talk: CyMOT Cybersecurity Training for Operational Technology in Manufacturing, 12-1 Fri 3/18

The UMBC Cyber Defense Lab presents

CyMOT: Cybersecurity Training for
Operational Technology in Manufacturing

Nilanjan Banerjee, UMBC CSEE

12-1 pm Friday, 18 March 2022, via WebEx

The University of Maryland, Baltimore County (UMBC) and MxD Learn, the workforce arm of MxD, seeks to collaboratively build Phase I of CyMOT to address the need for cybersecurity for operational manufacturing technology (OT). Leveraging MxD Learn’s previous work identifying the skills and abilities needed in future manufacturing positions and the development and dissemination of training opportunities and career pathways, MxD Learn has partnered with UMBC, a leader in cybersecurity education, to create a curriculum that targets adult learners who are looking to increase their skills at the intersection of cybersecurity and manufacturing. The objective of the curriculum program is to provide current workers with learning opportunities that result in certification(s), giving them the tools necessary to execute careers in cybersecurity in manufacturing, and increasing the security of U.S. manufacturers from cyber attacks. This talk will describe the CyMOT Phase I pilot.

Dr. Nilanjan Banerjee is a professor of CSEE at UMBC. His area of expertise is in cybersecurity in manufacturing and physiological sensing.


Host: Alan T. Sherman, Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681. The UMBC Cyber Defense Lab meets biweekly Fridays 12-1 pm. All meetings are open to the public. Upcoming CDL Meetings: April 1, Kirellos Elsaad (UMBC); April 15, Edward Zieglar (NSA); April 29, Ian Blumenfeld (UMBC); May 13, Enka Blanchard (Digitrust Loria, France).

talk: Ted Selker on Voting Technology, 12-1, Fri 3/4

The UMBC Cyber Defense Lab presents

Voting Technology

Ted Selker

Research Professor
UMBC CSEE Department

12–1 ET Friday, 4 March 2022 via WebEx

Traditionally most votes are lost in registration, voting ballot design problems, and polling place operations, causing long lines and possibly mail-in ballot fraud. This talk will describe voting-process problems and technological problems, and some possible solutions for voting improvement. Voting disenfranchisement is much higher for people with perceptual, physical, and cognitive disabilities. More than 14% of registered voters are in danger of increased errors due to dyslexia, and more than 6.5% due to short-term memory problems. We will describe and demonstrate technologies we are making that help disabled people and improve voting universally as well.

Dr. Ted Selker is an entrepreneur inventor who also mentors innovation. Ted spent five years as director of Considerate Systems research at Carnegie Mellon University Silicon Valley and in developing the campus’s research mission. Prior to that, Ted spent ten years as an associate professor at the MIT Media Laboratory, where he created the Context Aware Computing group, co-directed the Caltech/MIT Voting Technology Project, and directed the Industrial Design Intelligence future for product design project. Prior to that, his successes at targeted product creation and enhancement at IBM earned him the role of IBM Fellow. Ted’s work birthed successful products ranging from notebook computers to operating systems. It accumulated numerous awards, patents, and papers and has often been featured in the press. Ted is co-recipient of the Computer Science Policy Leader Award for Scientific American 50, the American Association for People with Disabilities Thomas Paine Award for his work on voting technology, and the Telluride Tech Fest Award.

Host: Alan T. Sherman, Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681. The UMBC Cyber Defense Lab meets biweekly Fridays 12-1pm. All meetings are open to the public. Upcoming CDL Meetings: March 18, Nilanjan Banerjee (UMBC); April 1, Kirellos Elsaad (UMBC); April 15, Edward Zieglar (NSA); April 29, Ian Blumenfeld (UMBC); May 13, Enka Blanchard (Digitrust Loria, France)

Ukraine conflict brings cybersecurity risks to US homes, businesses

Regular Americans could find themselves targets of Russian cyberwarfare.

 

Ukraine conflict brings cybersecurity risks to US homes, businesses

Richard Forno, University of Maryland, Baltimore County


All cybersecurity is local, regardless of the world situation. That means it’s personal, too – in Americans’ homes, computers and online accounts. As violence spreads thousands of miles away from the U.S., my strong recommendation is that all Americans remain vigilant and check on their own cybersecurity.

