Norwich adds cyber security course
Toolbox
By Thatcher Moats Times Argus Staff - Published: January 6, 2010
NORTHFIELD – A start-up software company geared toward government and military cyber-security will be teaming up with students at Norwich University in an effort that could benefit both parties — and maybe some day the public.
The private military academy in Northfield, which has been an early leader in information and computer security, announced on Tuesday a collaboration with Adaptive Cyber Security Instruments, Inc.
ACSI was founded in 2005 to create technology that can contain and thwart attacks on computers and information systems, and it is focused mainly on government and military customers.
The collaboration will have students working with the company's prototypes and is the latest step Norwich University has taken in its push to the forefront of the rapidly growing field of information security.
In 2002, the Norwich University Applied Research Institute was designated as the National Center for Counterterrorism and Cyber Crime after Sen. Patrick Leahy won enactment of a congressional charter. Since then, the research institute has developed anti-hacking software and training programs.
Last summer — just weeks after crippling cyber-attacks on the Federal Trade Commission, Secret Service and the Treasury Department – it was announced that Norwich University would receive $7.7 million in federal grants to fund cyber-defense initiatives.
As the amount of information stored and managed on computers has mushroomed since 1993, said a Norwich University professor, so has the need for new ways to keep that information secure, whether it's to protect national security infrastructure or personal financial data.
"We have to be aware that a great deal of crime is mediated through computers and information systems…," said Michel Kabay, an Associate Professor of Information Assurance at Norwich University, who is also the chief technical officer for ACSI. "Identity theft is the fastest growing crime in America in terms of numbers affected and the amount of money taken."
Leahy is the chairman of the Senate Judiciary Committee, which has jurisdiction over the Justice Department, the FBI and parts of the Department of Homeland Security.
He said the threat of a cyber-attack poses huge national security risks.
"In this age of interconnected digital communication and databanks, a cyber attack on our infrastructure can be as crippling as a conventional attack, or even worse," Leahy said in a statement. "We've seen major attacks attempted against us from offshore just in the past year."
The ACSI software Norwich students will be working with is still in the start-up phase, said Kabay. But he thinks the technology the company is developing is a "game-changer" in the world of cyber-security.
"I think it can profoundly tip the balance between defenders and attackers," he said. "We may get a leg up on the little creeps all over the world who amuse themselves by harassing us and the big creeps who earn a living by stealing from us."
The basic idea behind the software is to use computer techniques to "identify new attack methods immediately," said Kabay.
"We're going to use computers to recognize patterns of behavior that should raise suspicions," he said. "And then we can use the extensive files of our knowledge about the systems to spot new attacks of that kind."
Parts of the technology already exist, but haven't been gathered into one program, said Kabay.
"We don't want to reinvent what's already working; we want to integrate into a smoothly functioning system the best of everything we know how to do," he said.
Students will get real-world experience as they help develop and test the company's software, and ACSI will benefit by exposing its products to students who could soon be in jobs related to cyber security, the university said in a news release.
There are two main types of cyber attacks, said Kabay, who has been a professor at Norwich since 2001 and with ACSI for about a year. There are "denial-of-service" attacks and "penetration" attacks.
The denial-of-service attacks stop or slow people from accessing information, such as e-commerce web sites. Kabay cited one case from about a decade ago in which a teen in Canada caused millions of dollars in losses for a number of companies using this tactic.
"Penetration" means unauthorized access to confidential information. Kabay said there have been documented cases where national laboratories run by the Department of Energy that contain classified information have been breached.
37