and Privacy
Prof. Bhavani Thuraisingham, University of Texas at Dallas
11:00-12:00 Wednesday, 16 May 2018, ITE 459, UMBC
The collection, storage, manipulation and retention of massive amounts of data have resulted in serious security and privacy considerations. Various regulations are being proposed to handle big data so that the privacy of the individuals is not violated. For example, even if personally identifiable information is removed from the data, when data is combined with other data, an individual can be identified. This is essentially the inference and aggregation problem that data security researchers have been exploring for the past four decades. This problem is exacerbated with the management of big data as different sources of data now exist that are related to various individuals.
While collecting massive amounts of data causes security and privacy concerns, big data analytics applications in cyber security is exploding. For example, an organization can outsource activities such as identity management, email filtering and intrusion detection to the cloud. This is because massive amounts of data are being collected for such applications and this data has to be analyzed. The question is, how can the developments in big data management and analytics techniques be used to solve security problems? These problems include malware detection, insider threat detection, and intrusion detection.
To address the challenges of big data security and privacy as well as big data analytics for cyber security applications, we organized a workshop sponsored by the National Science Foundation in September 2014 and presented the results in 2015 at an inter-agency workshop in Washington DC. Since then several developments have been reported on big data security and privacy as well as on big data analytics of cyber security. This presenting will summarize the findings of the workshop and discuss the developments and directions.
Dr. Bhavani Thuraisingham is the Louis A. Beecherl, Jr. Distinguished Professor in the Erik Jonsson School of Engineering and Computer Science at The University of Texas at Dallas (UTD) and the Executive Director of UTD’s Cyber Security Research and Education Institute since October 2004. She is also a Senior Research Fellow at Kings College, University of London (2015-2018) and a New America Cyber Security Policy Fellow (2017-2018). Her current research is on integrating cyber security and data science. Prior to joining UTD she worked at the MITRE Corporation for 16 years including a three-year stint as a Program Director at the NSF. She initiated the Data and Applications Security program at NSF and was a member of the Cyber Trust theme. While at MITRE she was a department head and was also a technical advisor to the DoD, the NSA, the CIA, and the IRS. Prior to that, she worked for the commercial industry for six years including at Honeywell, Inc. She is the recipient of numerous awards including the IEEE CS 1997 Technical Achievement Award, the IEEE ISI 2010 Research Leadership Award, ACM SIGSAC 2010 Outstanding Contributions Award, SDPS 2012 Transformative Achievement Gold Medal, 2013 IBM Faculty Award, ACM CODASPY 2017 Innovative and Lasting Research Contributions Award, IEEE CS Services Computing 2017 Research Innovation Award, and Dallas Business Journal 2017 Women in Technology Award. She is a 2003 Fellow of the IEEE and the AAAS and a 2005 Fellow of the British Computer Society. She has published over 120 journal articles, 250 conference papers, 15 books, has delivered over 130 keynote and featured addresses, and is the inventor of six US patents. She has chaired/co-chaired top tier conferences including the Women in Cyber Security (WiCyS) 2016, ACM CCS 2017, and is serving as the Program co-Chair for IEEE ICDM 2018. She also delivered a featured address at the Women in Data Science (WiDS) conference in 2018. She received her PhD at the University of Wales, Swansea, UK, and the earned higher doctorate (D. Eng) from the University of Bristol, England, UK for her published research in secure data management.
Senior Scientist Johns Hopkins University / Applied Physics Laboratory
12:00–1:00pm Friday, April 27, 2018, ITE 237, UMBC
In the newly coined Privacy Age, researchers are building systems with homomorphic algorithms that enable “never decrypt” operations on sensitive data in applications such as computational private information retrieval (cPIR). The trouble is, the leading algorithms incur significant computational and space challenges, relegating them mainly to large cloud computing platforms. We have invented a special-purpose, ring-homomorphic (aka, “fully homomorphic”) algorithm that, owing to some specializing assumptions, trades general-purpose cryptographic utility for linear performance in speed and space.
We will present the cryptosystem and discuss several current challenges. We will also throw in a fun, simple, tactile concept demonstration of PIR for those just generally curious about what all this is, hopefully demystifying how you can enable a server to search for something without knowing what it’s looking for, and without knowing what (if any) results it found.
Russ Fink (UMBC ’10) is a senior scientist at the Johns Hopkins University / Applied Physics Laboratory. His current research interests include private information retrieval, applied cryptography, and cyber security.
This site uses functional cookies and external scripts to improve your experience.
Privacy settings
Privacy Settings and Information
This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. Your choices will not impact your visit.
Details
NOTE: Third-party Google scripts on this website may have access to cross-site third-party cookies under the google.com domain. We, the CSEE Department, do not access, read, or write these third-party cookies, and as a result, we do not control their presence on your browser. You may block them by using a third-party cookie blocker in your browser.
If you click Accept below to accept the general cookie consent, then a “wpgdprc-consent” cookie will be stored on your browser, to record your general consent.
If you click Accept below to accept the general cookie consent, and also have Google Analytics cookies enabled (on the sidebar to the left), the CSEE Department website will store and access Google Analytics cookies on your browser. We use the data from these cookies to collect information on website usage statistics and improve user experience. If you do not wish to allow Google Analytics cookies on your browser, then either do not click Accept on the bottom bar, or disable Google Analytics on the left.
If you log in to this website, then several Wordpress cookies and session variables will be stored on your browser. Accessing the login screen constitutes your consent to have Wordpress cookies and session variables stored on your computer.
External Scripts
The CSEE Department website makes use of several external scripts to improve user experience. These include, but are not necessarily limited to: Google Calendar, Google Analytics, and ReCAPTCHA. If you choose to use this website, then you agree to allow these scripts to be loaded and executed.
External Links
Our service may contain links to other sites. If you click on a third-party link, you will be directed to that site. Note that these external sites are not operated by us. Therefore, we strongly advise you to review the Privacy Policy of these websites. We have no control over, and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.
NOTE: These settings will only apply to the browser and device you are currently using.
These efforts are a good start, but the real solution will begin when people start realizing they’re being subjected to this sort of cognitive attack and that it’s not 