While organizations reinforce their cybersecurity posture during this period of geopolitical tension, I also suggest people regularly ensure their computer, mobile devices and software are updated, double-check that all passwords are secure and all key accounts are protected by two-factor authentication. Beware that phishing attacks may increase, seeking to trick people into clicking links that grant attackers access to computer systems. These are a few simple steps that can help increase one’s cybersecurity preparedness both now and for the future.

Recent Russian-linked cyberattacks, including against energy pipelines, federal government services, and attacks on local governments, first responders, hospitals and private corporations, show the potential for Russian cyber warriors to put U.S. civilians at risk. All these entities should be more vigilant over the coming days.

In the days before Russia invaded Ukraine, a series of cyberattacks disrupted Ukrainian government and business websites – despite Ukraine’s cyberdefense teams’ being prepared to defend against them.

With many Americans working from home because of the pandemic, the U.S. is more vulnerable than it might have been otherwise: Home networks and computers are often less protected than those at an office – which makes them enticing targets.

Russian cyber capabilities, and threats from Russian President Vladimir Putin, mean that what might look like random technical glitches on personal computers, websites and home networks may not be accidental. They could be precursors to – or actual parts of – a larger cyberattack. Therefore, ongoing vigilance is more crucial than ever.

[Like what you’ve read? Want more? Sign up for The Conversation’s daily newsletter.]The Conversation

Richard Forno, Principal Lecturer, Cybersecurity and Assistant Director, UMBC Cybersecurity Center, University of Maryland, Baltimore County

This article is republished from The Conversation under a Creative Commons license. Read the original article.

talk: Users’ Preferences for Enhanced Misinformation Warnings on Twitter


The UMBC Cyber Defense Lab presents

Context, a Red Flag, or Both? Users’ Preferences for Enhanced Misinformation Warnings on Twitter

Prof. Filipo Sharevski
Adversarial Cybersecurity Automation Lab
DePaul University

12–1pm ET Friday, 4 Feb. 2022, WebEx


Warning users about hazardous information on social media is far from a simple usability task. The so-called soft moderation must balance between debunking falsehoods and avoiding moderation bias while avoiding disrupting the social media consumption flow. Platforms thus employ visually indistinguishable warning tags with generic text under a suspected misinformation content. This approach resulted in an unfavorable outcome where the warnings “backfired” and users believed the misinformation more, not less. To address this predicament, we developed enhancements to the misinformation warnings where users are advised on the context of the information hazard and exposed to standard warning iconography.

Balancing for comprehensibility, the enhanced warning tags provide context in regards to (1) fabricated facts; and (2) improbable interpretations of facts. Instead of the generic “Get the facts about the COVID-19 vaccine” warning, users in the first case are warned about “Strange, Potentially, Adverse Misinformation (SPAM): If this were an email, this would have ended up in your spam folder” and in the second case about “For Facts Sake (FFS): In this tweet, facts are missing, out of context, manipulated, or missing a source.” The SPAM warning tag contextualizes misinformation with an analogy to an already known phenomenon of spam email, while the FFS warning tag as an acronym blends with the characteristic communication Twitter behavior with compact language due to the tweets’ length restriction. The text-only warning tags were then paired with the hereto ignored usable security intervention when it comes to misinformation: red flags as watermarks over the suspected misinformation tweets. The tag-and-flag variant provided an option for us also to test user receptivity to warnings that incorporate contrast (red), gestalt iconography for general warnings (flag), and actionable advice for inspection (watermark).

We ran an A/B evaluation with Twitter’s original warnings in a usability study with 337 participants. The majority of the participants preferred the enhancements as a nudge towards recognizing and avoiding misinformation. The enhanced warnings were most favored by the politically left-leaning and to a lesser degree moderate participants, but they also appealed to roughly a third of the right-leaning participants. The education level was the only demographic factor shaping participants’ preferences for the proposed enhancements. Through this work, we are the first to perform an A/B evaluation of enhanced social media warnings providing context and introducing visual design frictions in interacting with hazardous information. Our sentiment analysis towards soft moderation in general, and enhanced warning tags in particular from a political and demographic perspective, provides the basis for our recommendations about future refinements, frictions, and adaptations of soft moderation towards secure and safe behavior on social media.

About the Speaker. Dr. Filipo Sharevski () is an assistant professor of cybersecurity and director of the Adversarial Cybersecurity Automation Lab (https://acal.cdm.depaul.edu). His main research interest is adversarial cybersecurity automation, m/disinformation, usable security, and social engineering. Sharevski earned the PhD degree in interdisciplinary information security at Purdue University, CERIAS in 2015.

