» FIGHTING CYBERCRIME
In a game of capture the flag, you’d want Dr. Frederick R. Chang on your team. Known as a defensive specialist in the field of cybersecurity, he’d argue that while you can’t ever stop someone from capturing your flag, you can build bigger walls and also learn how to recover quickly from the attack.
A renowned expert in the field of cybersecurity, Chang has joined the UTSA College of Business as the inaugural AT&T Distinguished Chair in Infrastructure Assurance and Security. He previously served as the associate dean of information technology and director of the Center for Information Assurance and Security at the University of Texas at Austin.
“It is an honor and a privilege to have been selected as the inaugural AT&T chair,” said Chang, who was awarded the National Security Agency Director’s Distinguished Service Medal in 2006. “I chose UTSA because the vision and direction of the College of Business and the university are consistent with my goals. The faculty and students are outstanding, and the city of San Antonio has become a recognized center of gravity for cybersecurity in the United States.”
The $1 million AT&T distinguished chair was spearheaded by Jim Kahan, former AT&T senior executive vice president and College of Business Advisory Council chair. AT&T was instrumental in helping to secure funding from various regional and national sources and was also a principal donor. Additional start-up funding was provided by Director of the Bank of San Antonio Richard T. Schlosberg and his wife Katharine, and Graham Weston, executive chairman of Rackspace.
Chang’s 30-year technology career has included positions as director of research at the National Security Agency and president of technology strategy for SBC Communications. Chang is a member of the Commission on Cybersecurity for the 44th Presidency, and he is a former member of the Computer Science and Telecommunications Board of the National Academies.
“The appointment of Dr. Fred Chang solidifies the college’s information assurance and security program as one of the premier information security programs in the country,” said College of Business Dean Lynda de la Viña. “His broad expertise and leadership in information assurance and cybersecurity will elevate the college’s research efforts and stimulate research activity with our junior faculty and doctoral students.”
Chang will also serve as director of the Information Assurance and Security (IAS) program and professor in the Department of Information Systems and Technology Management in the College of Business. He is charged with leading the college’s information assurance program, managing research labs and developing strategic partnerships locally, regionally and nationally.
“My goal is take our IAS program to the next level,” said Chang. “I hope to be involved in a variety of game-changing research initiatives in cybersecurity. I also want to build on the outstanding educational programs in the college to improve their quality and reputation and help fill the shortage of well-trained cybersecurity professionals.”
Chang is prioritizing his research into three distinct areas. First, he’d like to create a network and systems security test bed that will allow researchers to emulate and study a wide variety of cybersecurity topics.
“The global cybersecurity problem has now reached an alarming level of severity and unfortunately, the problem is growing in scope and intensity,” said Chang, who completed his master’s and doctoral work at the University of Oregon. “The conventional thinking is that a line of demarcation or a firewall surrounds this ‘secret’ flag on the inside.
“Experts work to make that wall impenetrable, but you can’t keep the adversaries out. They’ll figure out a way to get through the wall. The larger question is how do you recover to a known safe state once you’ve been compromised? How do you recover an entire network?”
Chang is also planning on conducting research in the economics of security. “Corporations can’t track how secure they are for the money invested,” said Chang. “Should they buy a new state-of-the-art firewall or buy a cyber insurance policy? The bottom line is vital to businesses.”
Finally, the last area of research focuses on the social science of cybersecurity. Chang plans to create a behavioral data research lab to study cybersecurity from a social science perspective.
“Hackers will try to find the weakest link in a computing system and compromise the system at that point,” said Chang. “As technical countermeasures improve, human users are increasingly the weakest link.”
As UTSA strives for Tier One status, Chang’s appointment will elevate that bid with his successful track record in receiving and managing grant funding. He has managed a multi-million dollar research unit which has held contracts with Raytheon Company, Lockheed Martin Corporation and Progeny Systems.
He will also contribute to the university’s area of excellence in security. The information assurance and security program at UTSA was recently designated a Center of Academic Excellence in Information Assurance Research by the National Security Agency. Only 47 programs in the nation have achieved the research designation. UTSA has also been designated a Center of Academic Excellence in Information Assurance Education since 2002 based on the curriculum in the College of Business.
“Based on the national reputation that we are creating through our information assurance programs, it is my hope that many students of all ages, in Texas, in the United States and beyond, decide that they would like to be involved in fighting cybercrime, and that they want to come to UTSA to study cybersecurity and conduct research,” he said. “When students ask, ‘Where can I go to study and learn and work with the best?’ I want the resounding answer to be the UTSA College of Business.”