Department of Computer Science and Electrical Engineering
Inspiring Innovation
National Press Club Event: Rise to Dominance of Cybersecurity Challenges
National Press Club Event: Rise to Dominance of Cybersecurity Challenges
Join UMBC and industry and government experts for a panel on how cybersecurity touches our everyday lives and how journalists can engage a wide range of readers in cybersecurity news. This panel will touch on topics ranging from online commerce to national conversations about security leaks. It will also explore how to best prepare the next generation of cybersecurity leaders to effectively tackle the challenges we are facing.
Thursday, 7 December 2017, 4:00-6:00pm National Press Club, Washington, D.C.
Light refreshments will be served.
Tina Williams ’02, President, TCecure, LLC; Cybersecurity Academic Innovation Officer for University System of Maryland
Contact Candace Dodson-Reed at with questions.
talk: PKI in the Defense Information Systems Agency, 12-1 Fri 12/1, ITE228
UMBC Cyber Defense Lab
PKI in the Defense Information Systems Agency (DISA)
Phil Scheffler
Chief Engineer – Joint Enablers
ID2 – Cyber Development Directorate
Defense Information Systems Agency
12:00–1pm, Dec 1, 2017, ITE 228
As a combat support agency within the Department of Defense, DISA faces unlimited challenges with Public-Key Infrastructure (PKI). Chief Engineer Phil Scheffler will shed some light on DoD PKI at the Defense Information Systems Agency (DISA), and challenges deploying PKI across such a large enterprise.
Philip Scheffler is the Chief Engineer for the ID2 Joint Enablers Division in DISA’s Cyber Development Directorate. He joined DISA in 2010 as an NSA Information Assurance Scholar on the Public Key Enablement team. Over the past 7 years, Phil has been the technical lead for various PKI initiatives for the DoD. Mr. Scheffler has a B.A. in Economics from Brandeis University and a M.S in Computer Science from Boston University.
Host: Alan T. Sherman,
talk: An Introduction to Quantum Cryptography, Noon Friday 11/17, ITE231
The UMBC Cyber Defense Lab presents
An Introduction to Quantum Cryptography: Or, How Alice Outwits Eve
Sam Lomonaco, CSEE, UMBC
12:00–1:00pm, Friday, 17 November 2017, ITE 231, UMBC
Alice and Bob wish to communicate without the archvillainess Eve eavesdropping on their conversation. Alice decides to take two college courses, one in cryptography, the other in quantum mechanics. During the courses, she discovers she can use what she has learned to devise a cryptographic communication system that automatically detects whether or not Eve is up to her villainous eavesdropping. Some of the topics discussed are Heisenberg’s Uncertainty Principle, the Vernam cipher, the BB84 and B92 cryptographic protocols. The talk ends with a discussion of some of Eve’s possible eavesdropping strategies, i.e., opaque eavesdropping, translucent eavesdropping, and translucent eavesdropping with entanglement.
Samuel J. Lomonaco Jr. received his PhD in mathematics from Princeton University. He has been a full professor of computer science and electrical engineering at the University of Maryland, Baltimore County (UMBC) since 1985, serving as founding chair of the CS Department from 1985 to 1991. Representative Awards, Accomplishments, and Honors include: (1) He was a visiting key research scientist at the Mathematical Sciences Research Institute (MSRI) at the University of California at Berkley in 2004. (2) He was a senior LaGrange fellow at the Institute for Scientific Exchange in Torino, Italy in 2005. (3) For contributions made to the development of the programming language Ada, he received an award from the United States Under Secretary of Defense for Research and Engineering, Dr. Richard DeLauer. (4) He was the first to introduce quantum information science to the American Mathematical Society (AMS) by organizing and giving a two-day AMS short course on quantum computation at the Annual Meeting of the AMS in Washington, DC, in January 2000. (5) He published four books on quantum computation and information science. (6) He accepted an invitation to be a guest editor of the Journal of Quantum Information Processing for a special issue on topological quantum computation.
Host: Alan T. Sherman,
talk: A Practitioner’s Introduction to Deep Learning, 1pm Fri 11/17
ACM Tech Talk Series
A Practitioner’s Introduction to Deep Learning
Ashwin Kumar Ganesan, PhD student
1:00-2:00pm Friday, 17 November 2017, ITE325, UMBC
In recent years, Deep Neural Networks have been highly successful at performing a number of tasks in computer vision, natural language processing and artificial intelligence in general. The remarkable performance gains have led to universities and industries investing heavily in this space. This investment creates a thriving open source ecosystem of tools & libraries that aid the design of new architectures, algorithm research as well as data collection.
