Not so long ago, a strong password felt mighty enough to keep you safe and your computer data private. But we now live amid heightened risks in malware, phishing, spearphishing and denial-of-service attacks. Even scarier, it is possible for computer terrorists to wreak global havoc by commandeering your personal computer - yes, your own computer - without you suspecting danger until it's way too late.
Sound frightening? It can be. But in this game, the good guys have critical skills, too.
The fall 2021 CyberCops program - funded by $250,000 grant from the U.S. Navy's Office of Naval Research and sponsored by the University of Houston with cooperation of the University of Houston-Downtown and Texas Southern University - will introduce the critical field of cybersecurity to students recruited from the three participating universities' ROTC (Reserve Officer Training Corps) programs.
In recent headlines, accusations of cyber aggression by unfriendly foreign powers reveal how high the stakes are.
"The Department of Defense is interested in artificial intelligence and machine learning, and how those fields intersect with the needs of defense. They want students who plan on taking up careers in defense to have that kind of training and background," said Rakesh Verma, computer science professor at the UH College of Natural Sciences and Mathematics. "Because these are ROTC students, the expectation is they will enter into a D.O.D. agency. But there are a lot of opportunities in the private sector, too, for people coming out with cybersecurity backgrounds."
In the CyberCops program, students will study how to protect data, networks and computers as they also learn another critical lesson: Always stay a step ahead.
"The students will gain expertise in the intersection of a number of fields, including data science, machine learning and cybersecurity. They will have a semester of classroom training then spend about 10 weeks in my lab on the University of Houston main campus. There, they will study models on statistics, machine learning, natural language processing and data mining," Verma said.
The term natural language processing refers to programming that "teaches" computers to understand not only the digital language of computers but also written and spoken words in various languages - English, Chinese, Russian and others.
Just how bad are the hackers, terrorists and just plain thieves who troll the internet? Don't underestimate them, Verma warns.
As an individual, you may be at risk of:
- Ransom demands - Your data is locked. "Your computer's been hacked, and all the data encrypted. Then you might receive a demand to pay a certain number of bitcoins to get it back," Verma said.
- Thieves - Your identity is stolen. "These are criminals whose goal is to make a lot of money quickly," Verma said. With special software, they enter the dark web where each set set of stolen credit card information sells for about $5, a Social Security number for around $10.
- Zombies - And we're totally serious here. In cybersecurity circles, a zombie is a computer that's under the control of an attacker. If a cyber terrorist commandeers your computer, all you can do is watch your screen helplessly while someone - on the other side of the world or maybe next door - swiftly moves through the internet with your identity, perhaps with the aim of infiltrating a commercial or government network, or conducting a denial-of-service attack
Risks are greater for government agencies and businesses. In early July, Microsoft announced discovery of the PrintNightmare hack and urged all Windows users to immediately install an update. The U.S. government and its allies later said the hackers were hired by China's government or its representatives.
Two months earlier, the Colonial Pipeline ransomware attack resulted in a five-day shutdown, fuel shortages in the Eastern U.S. and a ransom of $4.4 million. Eventually all but $2.1 million of the ransom was recovered.
Several companies have faced spearphishing, which targets one individual inside an organization. For example, by weaving in facts easily found on a company's website, attackers can craft an "urgent" email convincing enough for a trusted employee to move money.
Knowing how to fight the threat is not always easy, especially with deceptions, fake news and social engineering specifically designed to avoid detection. "You have to put yourself in the shoes of the attacker. Think like an attacker and find the weaknesses." Verma said.
For the six gifted students recruited for the new program, an exciting future may start with CyberCops training on the UH campus. And for your own data, security may someday depend on the critical lessons they learn there.