Cyber Protection

July 12, 2013

If ever there was a doubt about the need for greater cyber security, it was erased this spring when theWashington Post reported that Chinese hackers had compromised more than two dozen advanced U.S. weapons systems.

Those systems included missile defenses, aircraft, and ships, and U.S. officials believe the hacking was part of a larger cyber spying effort by China on American government agencies and private companies.

But even before the defense system breach was disclosed, the Department of Defense had been concerned about systems security, and called on schools to ramp up education and training in the field.

This fall WPI’s division of Corporate & Professional Education will offer a Graduate Certificate in Program Protection Planning – the first of its kind, according to Don Gelosh, director of systems engineering programs.

“You can hardly go a day without seeing a story about breaches or people hacking into systems,” Gelosh said, adding that today’s more sophisticated systems require more sophisticated protection.

The new certificate program comprises six courses – five requirements and an elective – that Gelosh says will train engineers to protect systems through all stages of development, making sure no malicious code gets imbedded along the way and preventing the possibility of “reverse engineering” that could compromise a system.

The courses will be taught by adjunct faculty in CPE, like Gelosh, who come from industry. “They’re well versed in these kinds of things,” he said.

The WPI program was announced in June at the annual symposium of the International Council on Systems Engineering, a non-profit professional association with more than 8,000 members that includes federal contractors and international companies, as well as participation by the Department of Defense.

“That seemed to be the best place to announce it,” Gelosh said, adding that the idea was well received at the gathering in Philadelphia.

The program will be aimed at engineers who work on secure systems, especially for DOD but also for companies that seek more protection. The Department of Defense now requires companies to have system protection in place before contracts are awarded, and the WPI certificate program will help companies meet that requirement.

A major component in security involves risk management analysis, according to Gelosh, since it would be too expensive to protect everything in a system. Engineers need to weigh the possibility of threat and vulnerability with the cost of protection to keep things affordable.

Gelosh notes that hackers fall into different categories, including hobbyists who cause mischief for the fun of it, thieves who do it for profit, those seeking political gain, and countries looking for military secrets and strategic advantages.

In the past, classified government information was in print and could simply be physically locked up to safeguard it. “Now,” Gelosh pointed out, “it’s online and easier to get to if you know what you’re doing.”

“There’s some pretty smart folks out there who can do this kind of thing,” he said.

Dave Greenslit