This talk (and hands-on session) introduce people to some of the basics of machine learning, neural networks and discusses some of the popular neural network architectures. We take a dive into one of the popular libraries, Tensorflow, and an associated abstraction library Keras.
To participate in the hands-on aspects of the workshop, bring a laptop computer with Python installed and install the following libraries using pip. For windows or (any other OS) consider doing an installation of anaconda that has all the necessary libraries.
numpy, scipy & scikit-learn
tensorflow / tensoflow-gpu (The first one is the GPU version)
matplotlib for visualizations (if necessary)
jupyter & ipython (We will use python2.7 in our experiments)
Contact Nisha Pillai (NPillai1 at umbc.edu) with any questions regarding this event.
talk: Winning NCCDC, and its practicality in the real world, 12pm 11/3, ITE231
The UMBC Cyber Defense Lab presents
Winning NCCDC, and its practicality in the real world
Bryan Vanek, CSEE, UMBC
12:00noon–1pm Friday, 3 November 2017, ITE 231
The National Collegiate Cyber Defense Competition (NCCDC) takes place every year and gives students an environment where they can develop understanding and operational competency in managing and protecting corporate network infrastructure and business information systems. Competitors participate as the blue team, and try to protect their machines from being infiltrated by the red team, while simultaneously keeping critical services up and running in order for a mock business to stay up and running. After an immense amount of preparation and strife, the UMBC Cyber Defense Team took home its first national title for the competition this year. But what exactly did the team do to prepare for this competition? What exactly happened at the different stages of the competition? And just how practical are these situations in the real world? One of the winning team members will be covering these questions in this week’s CDL, so we hope to see you there!
Bryan Vanek is a UMBC undergraduate computer science major and mathematics minor. In addition to being one of the winning team members for NCCDC, he is currently serving as the president for the UMBC Cyber Defense Team, and is a CWIT T-SITE scholar. He currently works at Interclypse Inc. as a security engineer and software developer, and has had multiple internships and jobs dealing with aspects of computer development and security. Most recently he has completed his second internship at the Department of Defense in the Summer Internship Program for Information Assurance. Upon graduation he will be returning to the DoD as a member of the Computer Network Operations development Program.
Host: Alan T. Sherman,
Open House: UMBC Graduate Cybersecurity and Data Science Programs, 6-7:30 Wed. 10/25
Open House: UMBC Graduate Professional Programs
The Fall Open House for UMBC Professional Programs, including the graduate programs on Cybersecurity and Data Science, takes place this coming Wednesday evening, 25 October 2017, at BWTECH South (map) from 6:00-7:30pm.
Students interested in pursuing such programs (MPS degrees and/or certificates) or just to learn more about the field are encouraged to register and attend. Current students interested in pursuing a BS/MPS option for selected programs (such as Cybersecurity or Data Science) are especially welcome.
Attendees who apply to start in Spring 18 will have their UMBC application fee waived.
Program directors for these programs will present in individual breakout sessions and relevant support staff from DPS, the UMBC Graduate School, Veterans Affairs, etc. will be on-hand to provide administrative overviews, answer questions, and mingle. Refreshments will be provided.
for more information, directions and to register, see here.
talk: Bill Fisher (NCCOE) on IoT Security @ USG 10/30 6-8PM
The UMBC Cybersecurity program at USG Speaker Series Presents
The Internet of Things (IoT) is the inevitable result of years of Moore’s law – compact, cheap, chip platforms that can take ordinarily house hold items and make them data generating and collection devices that users can manage with their smart phone, web browser or their favorite automation platform. Physical proximity is no longer needed for things like cameras, door locks or thermostats. Instead users remotely access all of these “things” while on the go, even sharing some of their favorite things with friends and family, who need not own the thing, but simply be granted access through a web portal or mobile application. Like many technology trends before it, the IoT has brought great innovation but also great security challenges. These challenges go beyond standards and technology to economic and market forces that hinder security best practices, even for some of the most basic cyber hygiene. Join Bill Fisher of the National Cybersecurity Center of Excellence for a presentation on these challenges and basic mitigations organizations can put into place to help alleviate the risk that the IoT devices pose to consumers and the enterprise.