Host: Alan T. Sherman, Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681. The UMBC Cyber Defense Lab meets biweekly Fridays 12-1 pm. All meetings are open to the public.

talk: Building Resilience against Cyberattacks, 12pm ET, Dec 15


ArtIAMAS Seminar Series, Co-organized by UMBC, UMCP, and the Army Research Lab

Building Resilience against Cyberattacks

Aryya Gangopadhyay, UMBC


12-1 PM ET Wednesday, 15 December 15, 2021
Online via webex


In this talk, we will address the issue of building resilient systems in the face of cyberattacks. We will present a defense mechanism for cyberattacks using a three-tier architecture that can be used to secure army assets and tactical information. The top tier represents the front-end where autonomous sensing and inferencing through AI models take place by UAVs, UGVs, etc. We will illustrate how models can be defended against data poisoning attacks. In the middle tier, we focus on building cyber defense against attacks in federated learning environments, where models are trained on a large corpus of decentralized data without transferring raw data over a communication channel. The bottom tier represents back-end servers that train deep learning models with large amounts of data that can subsequently be pushed to the edge for inferencing. We will demonstrate how adaptive models can be developed for detecting and preventing various types of attacks at this level.

Dr. Aryya Gangopadhyay is a Professor in the Information Systems department at the University of Maryland, Baltimore County. Dr. Gangopadhyay has a courtesy appointment as a Professor in Computer Science and Electrical Engineering at UMBC. He is also the Director of the Center for Real-time Sensing and Autonomy (CARDS) at UMBC. His research interests include adversarial machine learning at the edge, cybersecurity, and smart cities. He has graduated 16 Ph.D. students and is currently mentoring several others at UMBC. He has published over 125 peer-reviewed research articles and has received extramural support from ARL, NSF, NIST, the Department of Education, and IBM.

talk: Shadow IT in Higher Ed: Survey & Case Study for Cybersecurity, 12-1 Fri 12-3

Shadow IT is the use of information technology systems, devices, software, applications, and services without explicit IT department approval.

The UMBC Cyber Defense Lab presents

Shadow IT in Higher Education: Survey and Case Study for Cybersecurity

Selma Gomez Orr, Cyrus Jian Bonyadi, Enis Golaszewski, and Alan T. Sherman
UMBC Cyber Defense Lab

Joint work with Peter A. H. Peterson (University of Minnesota Duluth), Richard Forno, Sydney Johns, and Jimmy Rodriguez

12-1:00 pm, Friday, 3 December 2021, online via WebEx


We explore shadow information technology (IT) at institutions of higher education through a two-tiered approach involving a detailed case study and comprehensive survey of IT professionals. In its many forms, shadow IT is the software or hardware present in a computer system or network that lies outside the typical review process of the responsible IT unit. We carry out a case study of an internally built legacy grants management system at the University of Maryland, Baltimore County that exemplifies the vulnerabilities, including cross-site scripting and SQL injection, typical of such unauthorized and ad-hoc software. We also conduct a survey of IT professionals at universities, colleges, and community colleges that reveals new and actionable information regarding the prevalence, usage patterns, types, benefits, and risks of shadow IT at their respective institutions.

Further, we propose a security-based profile of shadow IT, involving a subset of elements from existing shadow IT taxonomies, that categorizes shadow IT from a security perspective. Based on this profile, survey respondents identified the predominant form of shadow IT at their institutions, revealing close similarities to findings from our case study.

Through this work, we are the first to identify possible susceptibility factors associated with the occurrence of shadow IT-related security incidents within academic institutions. Correlations of significance include the presence of certain graduate schools, the level of decentralization of the IT department, the types of shadow IT present, the percentage of security violations related to shadow IT, and the institution’s overall attitude toward shadow IT. The combined elements of our case study, profile, and survey provide the first comprehensive view of shadow IT security at academic institutions, highlighting the tension between its risks and benefits, and suggesting strategies for managing it successfully.


Dr. Selma Gomez Orr ( ) received her Ph.D. from Harvard University in the field of decision sciences. She also holds Masters degrees in applied mathematics, engineering sciences, and business administration, also from Harvard. She has worked in the private sector in the fields of cybersecurity and data analytics. Most recently, as a CyberCorps Scholarship for Service (SFS) Scholar, Dr. Orr completed a Master’s of Professional Studies in both cybersecurity and data science at UMBC.

