Last month saw a sophisticated assault on the networks of JP Morgan Chase & Co., Citigroup and several other of this country’s largest banks.
An attack in August on the world’s largest oil producer, Saudi Aramco, destroyed 30,000 computers.
And hackers three years ago gained access to sensitive information from the Defense Department’s $300 billion F-35 Joint Strike Fighter project.
Those are examples of the serious threat that government agencies, businesses and critical infrastructure face from cyber attacks, according to cybersecurity experts and high-ranking federal officials in this country.
“The collective results of these kinds of attacks could be a cyber Pear Harbor, an attack that would cause physical destruction and the loss of life, an attack that would paralyze and shock the nation and create a profound new sense of vulnerability,” Defense Secretary Leon Panetta warned during an Oct. 11 speech in New York City.
While the U.S. government is seeking to raise awareness of the dangers posed by hackers and cyber terrorists, experts say the federal agencies charged with preventing these attacks haven’t been able to hire enough workers trained in detecting and responding to these threats.
The government is paying people to pursue graduate studies in cybersecurity, at the University at Buffalo and other schools across the country, in return for a commitment that they will work for a federal agency for two years after graduating. The grants are $40,000 a year for each student.
“This is a great employment opportunity,” said Shambhu Upadhyaya, a professor of computer science and engineering at UB and director of its Center of Excellence in Information Systems, Assurance, Research and Education, or CEISARE.
In addition to the UB program, Hilbert College and Canisius College are among the other local colleges and universities offering programs in cybersecurity-related fields.
Faculty and alumni say the classes are engaging, the course work evolves to keep up with the latest technological advances and graduates find challenging jobs that pay well.
“I don’t think it’s a field that’s going away anytime soon,” said Kyle T. Cavalieri, a Hilbert graduate and manager of computer forensics and investigations for Digits LLC, a consulting firm based in West Seneca.
Experts have warned for years of the threat posed by hackers seeking to make a profit, send a political message or wreak havoc on a nation’s essential infrastructure.
Given our reliance on online networks, the potential targets of a cyber attack include everything from the electric grid to the air-traffic control system.
“In this day and age, there isn’t anything that doesn’t touch a computer,” said Peter J. Ahearn, former special agent in charge of the Buffalo FBI office and owner of Ahearn Consulting.
Governments at every level and companies of every size have invested billions of dollars in preventing these attacks and in securing their data, but those involved in cybersecurity issues say this nation remains vulnerable to determined hackers and cyber criminals.
General Keith Alexander, director of the National Security Agency and commander of U.S. Cyber Command, was asked at a July security forum in Colorado how well-prepared, on a scale of 1 to 10, the United States is for a major cyber attack on an important piece of infrastructure.
“From my perspective I’d say around a 3,” Alexander said.
Hackers have embarrassed companies ranging from Sony to LinkedIn, exposing weaknesses in their security systems and gaining access to the personal information of millions of their customers.
The Department of Homeland Security in 2011 received 198 reports of attacks on the companies that control this country’s critical infrastructure, up from nine such incidents in 2009, according to CNN’s Security Clearance blog.
“These attacks keep happening, and a lot of it isn’t reported,” UB’s Upadhyaya said.
Instead of making a one-time, single-shot attack on a target, today’s hackers strive to gain access and remain inside a computer network for an extended period of time, stealing data without the host realizing anything is wrong, said Linda Volonino, a professor of information systems at Canisius and director of the college’s computer forensics program.
“It’s much more parasitic,” said Volonino, the co-author of the book “Computer Forensics for Dummies.”
Observers say the federal government takes the threat seriously but hasn’t found enough people with the required training to fill its cybersecurity jobs.
This summer, Alexander spoke at the nation’s largest hackers’ convention and urged attendees to consider working for the NSA or another federal agency.
“I’d say we certainly need more, there’s no question about it. There certainly is a need for people in that field,” said William Haslinger, an associate professor of economic crime investigation at Hilbert.
Paying for school
In an effort to boost cybersecurity training, the National Science Foundation in 2001 launched its Federal CyberService Awards.
UB was among 11 schools that received one of these awards in 2008, earning an $868,000, four-year grant under the program.
Eight students earned master’s degrees in computer science and engineering or management information systems through the NSF scholarship, and three are in their final year of study, Upadhyaya said. The students received advanced certification in information assurance.
This year, UB received a $1.6 million NSF grant that will pay for up to 16 students to study at CEISARE over the next five years.
“You have to attract people to go to these particular disciplines,” Upadhyaya said.
For each year of the two-year program, the students receive: a $25,000 stipend, plus $12,000 for in-state graduate tuition and fees, or more if the student comes from out of state, and $3,000 for books, travel expenses and health insurance.
They receive training in how to prevent, detect and respond to cyber attacks, Upadhyaya said.
Graduates must promise to work for the federal government for two years after earning their degrees through the NSF-funded program, and UB alumni have gone on to work for the Department of Homeland Security, the National Security Agency and the Securities and Exchange Commission.
Al Katerinsky works as a security research analyst with the Federal Trade Commission in Washington, D.C., after graduating from the UB program in 2010. He said he worked extremely hard at UB and found the subject matter fascinating.
“I’d say it was the ride of my life – a wonderful time,” said Katerinsky, 53, who interned with the Department of Housing and Urban Development and later taught at Bryant & Stratton College’s downtown campus before landing the job with the FTC.
Canisius and Hilbert are among the local colleges that don’t participate in the NSF scholarship program but do offer majors in the area of cybersecurity. These programs typically meld computer science, accounting and criminal justice courses.
“Obviously it’s not glamorous,” said Volonino, the Canisius professor, but she encourages students to enter this growing field that promises well-paying jobs. One of her students has gone through the NSF-funded program at UB.
Hilbert introduced a bachelor’s degree in economic crime investigation in 1999. Students could concentrate in financial investigations or, as Cavalieri did, in computer security.
Hilbert now offers two distinct degrees, one in computer security and information assurance and the other in accounting with a concentration in economic crime investigation. About 60 students are enrolled between the two programs.
“Our program has evolved a lot over the last decade,” said Haslinger, a former supervisory special agent with the Internal Revenue Service.
Cavalieri graduated from Hilbert in 2007 and worked in New York City for Protiviti, an international consulting firm, before joining Digits LLC in 2010.
“It’s a job that you’re always learning, you’re never stagnant,” he said.
The people working to prevent these attacks have to keep learning because the cyber criminals are coming up with ever-more-sophisticated ways to infiltrate our computer networks, said Ahearn, the consultant and former FBI official, whose son, Pete, is an FBI special agent who specializes in cybersecurity issues.
“It’s like any other terrorism issue: You just can’t let your guard down,” the elder Ahearn said.