To many, the threat to cybersecurity brings to mind a computer system breach, but it’s more than that.
According to Thaier Hayajneh, Ph.D., associate professor of computer science, modern-day algorithms have made it next to impossible to hack into computers, so most hacks today result from social engineering geared toward convincing unwitting users to give away their passwords. That is one reason the field is moving toward interdisciplinary expansion.
“Eighty percent of cybersecurity experts in the market right now come from fields as varied as management, business, law, or music, and they just jumped into cybersecurity,” he said. “This is something the National Security Agency and the Department of Homeland Security are pushing toward, because right now, we don’t have enough experts.”
Hayajneh, the new director of Fordham’s Center for Cybersecurity and MS Programs in Cybersecurity and Data Analytics, is spearheading several initiatives to help fill that gap. Last year, Fordham was designated a National Center of Academic Excellence in Cyber Defense Education by the National Security Agency and the Department of Homeland Security. The designation came in part because the University is home to a wealth of cybersecurity experts in interdisciplinary fields—within the computer science department, in the Gabelli School of Business’ Center for Digital Transformation, and in Fordham Law’s Center on Law and Information Policy.
Hayajneh hopes to leverage all of that expertise toward education, research, and outreach. In addition to a Master’s Program in Cybersecurity, the department plans to offer an undergraduate cybersecurity major and minor. Professional certificates, which can be earned through five courses, are also in the works.
To further broaden its reach, the center is also pursuing grants, such as the National Science Foundation Scholarship for Service grants, which cover full tuition and a stipend for students who commit to work for the Federal government upon graduation.
To illustrate cybersecurity’s interdisciplinary needs, Hayajneh pointed out that trying to predict terrorism by analyzing web sites requires experts in psychology and data analytics.
“If I give you a website, it would take you 10 to 15 minutes to look at it and determine whether the authors have bad intentions. But we are looking at hundreds of thousands, maybe millions of websites,” Hayajneh said.
“You can’t do this manually. Federal agents don’t have an automated technique to do it, so we are working with data analytics to develop techniques that can make this a more efficient process.”
Hayajneh’s own background lies in applied cryptography, cryptocurrency, blockchain, and authentication protocols for wireless networks. His current research is on algorithms used to secure devices such as pacemakers and insulin pumps. Security is paramount for them, he said, but so is efficiency and energy consumption.
Being wary of Barbie
The “Internet of Things,” as such devices have come to be known, is also of interest to Hayajneh’s students, he said. Refrigerators, baby monitors, and even Bluetooth-enabled Barbie dolls are vulnerable to a determined hacker if a person’s cable router is not secure. As with medical devices, there is a tradeoff—manufacturers can either install the strongest possible security protocols in their products or they can sell them cheaply, but they can’t do both.
“The Barbie is connected via Bluetooth to a web app, and the [dolls]can easily be hacked. They have a camera. They have a mic. So hacking them means that you can listen to everything in the house, and view everything in the vicinity of the camera,” he said.
Century-old technologies can also be pressed into service by unscrupulous actors, he said. One of Hayajneh’s students participated in a “white hat” exercise, where he called an unsuspecting worker and pretended to be a member of the IT department. Since the call showed up on caller ID as “IT,” and the student knew some basic technical information about the worker’s computer, the worker clicked on a web link that the student had e-mailed to him.
“He did it in real time in front of us, and then said ‘You know what, I’m going run to the restroom. You can do what you have to,’” said Hayajneh.
“My student had full access to his machine.”
Because psychology is so integral to tackling the problem, the center is reaching out to local schools, and undertook a recent collaboration with Lehman High School. Members of the center have also conducted awareness sessions and provided cybersecurity modules to community colleges for use in their curriculum.
Education is more important than ever, he said, because even though security algorithms are stronger than ever, people are using technology more widely than ever.
“Invasion of privacy is going to happen with more extensive use. Adults don’t care much that their coffee machine is connected through their other things to their router. That’s what’s really scary,” he said.
“I’m not worried about large institutions, because they invest in education. I’m worried about people who are just enjoying technology, and don’t understand the consequences of the privacy theft that could happen.”