The world has become a complex synergy of the physical world and the cyber world. Whatever your occupation, wherever you live, everyone is impacted by cyberattacks. Numerous College of Computing programs and outreach activities are working to encourage safe online activities.
Cybersecurity Is a Key Priority Across the College
It is estimated that by 2025, cybercrime will cost $10.5 trillion globally, increasing by 15 percent annually. And a recent study found that cybercriminals can potentially penetrate 93 percent of worldwide company networks.
The world has become a complex synergy of the physical world and the cyber world. Whatever your occupation, wherever you live, everyone is impacted by cyberattacks such as email phishing and cyber fraud. Crucial cyber-physical infrastructures are also in danger, from power grid, water, and utility pipeline systems to healthcare systems to industry control and manufacturing systems.
“It’s a war with no discernible front,” says Jean Mayo, professor of computer science. “The increasing pervasiveness and connectivity of computing devices, and the software those devices run, are networkaccessible across the world. Attacks can come from anywhere.”
“Not only is the number of jobs in cybersecurity increasing, as people learn more about the impact of cyberattacks, especially on ordinary people, there is a cadre of people who want to defend the US and its citizens,” adds Mayo.
With funding from the National Science Foundation (NSF) through two grant awards Yu Cai and his colleagues are working to educate the next generation of cybersecurity professionals.
“Cybersecurity is a fast-growing trend in higher education,” says Yu Cai, professor of cybersecurity in the Department of Applied Computing. “Michigan Tech has developed a national and international reputation in cybersecurity education, research, and outreach. We are thrilled to be part of the solution to the nation’s cybersecurity workforce challenge.”
CyberCorps
A five-year, $3.3 million project funded by the NSF in 2021, CyberCorps: Scholarship for Service (SFS) aims to train the next generation of cybersecurity professionals. The scholarship provides up to three years of full support for 20 undergraduate and graduate students studying cybersecurity at Michigan Tech. The program currently supports 10 students.
“The US is facing a significant shortage of well-trained and well-prepared cybersecurity professionals,” says Cai. “This new scholarship will continue to develop Michigan Tech’s national and international reputation as a leader and innovator in cybersecurity education, research, and outreach activities.”
The cross-disciplinary SFS program is conducted by multiple departments and faculty across campus and collaborates with the Pavlis Honors College at Michigan Tech, mentoring, advising, and engaging SFS scholars with a blend of faculty mentoring, peer mentoring, and customized honors pathways.
Undergraduate cybersecurity major and SFS scholarship recipient Thad Sander says, “This opportunity means a lot. It gives me the chance to accelerate my career readiness. It has also been a large motivational factor to excel and put myself forward for more opportunities so I can stand out as an applicant for jobs within the federal government.”
Following graduation, SFS recipients agree to work in a cybersecurity-related job for federal, state, local, or tribal government for a period equal to the length of the scholarship, among other requirements. The first graduate of the Michigan Tech SFS program is expected in spring 2023.
GenCyber Camps
Before they get to college, K-12 students need to be aware of the many cybersecurity career options. To that end, the National Science Foundation/National Security Agency-funded GenCyber program at Michigan Tech is working to build interest and enthusiasm in cybersecurity careers.
Part of a nationwide program, GenCyber camps seek to ignite and sustain cybersecurity interest among youth in order to build a competent, diverse, and adaptable cybersecurity workforce pipeline. The camps are open to student and teacher participants at no cost.
More than 300 students and teachers have completed the GenCyber camps at Michigan Tech. “We are very lucky to have hosted the GenCyber camps almost every year since 2019,” says Cai.
“As we become more and more reliant on cyber-based technology in our daily lives, ensuring that enough young people are inspired to pursue cybersecurity careers is critical to the future of our country’s national and economic security,” says Cai. “It’s better if youth are exposed to cybersecurity careers before college.”
"The US is facing a significant shortage of well-trained and well-prepared cybersecurity professionals."
The GenCyber classes focus on hands-on learning, engaging students in games, labs, and exercises. Topics include cyber hygiene and fundamental security knowledge, including email phishing, password management, cyber ethics, and more. Campers also learn about computer hardware and programming using Raspberry Pi mini computers.
Teachers also develop cybersecurity lesson plans. “The teacher camp is critical from a cost-benefit perspective. It makes more sense to train one teacher who can impact many students,” says Cai.
Laurel Givens, a teacher at Houghton Elementary, completed the camp in 2019. As a second grade teacher with an interest in technology, but not a lot of experience, before the camp she knew next to nothing about cybersecurity.
“My students have technology in their hands from the time they can hold things!” Givens says. “They’re really good at figuring out new software and websites, but they need instruction on how to keep themselves safe with digital tools.”