Cyrus Jian Bonyadi ( ) is a computer science Ph.D. student and former SFS scholar studying consensus theory at UMBC under the direction of Alan T. Sherman, Sisi Duan, and Haibin Zhang.

Enis Golaszewski ( ) is a Ph.D. student at UMBC under Alan T. Sherman where he studies, researches, and teaches cryptographic protocol analysis. A former SFS scholar, Golaszewski helps lead annual research studies that analyze and break software at UMBC.

Dr. Alan T. Sherman () is a professor of computer science, director of CDL, and associate director of UMBC’s Cybersecurity Center. His main research interest is high-integrity voting systems. Sherman earned the Ph.D. degree in computer science at MIT in 1987 studying under Ronald L. Rivest.


Host: Alan T. Sherman, Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681. The UMBC Cyber Defense Lab meets biweekly Fridays 12-1 pm. All meetings are open to the public. Upcoming CDL Meetings: Feb 4, Filipo Sharevski

Webinar on NSA Codebreaker challenge and student opportunities, Sept 9


NSA Codebreaker challenge and student opportunities Webinar


4-6 pm EDT Thursday, 9 September 2021, Online


Register Here


NSA will hold an NSALive Adobe Webinar on Thursday, September 9, 2021, from 4-6 pm EDT to learn about the National Security Agency and Student Program opportunities, as well as a deep dive into the 2021 Codebreaker Challenge. Register for the online session here.

The Codebreaker Challenge is the NSA’s annual cybersecurity and cryptanalysis challenge with a realistic, NSA mission-centric scenario open to U.S-based academic institutions. The 2021 challenge is open now and runs through December 31, 2021.

While the challenge is intended for students, faculty are encouraged to participate as well. Furthermore, the site was designed to make it easy for those faculty interested in incorporating the challenge into their courses (see the additional FAQ entries below.)

The 2021 Codebreaker Challenge consists of a series of tasks worth a varying amount of points based upon their difficulty. Schools will be ranked according to their students’ total number of points with the current ranking shown on a leaderboard. Solutions may be submitted at any time for the duration of the Challenge.

While not required, it is recommended that participants solve tasks in order since they flow with the storyline. Later tasks may rely on artifacts or inputs from earlier tasks. Each task in the 2021 challenge will require a range of skills. You will need to call upon all of your technical expertise, intuition, and common sense.

UMBC’s Donna Ruginski and bwtech@UMBC finalists for CAMI’s Maryland Cybersecurity Awards


Donna Ruginski and bwtech@UMBC finalists for CAMI’s Maryland Cybersecurity Awards


Congratulations to UMBC’s Donna Ruginski and bwtech@UMBC Research and Technology Park for their selection as finalists in the Cybersecurity Association of Maryland’s Fifth Annual Maryland Cybersecurity Awards.

Donna Ruginski is a finalist for the Cyber Warrior Woman Award, which honors a woman doing extraordinary or exemplary work in Maryland’s cybersecurity industry. She is UMBC’s Executive Director for Cybersecurity Initiatives in the Office of the Vice President for Research. She is responsible for the strategic positioning and growth of UMBC’s cybersecurity partnerships, research, and programs.

The bwtech@UMBC Research and Technology Park is a finalist for the Cybersecurity Industry Resource Award, which celebrates a non-cybersecurity business, organization, academic institution, or government agency that has significantly contributed to Maryland’s cybersecurity industry through its products, services, or mission.

Finalists were selected by an independent panel of judges represented by leaders in a variety of fields. One winner from each category will be announced at the Maryland Cybersecurity Awards Celebration on September 22, 2021, 5 PM – 8 PM at Maryland Live! Casino.

All finalists are automatically entered into the People’s Choice Award category. The public is invited to vote online to determine who will receive the coveted Cybersecurity People’s Choice Award. The winner will be announced during the virtual Awards Celebration on September 22, 2021. Vote for your choice here.

The Cybersecurity Association of Maryland, Inc. (CAMI) is a statewide nonprofit organization established in 2015. It is Maryland’s only organization dedicated 100% to the growth of Maryland’s cybersecurity industry. 

UMBC redesignated a National Center of Academic Excellence in Cyber Defense


UMBC redesignated a National Center of Academic Excellence in Cyber Defense


UMBC has been redesignated as a National Center of Academic Excellence in Cyber Defense (CAE-CD) through the academic year 2028.

