NSA will hold an NSALive Adobe Webinar on Thursday, September 9, 2021, from 4-6 pm EDT to learn about the National Security Agency and Student Program opportunities, as well as a deep dive into the 2021 Codebreaker Challenge. Register for the online session here.
The Codebreaker Challenge is the NSA’s annual cybersecurity and cryptanalysis challenge with a realistic, NSA mission-centric scenario open to U.S-based academic institutions. The 2021 challenge is open now and runs through December 31, 2021.
While the challenge is intended for students, faculty are encouraged to participate as well. Furthermore, the site was designed to make it easy for those faculty interested in incorporating the challenge into their courses (see the additional FAQ entries below.)
The 2021 Codebreaker Challenge consists of a series of tasks worth a varying amount of points based upon their difficulty. Schools will be ranked according to their students’ total number of points with the current ranking shown on a leaderboard. Solutions may be submitted at any time for the duration of the Challenge.
While not required, it is recommended that participants solve tasks in order since they flow with the storyline. Later tasks may rely on artifacts or inputs from earlier tasks. Each task in the 2021 challenge will require a range of skills. You will need to call upon all of your technical expertise, intuition, and common sense.
UMBC’s Donna Ruginski and bwtech@UMBC finalists for CAMI’s Maryland Cybersecurity Awards
Donna Ruginski and bwtech@UMBC finalists for CAMI’s Maryland Cybersecurity Awards
Donna Ruginski is a finalist for the Cyber Warrior Woman Award, which honors a woman doing extraordinary or exemplary work in Maryland’s cybersecurity industry. She is UMBC’s Executive Director for Cybersecurity Initiatives in the Office of the Vice President for Research. She is responsible for the strategic positioning and growth of UMBC’s cybersecurity partnerships, research, and programs.
The bwtech@UMBC Research and Technology Park is a finalist for the Cybersecurity Industry Resource Award, which celebrates a non-cybersecurity business, organization, academic institution, or government agency that has significantly contributed to Maryland’s cybersecurity industry through its products, services, or mission.
Finalists were selected by an independent panel of judges represented by leaders in a variety of fields. One winner from each category will be announced at the Maryland Cybersecurity Awards Celebration on September 22, 2021, 5 PM – 8 PM at Maryland Live! Casino.
All finalists are automatically entered into the People’s Choice Award category. The public is invited to vote online to determine who will receive the coveted Cybersecurity People’s Choice Award. The winner will be announced during the virtual Awards Celebration on September 22, 2021. Vote for your choice here.
The MIIC will address pressing challenges related to computing, analytics, and workforce in state agencies, with a focus on cybersecurity, artificial intelligence, and data science. UMBC faculty, students and staff will work with MIIC partners to provide expertise on the complex process of recovering from cyberattacks. They will also offer technical guidance to inform policy decisions for leveraging data safely, securely, and ethically.
The partnership will also include talent from higher education institutions within the University System of Maryland and across the state, and partners in the public and private sectors.
“Maryland is showing the way by creating this innovative partnership that brings together experienced faculty and students who are eager to apply the knowledge they have acquired, with state agencies that need support facing pressing challenges,” says Anupam Joshi, director of UMBC’s Center for Cybersecurity, and professor and chair of computer science and electrical engineering. “UMBC is proud to lead the way in partnership with the state, staying true to our motto of inclusive excellence.”
As part of the MIIC, UMBC will utilize Computing Innovation Rapid Response Teams to develop real-time solutions to IT and data concerns in state agencies. These teams will include undergraduate and graduate students trained and deployed through internships and capstone courses.
Another component of the collaboration, the MIIC Innovation Lab and Challenge Fund, will use an evidence-based approach to understand how government agencies can innovate in the computing space and can replicate successful approaches.
The summit drew participation from top federal, state, and private-sector cybersecurity leaders, includingAnne Neuberger, deputy assistant to President Biden and deputy national security advisor for cyber and emerging technology. The event opened with remarks fromGovernor Hogan. Three panels followed, focusing on the national cybersecurity agenda, the state cybersecurity ecosystem, and the role of the private sector.
UMBC President Freeman Hrabowski and Dean Keith J Bowman of UMBC’s College of Engineering and Information Technologymoderated panels. UMBC alumna Tina Williams-Koroma ‘02, computer science, president and CEO of TCecure, participated as a panelist.
“There is no greater threat to the safety and security of Americans right now than the cyber vulnerabilities of the systems that support our daily lives, from our drinking water and our power supply, to our railroads and air traffic controls,” said Governor Hogan, in a statement ahead of the summit. “As the cyber capital of America, Maryland is proud to host this summit,” including “an open and productive discussion of our coordinated cybersecurity goals and initiatives as we work to protect the American people.”
Developing cyber talent
Bowman described UMBC’s role in cybersecurity workforce development within Maryland, nurturing talent and giving students opportunities to pursue related careers. He highlighted the Maryland Center for Computing Education, which is housed at UMBC and works to engage K-12 students in computing and support teacher development.
“During my four years at UMBC, our College has benefited from support for both our academic programs and research from the Governor and state,” he said. “That support has enabled us to recruit, retain, and invest in outstanding faculty and staff that are developing Maryland’s next generation of engineering and computing professionals.”
NASA has committed $178 million to extend support for the Center for Research and Exploration in Space Science & Technology II (CRESST II) through 2027. Founded in 2006 and renewed in 2016, CRESST II is a partnership between NASA’s Goddard Space Flight Center and four universities. UMBC and the University of Maryland, College Park (UMD) are the two primary funding recipients, with UMD leading the consortium. CRESST II also supports researchers at Catholic University of America, Howard University, and the Southeastern Universities Research Association.
