Cybersecurity research center works to keep our data safe
NSA, Homeland Security endorse Binghamton University's Center for Information Assurance and Cybersecurity
Nearly 30 years after the internet opened to the public, more and more of our data are online.
Financial records. Healthcare info. Social media. Personal photos and videos stored in the cloud.
The latest smart fridges text us when we’re low on milk, high-end cars email when they need servicing and home thermostats can be adjusted from anywhere on the planet.
We’re quickly approaching a Jetsons world of future wonders — but all those connections only make us more vulnerable to hackers. That’s where cybersecurity experts come in.
For years, researchers at Binghamton University have developed ways to make our internet experience safer. Those efforts became better coordinated in 2019 with the establishment of the Center for Information Assurance and Cybersecurity (CIAC), an organized research center directed by Associate Professor Ping Yang from Watson College’s Department of Computer Science. Yang arrived at Binghamton in 2006, after earning her doctorate at Stony Brook University, and she taught Watson’s first graduate cybersecurity course.
“Before 2019, we already had a strong cybersecurity research and education program, but there was not much collaboration among researchers,” she says. “Individual cybersecurity faculty members had limited exposure to the research that was outside of their expertise. So we submitted a proposal to the ORC [organized research center] program in 2019 to establish CIAC to facilitate interdisciplinary collaboration among cybersecurity researchers.”
Because cybersecurity touches so many areas, CIAC includes 25 faculty members from nearly every corner of campus: Watson College (of course), but also Harpur College, the School of Management, Decker College, and the College of Community and Public Affairs. Their research areas range from programming and computer engineering to security policy, education technology, mathematics and psychology.
When most of us think about hacking, we see it as a software problem — and, worryingly, cybersecurity breaches in the past decade have exposed weaknesses in the fundamental building blocks of computer coding.
“Even at the level of computer architecture, people assumed that standard out-of-order execution designs are safe and nobody questioned their security implications,” says Dmitry Ponomarev, a computer science professor and CIAC associate director. “Recently, it was discovered that these architectures can cause significant security threats and leak sensitive information. As a result, now we have to rethink the entire processor architecture design with security in mind, and that shakes the foundation of what we’ve been doing for 40 years.”
As an associate professor in the Electrical and Computer Engineering Department and a CIAC associate director, Yu Chen looks at problems from a more hardware-related, network infrastructure-oriented point of view, such as how to make processors, memory chips and communication facilities more impervious to meddling.
“Cybersecurity has to cover both the application level and the infrastructure level,” Chen says. “All the programs need to run on hardware platforms, so if the infrastructure is not secure, then your apps will be more likely to be taken down by hackers. With the research center, we look from the root to the hardware and software levels systematically. We have a cross-disciplinary effort together to address all the aspects of the cyber systems.”
Even a package of the best hardware and software cannot protect against the human factor, however. People make mistakes that lead to vulnerabilities, such as having passwords that are too easy to guess, or they deliberately leak information that can give hackers an entry point they can exploit. Dealing with those issues is also part of CIAC’s mandate.
“Even if you put in a security infrastructure that is very robust like barbed-wire fences, you just need a single place where there’s a weakness and that will be exploited,” says Sumantra Sarkar, an associate professor in the School of Management and a CIAC associate director.
“Human beings, as the users of computers, are the weakest link in the chain. It’s necessary that we focus on the engineering side and the human side.”
Last year, the National Security Agency and the Department of Homeland Security named Binghamton a National Center of Academic Excellence in Cyber Research, thanks largely to the collaborations that CIAC has inspired. The designation puts the University among an elite group of research institutions and opens doors for larger grant funding.
That’s not just good news for Binghamton, but for all of us. Cyberattacks will only become more frequent and sophisticated, and there is a shortage of trained security professionals prepared for what is ahead.
Yang compared cybersecurity to an arms race: “Both the hackers and the researchers will get smarter. Recently, we’re seeing an increase in malicious software attacks on companies, universities, healthcare systems and more. We also see many pandemic-related phishing scams, denial-of-service attacks and attacks on the Internet of Things. We need mechanisms to counter those attacks.”