“Before we use technology in the classroom in the fall, I teach lessons on internet safety and netiquette,” Givens says. “We review these concepts throughout the year. One of my lessons is one I helped prepare during my week at the GenCyber teacher camp.”
Another great part of the camp, Givens says, was spending time with like-minded teachers and learning what MTU has to offer students who are interested in computer science.
Jarrett Davidson, who teaches grades 6-12 in Baraga, Michigan, completed the teacher camp in 2021. “I have done some cybersecurity in my classes, but this really helped jump-start more computer science conversations and lessons,” he says.
“It was truly an awesome experience,” says Davidson. “No matter what your skill level and cybersecurity familiarity, you will gain so much to take away from the camp, you’ll have new resources, and you’ll meet teachers that want to help you succeed.”
First Place Success for the MTU RedTeam
Third place among 100 teams, 96 percent accuracy, fifth of 119 teams, sixth of 576 teams. Facing competitors from colleges across the nation, the MTU RedTeam consistently ranks among the top college and high school teams in biannual National Cyber League competitions and industry-sponsored events.
Facing industry professionals and college students, in September 2021 the RedTeam took first place in an open source intelligence capture the flag contest hosted at the GrrCON Cyber Security Summit and Hacker Conference.
Advised by faculty members Yu Cai, applied computing, and Bo Chen, computer science, the MTU RedTeam is a registered Michigan Tech student organization. The team works to promote a security-driven mindset among students, and provide a community and resource for those wishing to learn more about information security.
“Our RedTeam students view cybersecurity as a fun and critical subject,” says Cai. “Fun, because you get a chance to explore the cyber world and discover unknown secrets. Critical, because the nation needs you to defend its digital frontier and protect valuable infrastructure and data.”
The student organization also cohosts capture the flag and hackathon competitions on campus, including the annual Winter Wonderhack.
Is Your SmartWatch Secure?
Cybersecurity Students Decide to Find Out
The Internet of Medical Things (IoMT), a system of interrelated medical devices and applications, connects healthcare information technology systems using networking technologies. One-third of all IoT devices are found in healthcare (as IoMTs) and they are expected to account for 40 percent of total global IoT technology by 2025 (Darwis et al. 2017).
Healthcare data is frequently the target of fraud, extortion, and other illegal activities, with the average data breach costing $9.42 million (HIPAA Journal, July 2021). Therefore, it becomes imperative to investigate the security resiliency of IoMT devices, which continue to gain wide popularity, especially in wearable devices such as smartwatches, fitness trackers, and heart rate monitors. These devices can reduce unnecessary hospital visits and ease the burden on healthcare systems, but are they secure?
A team of students decided to find out when their advisor, Guy Hembroff, associate professor of health informatics, applied computing department, presented the topic to the group in September 2021. The project’s result, “IoMT Device Security,” was awarded first place in the Senior Design category of the 2022 Michigan Tech Design Expo. Team members were graduating BS in Cybersecurity seniors Jacson Ott, Stu Kernstock, Trevor Hornsby, and Matthew Chau.
The Design Expo showcases experiential, discovery-based learning. This spring, the work of more than 1,000 students in Enterprise and Senior Design capstone projects were represented. The event is hosted by the Michigan Tech Enterprise program and supported by industry and University sponsorships.
A Security Review
“The goal of this project was to perform a security review of Internet of Medical Things wearable devices,” explains Ott. “Our intention was to provide end users with a better understanding of the security implications of their everyday devices, and to present an updated picture of the industry’s current stance of implementing security.”
The research project specifically focused on the communication among several different Apple smartwatches, smartphones, and the applications that run on the smartphones.
“Apple devices are the most popular fitness tracking devices on the market, and research shows that Bluetooth is vulnerable to attacks,” explains Hornsby. “This is especially true with its counterpart, Bluetooth Low Energy.”
Bluetooth Low Energy is intended to considerably reduce power consumption and cost while maintaining a similar communication range to that provided by other communication technologies.
“We looked for common security weaknesses between the connection of an Apple Watch and an iPhone and analyzed the effectiveness of current practices to protect sensitive health information. We also identified steps for improvements and recommendations for mitigation measures to address existing threats and vulnerabilities,” says Hornsby. “Several potential areas for continued research were also revealed.”
“The tests we performed proved that in some scenarios anyone could realistically attempt to compromise some of these devices,” adds Hornsby. “A wide selection of smartwatches and accompanying smartphone apps were tested for potential vulnerabilities. Our tests included physical attacks, sniffing, man in the middle, DoS, and reverse application engineering.”
The Judges Were Impressed
“I was very impressed with the presentation,” says Steve Knudstrup, Michigan Tech help desk consultant and Design Expo judge. “The team took something pretty complicated and communicated it well so that I could understand both the technical aspects and why the project was important. I liked that the relevance was clear and that they were using devices that real people use every day. The students were also upbeat and very friendly, and very willing to answer any questions anyone had.”