Speaker Bio:
Bill Fisher is a security engineer at the National Cybersecurity Center of Excellence (NCCoE). In this role, he is responsible for leading a team of engineers that work collaboratively with industry partners to address cybersecurity business challenges facing the nation. He leads the center’s Attribute Based Access Control (ABAC) project, Mobile Application Single Sign On (SSO) for the Public Safety and First Responder Sector, and is part of the ITL Cybersecurity for IoT program. Prior to his work at the NCCoE, Mr. Fisher was a program security advisor for the System High Corporation in support of the Network Security Deployment division at the Department of Homeland Security. He holds a bachelor’s degree in business administration from American University and a master’s degree in cybersecurity from Johns Hopkins University.
Host: Dr. Behnam Shariati () and UMBC Graduate Cybersecurity Association at USG
talk: Keith Mayes on Attacks on Smart Cards, RFIDs and Embedded System
Attacks on Smart Cards, RFIDs and Embedded Systems
10-11:00am Tuesday, 10 October 2017, ITE 325, UMBC
Smart Cards and RFIDs exist with a range of capabilities and are used in their billions throughout the world. The simpler devices have poor security, however, for many years, high-end smart cards have successfully been used in a range of systems such as banking, passports, mobile communication, satellite TV etc. Fundamental to their success is a specialist design to offer remarkable resistance to a wide range of attacks, including physical, side-channel and fault. This talk describes a range of known attacks and the countermeasures that are employed to defeat them.
Prof. Keith Mayes is the Head of the School of Mathematics and Information Security at Royal Holloway University of London. He received his BSc (Hons) in Electronic Engineering in 1983 from the University of Bath, and his PhD degree in Digital Image Processing in 1987. He is an active researcher/author with 100+ publications in numerous conferences, books and journals. His interests include the design of secure protocols, communications architectures and security tokens as well as associated attacks/countermeasures. He is a Fellow of the Institution of Engineering and Technology, a Founder Associate Member of the Institute of Information Security Professionals, a Member of the Licensing Executives Society and a member of the editorial board of the Journal of Theoretical and Applied Electronic Commerce Research (JTAER).
talk: James R. Clapper, former US Director of Intelligence, 12-1pm Fri. Oct 6, 132 PAHB, UMBC
Lecture by James Clapper, former US Director of Intelligence, 12-1pm Fri. Oct. 6 at UMBC
James R. Clapper, former US Director of Intelligence, will give a public lecture on Friday, 6 October 2017 in the lecture hall (room 132) of the Performing Arts & Humanities Building at UMBC.
The Honorable James R. Clapper served as the fourth US Director of Intelligence from August 9, 2010 to January 20, 2017. In this position, Mr. Clapper led the United States Intelligence Community and served as the principal intelligence advisor to President Barack Obama.
Mr. Clapper retired in 1995 after a distinguished career in the U.S. Armed Forces. His career began in 1961 when he enlisted in the U.S. Marine Corps Reserve and culminated as a lieutenant general in the U.S. Air Force and Director of the Defense Intelligence Agency. His intelligence-related positions over his 32 years in uniform included Assistant Chief of Staff for Intelligence at Headquarters, US Air Force during Operations Desert Shield/Desert Storm, and Director of Intelligence for three combatant commands: US Forces, Korea; Pacific Command, and Strategic Air Command. He served two combat tours during the Southeast Asia conflict, and flew 73 combat support missions in EC-47’s over Laos and Cambodia.
Directly following his retirement, Mr. Clapper worked in industry for six years as an executive in three successive companies with the Intelligence Community as his business focus. He also served as a consultant and advisor to Congress and to the Departments of Defense and Energy, and as a member of a variety of government panels, boards, commissions, and advisory groups. He was a senior member of the Downing Assessment Task Force which investigated the Khobar Towers bombing in 1996, was vice chairman of a commission chaired by former Governor Jim Gilmore of Virginia on the subject of homeland security, and served on the NSA Advisory Board.
Mr. Clapper returned to the government two days after 9/11 as the first civilian director of the National Imagery and Mapping Agency (NIMA). He served in this capacity for almost five years, transforming it into the National Geospatial-Intelligence Agency (NGA) as it is today.
