by Sally Logue Post
Texas Tech builds innovative interdisciplinary cybersecurity curriculum.
The first cybersecurity seminar was held during November 2012 and included Texas Tech faculty and graduate students, as well as representatives from other universities.
If it’s connected to a computer network, it’s vulnerable to attack. The nation’s critical infrastructure, its transportation systems, water and sewer plants, and electrical power grids and oil pipelines could be disrupted or destroyed by a cyberattack.
The threat of a cyberattack is so worrisome that U.S. Secretary of Defense Leon Panetta recently said the nation faces what he called a “cyber Pearl Harbor” event and warned the country must strengthen its cyber defenses. In a speech in October, Panetta pointed to a recent cyberattack on a Saudi Arabian energy firm in which 30,000 computers were shut down and called for new and stronger cybersecurity policies and laws.
While the federal government and agencies wrestle with not only how to defend, but to preempt cyberattacks, Texas Tech University researchers are looking not only at how best to defend our critical infrastructure, but also how to train the next generation of engineers, business leaders and lawyers who must deal with cyber issues.
With the support of a $300,000 National Science Foundation (NSF) grant, Texas Tech industrial engineering professor Joseph Urban and a number of colleagues are developing an interdisciplinary cybersecurity education program.
“Many of the current cybersecurity academic programs are housed in computer science or business,” said Urban. “We see a need for an interdisciplinary approach that allows engineering students to learn the legal and policy implications, and those outside the engineering fields to learn to speak that specific language.”
Urban is working with colleagues in industrial, electrical, mechanical and computer engineering, computer science, and mathematics, as well as from the Texas Tech School of Law and the university’s chief information officer.
“We will have a core of courses for all students,” Urban said. “But because students will be coming to the program from different disciplines and their cybersecurity concerns are based on their specific discipline, our program will give them an opportunity to further their coursework in their own focus area.”
“As the nation’s dependency on the internet increases, the job market is increasing for people who understand how to build and defend networks,” — Joseph Urban
The program is set up to reach a range of undergraduate and graduate students as well as working professionals. An undergraduate student has two options: earning a graduate certificate as part of their bachelor of science degree, or completing a 150-hour combined Bachelor and Master of Science degree. A separate master’s degree that includes a cybersecurity concentration also is available. For those already established in their career, or looking for a change of career, an online 12-hour cybersecurity certificate is available.
“As the nation’s dependency on the Internet increases, the job market is increasing for people who understand how to build and defend networks,” said Urban.
Joseph Urban is professor of industrial engineering in the Whitacre College of Engineering.
Vittal Rao is professor of electrical and computer engineering in the Whitacre College of Engineering.
Vickie Sutton is a Horn professor and Bean professor of law in the Texas Tech School of Law.
Building on Existing Programs
The cybersecurity education grant builds on a previous NSF grant. Vittal Rao, professor of electrical and computer engineering, and his colleagues have an NSF Major Research Instrumentation (MRI) grant in 2010 to build a real-time simulator for smart grid systems.
The U.S. power system is divided into three power grids, one servicing the East, a second serving the West, and a third dedicated to Texas called ERCOT (the Electric Reliability Council of Texas). ERCOT is responsible for the flow of electric power to 23 million Texas customers.
“In order to understand the behavior of the system, we must have a real-time simulator to mimic the actual system in the laboratory,” said Rao. “We are able to see how the system behaves based on what kind of sensors, or controls we use. We can also see what happens when someone tries to break into a sensor and what has to happen to stop the attack.”
Rao’s laboratory also is looking at the type of generators used on wind turbines to investigate the stability and power ratings of the generators that drive the turbines.
“In a cyberattack, we want to protect the power system,” Rao said. “The same is true when it comes to a potential natural disaster, a major hurricane such as Sandy. The principles are the same. If one part of the grid is damaged, we are looking to see if we can reconfigure the grid to redistribute the energy to other sections, so that if we have a performance degradation in one place, we can still take care of the whole system.”
While new courses will be created for the program, Urban and his colleagues will add cybersecurity components to existing course materials. Jordan Berg, professor of mechanical engineering and one of the senior personnel on the grant, is adding a piece to one of his courses that will introduce undergraduate students to the notion of networking.
“We are using our undergraduate lab to introduce networked controls and networked infrastructure,” he said. “It is the network that makes critical infrastructure vulnerable and our students need to see how that works.”
Berg and project graduate student Kalana Pothuvila are designing a small-scale pump station complete with pressure and flow-rate sensors and an adjustable valve to be part of a large-scale simulated network. “The object will be to control the rate of flow remotely, as one would in a gas, oil or water pipeline,” Berg said.
While the first stop is to introduce how networked systems are vulnerable, Berg and project co-principal investigator Qing Hui, assistant professor of mechanical engineering, are developing new courses that address risk management strategies and teach students to detect and counter intrusions that might deny or disrupt service.