New UMBC funding to support these projects will be more than $63 million over five years under the CRESST II renewal. Since the last renewal in 2016, the UMBC arm of the partnership, the Center for Space Sciences and Technology (CSST), has focused on offering additional training for budding space scientists. Graduate students with NASA fellowships are co-advised by UMBC faculty and NASA scientists, undergraduates have internship opportunities on-site at Goddard, and post-baccalaureate programs offer recent grads a chance to get more experience before applying to jobs or graduate school. Career workshops are available to all.
“We’re trying to do more to support their growth, and also prepare them to move on to other things afterwards,” says Don Engel, director of CSST and assistant professor of computer science and electrical engineering. “We’re building more infrastructure around career support for our scientists, especially those at earlier levels.”
Engel has also been leading an effort to engage more departments at UMBC in the partnership. Physics is the most involved so far, but researchers in computer science and electrical engineering, mechanical engineering, information systems, and even geography and environmental systems have connected with CSST, meaning the Center spans all three UMBC colleges.
“Adversarial thinking” (AT), sometimes called the “security mindset” or described as the ability to “think like an attacker,” is widely accepted in the computer security community as an essential ability for successful cybersecurity practice. Supported by intuition and anecdotes, many in the community stress the importance of AT, and multiple projects have produced interventions explicitly intended to strengthen individual AT skills to improve security in general. However, there is no agreed-upon definition of “adversarial thinking” or its components, and accordingly, no test for it. Because of this absence, it is impossible to meaningfully quantify AT in subjects, AT’s importance for cybersecurity practitioners, or the effectiveness of interventions designed to improve AT. Working towards the goal of a characterization of AT in cybersecurity and a non-technical test for AT that anyone can take, I will discuss existing conceptions of AT from the security community, as well as ideas about AT in other fields with adversarial aspects including war, politics, law, critical thinking, and games. I will also describe some of the unique difficulties of creating a non-technical test for AT, compare and contrast this effort to our work on the CATS and Security Misconceptions projects, and describe some potential solutions. I will explore potential uses for such an instrument, including measuring a student’s change in AT over time, measuring the effectiveness of interventions meant to improve AT, comparing AT in different populations (e.g., security professionals vs. software engineers), and identifying individuals from all walks of life with strong AT skills—people who might help meet our world’s pressing need for skilled and insightful security professionals and researchers. Along the way, I will give some sample non-technical adversarial thinking challenges and describe how they might be graded and validated.
Peter A. H. Peterson is an assistant professor of computer science at the University of Minnesota Duluth, where he teaches and directs the Laboratory for Advanced Research in Systems (LARS), a group dedicated to research in operating systems and security, with a special focus on research and development to make security education more effective and accessible. He is an active member of the Cybersecurity Assessment Tools (CATS) project working to create and validate two concept inventories for cybersecurity, is working on an NSF-funded grant to identify and remediate commonsense misconceptions about cybersecurity, and is also the author of several hands-on security exercises for Deterlab that have been used at many institutions around the world. He earned his Ph.D. from the University of California, Los Angeles for work on “adaptive compression”—systems that make compression decisions dynamically to improve efficiency. He can be reached at .
Host: Alan T. Sherman, Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681. The UMBC Cyber Defense Lab meets biweekly Fridays. All meetings are open to the public. Upcoming CDL Meetings: May 7, Farid Javani (UMBC), Anonymization by oblivious transfer
Talk: Cyber Lessons, Learned and Unlearned, 1-2 pm ET 4/20/21
The UMBC Center for Cybersecurity (UCYBR) & The Department of Computer Science & Electrical Engineering (CSEE) Present:
“Cyber Lessons, Learned and Unlearned”
Professor Eugene Spafford Professor of Computer Science & Executive Director Emeritus of the Purdue CERIAS (Center for Education and Research in Information Assurance and Security) Purdue University
Dr. Eugene Spafford is a professor with an appointment in Computer Science at Purdue University, where he has served on the faculty since 1987. He is also a professor of Philosophy (courtesy), a professor of Communication (courtesy), a professor of Electrical and Computer Engineering (courtesy) and a Professor of Political Science (courtesy). He serves on a number of advisory and editorial boards. Spafford’s current research interests are primarily in the areas of information security, computer crime investigation and information ethics. He is generally recognized as one of the senior leaders in the field of computing.
Among other things, Spaf (as he is known to his friends, colleagues, and students) is Executive Director Emeritus of the Purdue CERIAS (Center for Education and Research in Information Assurance and Security), and was the founder and director of the (superseded) COAST Laboratory. He is Editor-on-Chief of the Elsevier journal Computers & Security, the oldest journal in the field of information security, and the official outlet of IFIP TC-11.
Spaf has been a student and researcher in computing for over 40 years, 35 of which have been in security-related areas. During that time, computing has evolved from mainframes to the Internet of Things. Of course, along with these changes in computing have been changes in technology, access, and both how we use and misuse computing resources. Who knows what the future holds?
In this UCYBR talk, Spaf will reflect upon this evolution and trends and discuss what he sees as significant “lessons learned” from history. Will we learn from our past? Or are we destined to repeat history (again!) and never break free from the many cybersecurity challenges that continue to impact our world? Join UCYBR and CSEE for an engaging and informative presentation from one of the most respected luminaries of the cybersecurity field!