Cyber Security professor awarded $1.5 million from National Science Foundation | UTSA Today | UTSA

67

Consumers are drawn to these devices for their convenience, but cybercriminals have found ways to use this technology for nefarious purposes.

“These devices are attractive targets for attackers and state-sponsored actors who abuse them to gain access to critical networks due to a lack of basic security measures, access policy controls and patch management capabilities,” said Bou-Harb, director of The UTSA Cyber. Center for Security and Analytics, a university center focused on cybersecurity research, development, and training initiatives.

The first project, “Collaborative Research: CISE-MSI: Active and Passive Internet Measurements for Inferring IoT Malice at Scale,” began this month. The three-year, $500,000 grant is intended to support research efforts for minorities pursuing careers in cybersecurity.

Using data-driven methodologies, researchers will design and implement algorithms for IoT devices that use fingerprints and uncover their inherent security issues. Work will first begin on consumer devices, which are readily available, but will also include analysis of sensors deployed in critical infrastructure systems such as power grids and water systems. Researchers will develop mitigation tactics to improve internet security on IoT devices.

“We will tackle this project in two different ways. First, we will analyze IoT devices and report our findings from studying the equipment in our labs. We will then analyze network traffic from these devices to better understand their characteristics and remote security protocols,” said Bou-Harb, who specializes in this type of network traffic research.

After the research part of the project, the collaborating institutions will incorporate the knowledge they acquire into the classroom through virtual laboratories and workshops aimed at minority students.

“We hope to impact this domain by expanding the training in the future to professionals in the field and other institutions, including community college students as well as high school students,” Bou-Harb said.

The second grant, “Implementing Cyber ​​Training for Collaborative Research: Intermediate Cross-Disciplinary Training for Joint Cyber-Physical Systems and IoT Security,” is a $1 million grant co-led by UTSA faculty members. Paul Radassociate professor, i Rita Mitraprofessor of practice in the UTSA Department of Information Systems and Cyber ​​Security.

Uniquely studying both cyber and physical attacks, the researchers will focus on the security of critical infrastructure in water systems related to water quality. The primary focus of this grant will be on advancing the cybersecurity and data science workforce, with a complementary research component.

“For this project, we’re not just looking at sensors, we’re looking at how these sensors and civil engineering infrastructure actually interact and what the safety implications of this type of interaction are,” Bou-Harb said. “Why is this important? Because usually security and physical control researchers conduct their research independently.”

The training objective for this project includes three components: virtual labs with simulation toolsets, curriculum development, and interdisciplinary workshops with private and public sector partners.

“Most wars today are not physical. It’s either economic or cyber wars,” Bou-Harb said. “By attacking critical infrastructure like the water system, you can paralyze the country. As an academic, we can address these developing problems before they become a reality. And while publishing is one of the results of this work, it is meaningless if it cannot be applied in society.”

Recognizing the security risks inherent in IoT devices, how can consumers protect themselves and their families?

“Don’t blindly adopt technology,” Bou-Harb said. “Understand the security implications of bringing a new device into your home because all devices are vulnerable to exploitation. And choose only the products you really need.”

Comments are closed.