Design Expo judge and Michigan Tech Career Advisor Amanda Hagerl, Career Services, was also impressed with the group’s presentations.
“They all showed a real interest in their work,” Hagerl says. “Their enthusiasm really kept me captive. We live in a world where we fear for our security, and so many of us wear Bluetooth devices. It made their topic interesting to many. They were able to answer all the questions I had, and they provided me with solutions to help with my security in the future.”
Long Hours in the Lab
The team followed a phased approach, breaking down the project into smaller pieces and collaboratively working on each phase. Hornsby says the testing phase was very intensive and the team encountered several roadblocks.
“This team of students was very bright, motivated, and professional, each with individual areas of expertise and research goals that complemented those of the other team members, pushing them to become better as individuals and as a group,” says Hembroff.
While this project was similar to most research endeavors, with challenges and setbacks throughout the course of the project, Hembroff says the students met each of the challenges and worked very hard to meet the expectations established for this project.
“I really enjoyed working with the group and witnessing their progression in teamwork, research, troubleshooting, and written and oral communication, which are critical to success in the cybersecurity industry,” adds Hembroff.
“Our project was heavily dependent on collaboration, from the early phase of researching the devices and tools, to testing and analyzing the data, and finally writing up the results,” says Hornsby.
“As a group, we did our best to rotate the project roles, ensuring that everyone was knowledgeable about all project areas,” notes Ott. “This approach also allowed us to leverage the unique perspectives and ideas of all group members.”
“There was a long period in which the result of every attempted attack resulted in failure,” says Ott. “It was difficult to avoid becoming discouraged as the team encountered one roadblock after another.
“But it was important to keep in mind that every success and failure we encountered helped us to build an increasingly whole picture of the space,” he adds. “The first time I managed to expose personal health data in a real-time connection between devices really boosted team morale.”
An Honest Effort to Discover Something New
The deep knowledge and enthusiasm of his advisor, Guy Hembroff, inspired Ott to put in his best effort and see where the project took him. “I valued this opportunity to apply the knowledge and skills built over my time at Tech in an environment where it was okay to fail,” he says.
At the beginning of the project, Hembroff stressed a particularly important aspect of the Senior Design capstone. “He said that our success or failure wouldn’t be the most important factor in the end. Instead, the true value of this capstone project would be found through honest effort and discovering something new,” Ott says. “He always took the time to respond to our questions, assist us where needed, and provide guidance.”
“Dr. Hembroff provided us with frequent meaningful feedback throughout the entire course of the project,” agrees Hornsby. “He also helped us immensely with troubleshooting roadblocks and refining the scope of our project.”
Jacson Ott ‘22
Jacson Ott is proud of the long hours and dedication he put into completing his BS degree. “I will deeply miss the communities I’ve found here,” he says. He graduated this spring with a BS in Cybersecurity with a focus on system and network security.
It was the quality and diversity of the Michigan Tech cybersecurity BS program that drew Ott to Houghton, and the communities he found at the University kept him connected and engaged. He says he found the true value of his education in the program’s hands-on experiences and that the most valuable skill he gained is the ability to think critically and learn new topics.
Ott notes that the remote learning necessitated by the pandemic posed a unique set of challenges, but in the end it was of benefit, better preparing him for the workforce. This summer he’ll pursue his third fully remote internship, this time with Palo Alto Networks Unit 42. He’ll be working as an incident response intern until August, when he’ll return to Michigan Tech to pursue a MS in Cybersecurity focused on network security management.
Ott says applied computing faculty member Tim Van Wagner was invaluable to his college experience. “He’s always ready to offer advice or talk about technology, and his passion for what he does is evident in every conversation.”
During his undergraduate studies, Ott was involved in the Networking and Computing Student Association, serving as president, public relations head, and network team lead. He was a competitor for the MTU RedTeam, achieving several high-ranking finishes in National Cyber League events.
Ott advises all students to find ways to apply their knowledge outside the classroom. “Joining student organizations that enhance your degree is one of the best ways to get the most out of your time at Michigan Tech.”
Michigan Technological University is a public research university founded in 1885 in Houghton, Michigan, and is home to more than 7,000 students from 55 countries around the world. Consistently ranked among the best universities in the country for return on investment, Michigan’s flagship technological university offers more than 120 undergraduate and graduate degree programs in science and technology, engineering, computing, forestry, business and economics, health professions, humanities, mathematics, social sciences, and the arts. The rural campus is situated just miles from Lake Superior in Michigan's Upper Peninsula, offering year-round opportunities for outdoor adventure.
