Hacking off the hackers: WVU programmed to fill cybersecurity jobs with NSF award

News Release
August 13, 2019

When West Virginia University first offered cybersecurity classes in 2003, the gravest fear of a casual Internet user might have been opening an infected email attachment that erased computer files or reset their homepage.

And who could forget landing on some dodgy website that would generate a never-ending array of pesky popup windows

Those problems were so 2003.

Hacking has since morphed into a more sinister creature. Espionage, extortion, election meddling, data tampering, credit card and identity theft…the list of immoral activities committed via cyberattacks is ever evolving.

This calls for more cybersecurity experts. A lot of them.

With the aid of a $1 million award from the National Science Foundation, the Lane Department of Computer Science and Electrical Engineering hopes to prepare students to help meet the demand for these cybersecurity roles.

According to Cyberseek.org, there are nearly 1,000 available jobs in the cybersecurity field in West Virginia. Nationwide, there are more than 313,000 open positions.

Professor Katerina Goseva-Popstojanova said the NSF award will provide a total of 120 annual scholarships of $5,000 to 40 undergraduate students over a five-year period. The project is called Attracting and Cultivating Cybersecurity Experts and Scholars through Scholarships.

“The need for cybersecurity keeps increasing as we become more dependent on computers, networks and devices,” she said. “Fifteen years ago, there were barely any smartphones or tablets. Now everything is connected to the Internet or network, from health records to the water supply to critical infrastructure. Just think about how you can now control the temperature in your home from your office. There’s potential for an attack there.

“Cyberattacks evolve because technology evolves. It’s a cat-and-mouse game.”

The methods of cyberattacks are growing at such an alarming rate that it’s hard for government and industry to keep up. By 2021, it’s estimated there will be 3.5 million unfilled cybersecurity positions globally, according to Cybersecurity Ventures.

Goseva-Popstojanova highlighted ransomware as one of the newer types of malicious software. Ransomware is designed to extort money by encrypting the files on a computer system, and thus making them unusable, until ransom is paid.

She also cautioned against the use of certain apps, even if they seem harmless on the surface. Case in point: FaceApp, the Russian mobile app that uses artificial intelligence to create a realistic rendering of what you might look like in a few decades. Despite its popularity, the app raised questions over privacy concerns.

“When you download an app, it asks for permissions, such as access to your location,” said Goseva-Popstojanova, whose research focuses on software security, information assurance and intrusion tolerance. “Apps don’t need to know that. Maybe Google Maps, but why would other apps? Apps collect data about users, track behavior and may sell your data for financial gain.”

WVU will begin awarding the funds in spring 2020. Recipients must be in good academic standing (at least a 3.5 high school GPA for incoming students or 3.0 GPA for current university students), have demonstrated financial need and be enrolled in an eligible bachelor’s program in the Lane department.

Since 2006, WVU has been designated by the National Security Agency and the Department of Homeland Security as a National Center of Academic Excellence in both cyber defense education and cyber defense research.

Other faculty involved in ACCESS include Robin Hensel, Brian Woerner, Roy Nutter, David Krovich, Earl Scime and Kathleen Cullen, all of the Statler College of Engineering and Mineral Resources.

“The outcomes of the project will reach beyond West Virginia and are likely to be applicable to other states that have similar population characteristics and face similar challenges,” Goseva-Popstojanova said.

Students will learn how to program and design systems that not only thwart attacks but also allow them to continue operating if compromised.

“Developing resilient systems is important,” she said. “Attacks will happen. So how can systems keep working even if they’re attacked? You don’t want the electrical grid to get attacked and be completely out of power. The key is to make systems resilient.”

Another goal of ACCESS is to encourage diversity, such as women, in the STEM fields.

“In general, there are not very many females or minorities in STEM,” Goseva-Popstojanova said. “We’re committed to increasing the number of women and members of underrepresented groups who get degrees with specialization in cybersecurity. This serves such a broader impact on society.

“For me, I was raised in a family where I was never told, ‘You cannot do that.’ I became a computer scientist. It wasn’t an issue. But once you get into the system, you notice you’re one of a very few. Wherever you go, in any country, there are fewer women than men in STEM roles.”

ACCESS will partner with other initiatives such as Girls Go Cyberstart, an interactive series of digital challenges designed to introduce girls to the cybersecurity field, and CyberPatriot, an education program created by the Air Force Association to inspire K-12 students toward cybersecurity careers.