Boise State University’s leaders in cybersecurity shared their work to improve cyber awareness and develop a ready-to-work cybersecurity workforce to fight cyber threats at the Annual Preparedness and Cybersecurity Conference, which occurred Oct. 11-13 in Boise. Ransomware attacks, malicious hacking and government-sponsored cyber attacks dominated discussion topics.
Ed Vasko, director of the Institute for Pervasive Cybersecurity (IPC) and member of the Division of Research and Economic Development at Boise State University, envisions Idaho as the future national hub for cybersecurity.
“So why Boise? All the elements — the business support, the support from Idaho Tech Council, the support from local government, from state government, the growing tech community that’s here, everything’s right,” Vasko said. “And then you sprinkle into that an innovative university like Boise State that is recognizing there’s a better way to do this and to engage with industry … help craft and adjust curricula, build platforms and create pathways for our students so that our industry partners know that they can come to us and accelerate their growth.”
Dependence upon computer networks and internet connectivity combined with the weakest link, human operation, enables criminals to access networks and cause catastrophic damage. Cybersecurity experts at the conference agreed that top priorities for disaster preparedness are cybercrime and cyber warfare, citing the ransomware attack which resulted in a six-day shutdown of gas and the jet fuel supply from the Colonial Pipeline to the southeastern U.S. in 2021.
Speakers from the Department of Homeland Security, the FBI and Cybersecurity and Infrastructure Security Agency (CISA) warned cyberattacks represent the future face of warfare, citing Russia’s cyberattacks accompanying their conventional military invasion of Ukraine in February.
Vasko raised the shortage of cybersecurity-trained workers to fill hundreds of thousands of unfilled job openings as a big challenge to achieving adequate nationwide cybersecurity. There are more than 760,000 cybersecurity jobs nationwide, over 6,700 in Idaho, unfilled according to Cyberseek.org.
“I can assure you that from an education standpoint we’re doing that at Boise State, University of Idaho, Idaho State, Lewis and Clark State, our community college partners,” Vasko said. “Getting ready to go onto the frontlines and be a part of the defense of the nation.”
For example, the IPC’s Cyberdome Initiative provides students with opportunities to develop real-world cybersecurity competency under faculty guidance while helping protect Idaho state organizations that may not have staff or budgetary resources to do so.
Sin Ming Loo, director of Cyber Operations and Resilience Program, professor of electrical and computer engineering at Boise State and joint appointment with the Idaho National Laboratory, has devoted his energy since 2019 developing and implementing an ambitious new cybersecurity curriculum he calls “Cyber for All” and Cyber Operations and Resilience (CORe) program.
The plan seeks to advance cybersecurity awareness and education broadly, while addressing workforce shortage. The CORe program provides multiple pathways to cybersecurity degrees and certifications, and multiple entry opportunities. Its inception was August 2021.
In Loo’s view, cybersecurity had long focused on the technical component such as engineering and computer science without adequate integration with the operational component, what he called “people, process and technology.”
The “people factor” Loo refers to is the need to require better cyber awareness from every person. Since 2004, Congress has recognized October as Cyberseurity Awareness Month. During October, Boise State reminds all staff and students to use strong passwords, multi-factor verification, protect against phishing attacks and they promote educational pathways to degrees and certification in cybersecurity.
Process means “training people to do things the right way” and to have rules with consequences if broken, said Loo. Technology refers to having hardware and software deployed to “prevent bad things from happening and also prevent people from doing unsafe things.”
Loo believes Boise State’s development of programs to focus on the operational side of cybersecurity, along with a wide range of educational pathways to enable essentially anyone with interest and desire to work in cybersecurity, all help to distinguish Boise State’s cybersecurity programs from other institutions.
Development of multiple pathways to cybersecurity degrees and certification accelerated at Boise State in 2019, when Loo was awarded $833,958 from the Idaho Workforce Development Council to design, build and implement an innovative online cyber-physical systems security certificate, accessible to anyone in Idaho.
Loo reasoned the CORe’s online format made programs accessible to everyone, provided flexibility and was completely self-sustained by its tuition costs. Most importantly, the program enabled a pathway from community college students with an Associate of Applied Science (AAS) to transfer all or most of their credits toward a bachelor’s degree in cybersecurity.
By December, Loo says 12 undergraduates and four graduate students will earn CORe BS/BAS, and CORe MS degrees, respectively.
Elizabeth Kahn earned her master’s degree in Cyber Operations and Resilience last summer. Khan exemplifies Loo’s plan to draw people from diverse backgrounds into the operational domain of cybersecurity. She started her consulting business specializing in governance risk and compliance (GRC) mostly for chemical companies before earning her bachelor’s degree from Boise State. She discovered the program just before it launched.
“I was like, oh gee you are literally feeding into, you know, equipping Idaho for the next generation of cybersecurity warriors,” Kahn said. “So I was very enamored and taken, compelled by this you know? What we were trying to do and the bigger picture I guess really spoke to me.”
Kahn intends to include cybersecurity consulting along with continuing her risk assessment/management consulting, excited to be part of an important and growing field.
Jyh-Haw Yeh, associate professor of computer science and program coordinator for the MS Cybersecurity program, works to recruit students at all levels into cybersecurity. He has devoted several summers increasing cyber awareness among local high school students and teachers with his NSA/NSF grant funded GenCyber summer camp program.
Recently, Boise State University gained the designation of National Center of Academic Excellence in Cyber Defense (through 2027), awarded by the National Security Agency (NSA).
“We need to recruit more students for the graduate programs,” Yeh said, referring to the masters and doctoral programs.
Cody Shepherd, recruited to the masters CORe program, works for Idaho Power as IT operations senior manager. He will graduate next spring. His path with Boise State exemplifies an active IT manager gaining education and training online while working, with a plan for further study, teaching, and a new niche. Loo asked him to teach a course on cyber resiliency as part of the CORe MS program.
“I’m part of the CORe and teaching in the CORe,” Shepherd said enthusiastically. “I’ll graduate next semester and I want to keep teaching.”
After a “break” teaching and working, he plans to pursue a doctorate in cybersecurity and thereafter envisions a professional niche setting up Zero Trust systems for business or institutions.
Zero Trust refers to trust verification and limits data access from threats without, but also from within by keeping computers and users inside a firewall and within networks constantly verifying user identity and confirming appropriate data access. Zero Trust may be the next innovative frontier for cybersecurity technology.
To tap potential interest from students unaware of the cybersecurity opportunities and to encourage collaboration and networking among the diverse members of the academic cybersecurity community, program leaders sought to revive Boise State’s cybersecurity club, C^4.
The pandemic hit just after the last club president graduated, and the club activities waned. Joe Capps, working on his bachelor’s degree at Boise State in information technology management, volunteered to preside over C^4, preventing its dissolution. Now a junior, Capps reported the club has about 60 members at different stages and in various disciplines online and on campus.
Loo acknowledged satisfaction at the success of the cybersecurity programs in such a short time. His multiple responsibilities keep him busy.
“The joke is I’m spread so thin you can see through me,” Loo said, but student success, helping with workforce shortfalls, and cybersecurity development and education are his priorities. “Wouldn’t it be cool if all BSU graduates have some level of cybersecurity awareness education, that all undergraduates learn cybersecurity?”
“It won’t happen tomorrow, but with a lot of time and effort and a lot of energy. We can establish Boise and Idaho as a real key hub, if not the hub for the nation,” Vasko said.