Clickjacking, spoofing, whaling, spear phishing — it’s the lingo of cyberwarfare conducted by an irregular army of cybercriminals intent on hacking government and corporate digital networks.
Guarding against such attacks requires a growing workforce trained in cybersecurity, and Jorge Crichigno is on it. The professor of integrated information technology in the Molinaroli College of Engineering and Computing is leading a three-year project funded by the Office of Naval Research to prepare a new generation of cyberwarfare professionals.
“There are several aspects of this project, from undergraduate research to training workshops around the country, which together are reaching a thousand learners or more per year,” says Crichigno, who joined USC’s faculty in 2018. “The Office of Naval Research would like to have graduates helping government agencies and the Navy, but some will work in private industry, and we need them there, too.”
USC is partnering on the grant with South Carolina State University and businesses and government agencies to develop an internship program.
“Learning doesn’t happen only in the classroom. Internships and networking help to develop communication skills, particularly how to communicate with non-technical people, which is quite difficult,” Crichigno says. “We also have our own academic cloud because the students are learning theory, but they have to apply it and that requires hands-on activities in the cloud.”
In a controlled digital environment not connected to the internet, student participants learn tricks of the trade deployed by cybercriminals, including spyware and other data hijacking techniques. “They need to understand all of that to learn how to prevent it. They do the first part — the attack — and then they learn how to protect against it,” Crichigno says.
“Learning doesn’t happen only in the classroom. Internships and networking help to develop communication skills, particularly how to communicate with non-technical people, which is quite difficult."
Vulnerabilities in the nation’s energy infrastructure and other critical systems are especially alarming, Crichigno says, because those networks, now connected to the internet, are often unsecured. Teaching the next generation of computer and information technology professionals how to mitigate those vulnerabilities will become part of future training, he says.
Student participants in the first year of the grant program say their understanding of the scope of cyber threats has increased dramatically.
“My work in this program was related to packet filter applications, which gave me a networking perspective of cyber threats,” says Andy Smith, a sophomore IIT major at USC. “I found that in assessing vulnerabilities, every device or program on a network is an attack surface. It’s not just the security application that must be considered, but the network as a whole.”
Computer science senior Chris Moore says the constant threat from cybercriminals is multifaceted, but tools for defending against malicious attacks are available.
“My work on the project helped me to understand many of the vulnerabilities present in the DNS protocol, and how unsecured networks can easily fall victim to attackers who exploit them,” Moore says. “However, it also reinforced that we have access to a wide variety of tools, such as Next-Generation Firewalls, that security professionals can use to help minimize these threats.”