Prior to becoming the Director of National Intelligence, Mr. Clapper served for over the three years in two Administrations as the Under Secretary of Defense for Intelligence, where he served as the principal staff assistant and advisor to the Secretary and Deputy Secretary on intelligence, counterintelligence, and security matters for the Department. In this capacity, he was also dual-hatted as the Director of Defense Intelligence for the DNI.
Mr. Clapper earned a bachelor’s degree in government and politics from the University of Maryland, a master’s degree in political science from St. Mary’s University, San Antonio, Texas, and an honorary doctorate in strategic intelligence form the then Joint Military Intelligence College.
His awards include three National Intelligence Distinguished Service Medals, two Defense Distinguished Service Medals, the Air Force Distinguished Service Medal, the Coast Guard’s Distinguished Public Service Award, three Department of Defense Distinguished Civilian Service Awards, the Presidentially-conferred National Security Medal, and many other U.S. civilian and military, as well as foreign government awards and decorations.
He is married to the former Susan Terry, and they have two grown children and four grandchildren
Equifax breach is a reminder of society’s larger cybersecurity problems
The Equifax data breach was yet another cybersecurity incident involving the theft of significant personal data from a large company. Moreover, it is another reminder that the modern world depends on critical systems, networks and data repositories that are not as secure as they should be. And it signals that these data breaches will continue until society as a whole (industry, government and individual users) is able to objectively assess and improve cybersecurity procedures.
Although this specific incident is still under investigation, the fact that breaches like this have been happening – and getting bigger – for more than a decade provides cybersecurity researchers another opportunity to examine why these events keep happening. Unfortunately, there is plenty of responsibility for everyone.
Several major problems need to be addressed before people can live in a truly secure society: For example, companies must find and hire the right people to actually solve the overall problems and think innovatively rather than just fixing the day-to-day issues. Companies must be made to get serious about cybersecurity – at a time when many firms have financial incentives not to, also. Until then, major breaches will keep happening and may get even worse.
In part, cybersecurity incidents happen because of how companies – and governments – staff their cybersecurity operations. Often, they try to save money by outsourcing information technology management, including security. That means much of the insight and knowledge about how networks and computer systems work isn’t held by people who work for the company itself. In some cases, outsourcing such services might save money in the short term but also create a lack of institutional knowledge about how the company functions in the long term.
Generally speaking, key cybersecurity functions should be assigned to in-house staff, not outside contractors – and who those people are also matters a lot. In my experience, corporate recruiters often focus on identifying candidates by examining their formal education and training along with prior related work experience – automated resume scanning makes that quite easy. However, cybersecurity involves both technical skills and a fair amount of creative thinking that’s not easily found on resumes.
Moreover, the presence (or absence) of a specific college degree or industry certification alone is not necessarily the best indicator of who will be a talented cybersecurity professional. In the late 1990s, the best technical security expert on my team was fresh out of college with a degree in forest science – as a self-taught geek, he had not only the personal drive to constantly learn new things and network with others but also the necessary and often unconventional mindset needed to turn his cybersecurity hobby into a productive career. Without a doubt, there are many others like him also navigating successful careers in cybersecurity.
Certainly, people need technical skills to perform the basic functions of their jobs – such as promptly patching known vulnerabilities, changing default passwords on critical systems before starting to use them and regularly reviewing security procedures to ensure they’re strong and up to date. Knowing not to direct panicked victims of your security incident to a fraudulent site is helpful, too.
But to be most effective over the long term, workers need to understand more than specific products, services and techniques. After all, people who understand the context of cybersecurity – like communicating with the public, managing people and processes, and modeling threats and risks – can come from well beyond the computing disciplines.
Being ready for action
Without the right people offering guidance to government officials, corporate leaders and the public, a problem I call “cyber-complacency” can arise. This remains a danger even though cybersecurity has been a major national and corporate concern since the Clinton administration of the 1990s.
One element of this problem is the so-called “cyber insurance” market. Companies can purchase insurance policies to cover the costs of response to, and recovery from, security incidents like data breaches. Equifax’s policy, for example, is reportedly more than US$100 million; Sony Pictures Entertainment had in place a $60 million policy to help cover expenses after its 2014 breach.
This sort of business arrangement – simply transferring the financial risk from one company to another – doesn’t solve any underlying security problems. And since it leaves behind only the risk of some bad publicity, the company’s sense of urgency about proactively fixing problems might be reduced. In addition, it doesn’t address the harm to individual people – such as those whose entire financial histories Equifax stored – when security incidents happen.