While the engineering and computer science components of the grant address the equipment, Vickie Sutton’s area centers on law and policy.
Students in Rao's lab work with an earthquake simulation model to analyze grid reconfiguration possibilities after a natural disaster.
Secretary Panetta, in his October speech, emphasized the need to finalize rules of engagement in cyberspace and urged Congress to pass cybersecurity legislation. Sutton, a Horn professor and director of the Texas Tech School of Law Center for Biodefense, Law and Public Policy, said the legal profession is now dealing with questions it has not dealt with before.
“The big question is whether launching a cyberattack is consistent with international law,” she said. “The laws of war in the Geneva Convention prohibit a country from destroying the food supplies and water supplies and transportation of the citizens of another country. If a cyberattack shuts down the critical infrastructure of a country, that could interfere with food, water and medicine for civilians; that is prohibited.”
Sutton will team teach a course in cybersecurity law as part of the NSF grant with former law school dean Walt Huffman, a retired Judge Advocate General and the top military lawyer for the U.S. Army.
“The idea is to have a course in engineering that law students would take to give them the background and the language to work with engineering, and a course for engineers and computer scientists to take so they better understand the legal aspects of cybersecurity and how to talk to lawyers and policymakers,” Sutton explained.
She also is working to establish a cybersecurity law certificate in the School of Law. “Our laws need to change. So many of our laws were written with low-level hackers in mind, people who were not doing much more than committing vandalism,” she said. “Now hacking has reached levels where entire financial networks can be brought down, and the laws haven’t kept up with the capabilities of the hackers.”
Sutton sees numerous questions that the legal profession will play a key role in answering, including jurisdiction. “Who has control of the Internet? It was designed not to be in any one jurisdiction,” said Sutton. “It was intended to be a free and open information network. But now that so much of our communications and critical infrastructure are reliant on the Internet, it becomes difficult to determine who has jurisdiction over a cybercrime.”
Outreach and Collaboration
After reviewing existing curricula and federal guidelines, the team hopes to begin implementation of some cybersecurity elements into existing courses and developing outreach materials for K-12 schools.
In addition to formal class work, Urban has connected with Sam Segran, the university’s chief information officer in the Information Technology Division. Segran launched an educational campaign across the campus in 2004 to help students, faculty and staff better understand safe computing measures. The campaign also includes a Cybersecurity Awareness Week in October to coincide with a national cybersecurity campaign.
“We hope to take Sam’s model and adapt what we can for use in university courses. We’ll also use his approach as we reach out into the region to bring cybersecurity awareness to K-12 classes in public schools,” said Urban.
Another part of the outreach component of the grant is a series of seminars and workshops featuring industry and government representatives to highlight specific cybersecurity information and to fine-tune the emerging curriculum. The first seminar was held during November and brought together representatives from other universities, as well as the faculty members and graduate students working on the Texas Tech grant.
“We have also reached out to industry and government collaborators to form an external advisory committee to help us evaluate the curriculum and make sure it meets the nation’s needs,” Urban said.
Timeline and Progress
Urban and his colleagues are spending the 2012-2013 academic year reviewing existing curricula and reviewing federal guidelines. They hope to begin implementation of some cybersecurity elements into existing courses and developing outreach materials for K-12 schools. The 2013-2014 year will see the creation of certificate and degree program concentrations.
“Curriculum development in cybersecurity has been mostly centered in computing and information systems education, with limited collaboration with engineering disciplines,” Urban said. “Our interdisciplinary approach includes multiple engineering areas, as well as law, and hopefully, we can expand to other areas. We are building a foundation that can grow.”
About the Whitacre College of Engineering
The Whitacre College of Engineering was one of the original academic areas when Texas Tech opened in 1925.
Today approximately 4,300 undergraduate and 725 graduate students pursue bachelor’s, master’s and doctoral degrees offered through eight academic departments: civil and environmental, chemical, computer science, electrical and computer, engineering technology, industrial, mechanical and petroleum.
The college also offers two graduate certificate programs in petroleum and software engineering. View all degrees offered here.
Whitacre College of Engineering faculty, undergraduate and graduate students pursue basic and applied research that generate new knowledge and create technical solutions to society’s challenges, all in an environment that is committed to the individual student’s success. The college performs over $16 million in sponsored research each academic year. More about COE research.
About the School of Law
The Texas Tech School of Law is a leader among Texas law schools with a 16-year average pass rate of 90 percent on the State Bar Exam.
A small student body, a diverse faculty and a low student-faculty ratio (15.3:1) promotes learning and encourages interaction between students and professors.
The school offers a variety of dual-degree and certificate programs, as well as clinical programs in capital punishment, criminal defense, civil practice, health care and bioethics mediation, among others. The school also is home to the Center for Biodefense, Law, and Public Policy, the Center for Military Law and Policy, and the Center for Water Law and Policy.
Sally Logue Post is Director of Research and Academic Communications for the Office of the Vice President for Research at Texas Tech University.