The CAE-CD designation indicates that UMBC is helping reduce threats to our national infrastructure by promoting higher education and research in cyber defense and providing the nation with a pipeline of qualified cybersecurity professionals. UMBC is also designated as a Center of Academic Excellence in Cyber Research (CAE-R), which signifies that UMBC increases the understanding of robust cyber defense technology, policy, and practices that will enable our Nation to prevent and respond to a catastrophic event.

The National Centers of Academic Excellence in Cybersecurity (NCAE-C) program is managed by the National Cryptologic School at the National Security Agency. Federal Partners include the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the National Institute of Standards and Technology (NIST)/National Initiative on Cybersecurity Education (NICE), the National Science Foundation (NSF), the Department of Defense Office of the Chief Information Officer (DoD-CIO), and US Cyber Command (CYBERCOM).

The NCAE-C program’s mission is to create and manage a collaborative cybersecurity educational program with community colleges, colleges, and universities that

  • Establishes standards for cybersecurity curriculum and academic excellence,
  • Includes competency development among students and faculty,
  • Values community outreach and leadership in professional development, 
  • Integrates cybersecurity practice within the institution across academic disciplines,
  • Actively engages in solutions to challenges facing cybersecurity education.

UMBC offers courses, a track, and concentrations focused on cybersecurity in its Computer Science and Information Systems programs at the undergraduate and graduate levels. In addition, UMBC has several major cybersecurity-oriented scholarship programs to prepare the next generation of cybersecurity professionals in an increasingly digital age, focusing on increasing the participation of women and other underrepresented groups in this fast-growing field. These include the UMBC Cyber Scholars program, CyberCorps: Scholarships For Service (SFS) program, and DOD Cyber Scholarship Program (CySP). Applications for SFS cybersecurity scholarships to begin in Fall 2022 are due via Scholarship Retriever by 12noon November 15, 2021.

UMBC also has professional cybersecurity programs that include certificate programs as well as a Master’s of Professional Studies (MPS) degree at its campuses in Catonsville (UMBC main campus) and Rockville (UMBC at the Universities at Shady Grove). UMBC Training Centers offers cybersecurity courses for both individuals and organizations.

Cybersecurity research at UMBC occurs in many of its laboratories and in the UMBC Center for Cybersecurity (UCYBR), which recently merged with UMBC’s original cybersecurity center, the UMBC Center for Information Security and Assurance (CISA).

2021 NSA Codebreaker Challenge Now Open

“The Codebreaker Challenge closely mirrors the real-world scenarios we deal with every day at NSA,” said challenge creator Eric Bryant. “It gives students the opportunity to test their knowledge, build new skills, and develop experience in areas typically not covered by course curricula in cybersecurity.”

NSA Codebreaker Challenge 2021 Now Open


NSA’s annual Codebreaker Challenge offers students a closer look at the type of work done at NSA and provides the opportunity to develop skills needed to achieve the Agency’s national security mission. The problems touch on skills like software reverse engineering, cryptanalysis, exploit development, blockchain analysis, and more. It gives students a hands-on opportunity to develop their reverse-engineering/low-level code analysis skills while working on a realistic problem set centered around the NSA’s mission.

The Challenge is open now and will run until a date late in December. Anyone with an email address from a recognized U.S. school or university may participate. While the challenge is intended for students, faculty are encouraged to participate as well. Furthermore, the site was designed to make it easy for those faculty interested in incorporating the challenge into their courses to do so (see the additional FAQ entries below.)

The 2021 Codebreaker Challenge consists of a series of tasks that are worth a varying amount of points based upon their difficulty. Schools will be ranked according to the total number of points accumulated by their students with the current ranking shown on a leaderboard. Solutions may be submitted at any time for the duration of the Challenge.

While not required, it is recommend that you solve tasks in order, since they flow with the storyline. Later tasks may rely on artifacts / inputs from earlier tasks. Each task in the 2021 challenge will require a range of skills. You will need to call upon all of your technical expertise, your intuition, and your common sense.

NSA provides some helpful resources to get you on the right track with the 2021 Challenge. The list as a starting point. It’s not exhaustive, and you’ll definitely need to do additional research on your own. There are things in this list that aren’t actually part of this year’s challenge. Once you register, you will be able to join the Community of Practice Discord server for the 2021 Codebreaker Challenge. NSA will also hold two technical talks this Fall, giving you a chance to hear from some of NSA’s experts.

1 2 3 4 43