Cybersecurity problems do not have to be just another risk people accept about using the internet. But these problems are not solved by another national plan or government program or public grumbling about following decades-old basic cybersecurity guidelines.
Rather, the technology industry must not cut corners when designing new products and administering systems: Effective security guidelines and practices – such as controlling access to shared resources and not making passwords impossible to change in our “internet of things” devices – must become fundamental parts of the product design process, too. And, cybersecurity professionals must use public venues and conferences to drive innovative thinking and action that can help fundamentally fix our persistent cybersecurity woes and not simply sell more products and services.
Therefore, it’s understandable that commercialism will arise – as both an opportunity and a risk. At present, when cybersecurity problems happen, many companies start offering purported solutions: One industry colleague called this the computer equivalent of “ambulance chasing.” For instance, less than 36 hours after the Equifax breach was made public, the company’s competitors and other firms increased their advertising of security and identity protection services. But those companies may not be secure themselves.
There are definitely some products and services – like identity theft monitoring – that, when properly implemented, can help provide consumers with reassurance when problems occur. But when companies discover that they can make more money selling to customers whose security is violated rather than spending money to keep data safe, they realize that it’s profitable to remain vulnerable.
With credit-reporting companies like Equifax, the problem is even more amplified. Consumers didn’t ask for their data to be vacuumed up, but they are faced with bearing the consequences and the costs now that the data have gotten loose. (And remember, the company has that insurance policy to limit its costs.)
Government regulators have an important role to play here. Companies like Equifax often lobby lawmakers to reduce or eliminate requirements for data security and other protections, seek to be exempted from liability from potential lawsuits if they minimally comply with the rules and may even try to trick consumers into giving up their rights to sue. Proper oversight would protect customers from these corporate harms.
Making a commitment
I’ve argued in the past that companies and government organizations that hold critical or sensitive information should be willing to spend money and staff time to ensure the security and integrity of their data and systems. If they fail, they are really the ones to blame for the incident – not the attackers.
A National Institute of Standards and Technology researcher exemplified this principle when he recently spoke up to admit that the complex password requirements he helped design years ago don’t actually improve security very much. Put another way, when the situation changes, or new facts emerge, we must be willing to change as necessary with them.
Many of these problems indeed are preventable. But that’s true only if the cybersecurity industry, and society as a whole, follows the lead of that NIST researcher. We all must take a realistic look at the state of cybersecurity, admit the mistakes that have happened and change our thinking for the better. Only then can anyone – much less everyone – take on the task of devoting time, money and personnel to making the necessary changes for meaningful security improvements. It will take a long time, and will require inconvenience and hard work. But it’s the only way forward.
This site uses functional cookies and external scripts to improve your experience.
Privacy settings
Privacy Settings and Information
This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. Your choices will not impact your visit.
Details
NOTE: Third-party Google scripts on this website may have access to cross-site third-party cookies under the google.com domain. We, the CSEE Department, do not access, read, or write these third-party cookies, and as a result, we do not control their presence on your browser. You may block them by using a third-party cookie blocker in your browser.
If you click Accept below to accept the general cookie consent, then a “wpgdprc-consent” cookie will be stored on your browser, to record your general consent.
If you click Accept below to accept the general cookie consent, and also have Google Analytics cookies enabled (on the sidebar to the left), the CSEE Department website will store and access Google Analytics cookies on your browser. We use the data from these cookies to collect information on website usage statistics and improve user experience. If you do not wish to allow Google Analytics cookies on your browser, then either do not click Accept on the bottom bar, or disable Google Analytics on the left.
If you log in to this website, then several Wordpress cookies and session variables will be stored on your browser. Accessing the login screen constitutes your consent to have Wordpress cookies and session variables stored on your computer.
External Scripts
The CSEE Department website makes use of several external scripts to improve user experience. These include, but are not necessarily limited to: Google Calendar, Google Analytics, and ReCAPTCHA. If you choose to use this website, then you agree to allow these scripts to be loaded and executed.
External Links
Our service may contain links to other sites. If you click on a third-party link, you will be directed to that site. Note that these external sites are not operated by us. Therefore, we strongly advise you to review the Privacy Policy of these websites. We have no control over, and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.
NOTE: These settings will only apply to the browser and device you are currently using.
