Continuing his work on Internet of Things (IoT) and critical infrastructure security, Elias Bou-Harb, associate professor of cyber security in the Carlos Alvarez College of Business at UTSA, has been awarded $1.5 million from the National Science Foundation for two grants focused on related research, development, operations and training. These grants include collaborations with researchers at UTSA, Vanderbilt, San Diego State University and the University of the Incarnate Word—including two Ph.D. alumni from UTSA.
IoT refers to physical devices like Ring doorbells, Amazon Echos, Apple smartwatches or Nest thermostats with sensors, software or processing ability that interact with other systems over the Internet. It is estimated that around 30 billion IoT devices will be online by 2030. Consumers are drawn to these devices for their convenient features, but cyber criminals have found ways to utilize this technology for nefarious purposes.
“These devices are attractive targets for attackers and state-sponsored actors who abuse them to gain access into critical networks because of their lack of fundamental security measures, access policy controls and patch management capabilities,” said Bou-Harb, director of The Cyber Center for Security and Analytics, a university-wide center focused on cyber security research, development and training initiatives at UTSA.
The first project, “Collaborative Research: CISE-MSI: Active and Passive Internet Measurements for Inferring IoT Maliciousness at Scale” began this month and is a three-year $500,000 grant. This grant is dedicated to support research endeavors for minorities.
Using data-driven methodologies, the researchers will design and implement algorithms to fingerprint exploited IoT devices and discover their inherent security problems. Work will begin first on consumer devices, which are readily available, but will also look at sensors deployed in critical infrastructure systems such as power grids and water systems. The researchers will also develop mitigation tactics for improving Internet security on IoT devices.
“We’ll tackle this project in two different ways. First, we’ll analyze IoT devices and report on our findings from studying the equipment in our laboratories. Then, we’ll analyze the network traffic from these devices to better understand their characteristic traits and security protocols remotely,” said Bou-Harb, who specializes in this type of network traffic research.
Following the research portion of the project, the three institutions represented on the grant will incorporate this knowledge into the classroom through virtual labs and workshops focused on female and minority students.
“We hope to impact the domain by expanding the training in the future to professionals in the field and other institutions including community college students as well as high school students,” said Bou-Harb.
The second grant, “Collaborative Research Cyber Training Implementation: Medium Cross-Disciplinary Training for Joint Cyber Physical Systems and IoT Security,” is a $1 million grant that also features UTSA faculty members Paul Rad, associate professor, and Rita Mitra, professor of practice in information systems and cyber security, as co-principal investigators.
Uniquely studying both cyber and physical attacks, the researchers will focus on critical infrastructure security in water systems related to water quality. Unlike the first project, the primary focus of this grant will be on enhancing the cyber security and data science workforce, with a complementary research component.
“For this project, we’re not just looking at the sensors, but we’re looking at how these sensors and the civil engineering infrastructure actually interact with each other and the security implications of this type of interaction,” said Bou-Harb. “Why is this important? Because typically security and physical control researchers conduct their research independently.”
The training objective for this project involves three components: virtual labs with simulation toolsets, curriculum development and interdisciplinary workshops with private and public sector partners.
“Most of today’s wars are not physical. They’re either economic or cyber wars,” said Bou-Harb. “By attacking critical infrastructures like a water system, you can paralyze a country. As an academic we get to address these evolving problems before they can become a reality. And while publishing is one outcome of this work, it is meaningless if it can’t be put into practice in society.”
Recognizing the security risks found in IoT devices, how can a consumer protect themselves and their families?
“Don’t adopt technology blindly,” said Bou-Harb. “Understand what security implications exist when you bring a new device into your home since all devices are vulnerable to exploitation. And, only choose products that you truly need.”
UTSA is the No. 1 cyber security program in the nation according to the Ponemon Institute. Named a Center of Academic Excellence in Information Assurance/Cyber Defense Education, Cyber Operations and Information Assurance Research by the National Security Agency and the Department of Homeland Security, UTSA excels in both cyber academic programming and research. The Alvarez College of Business offers a B.B.A. in Cyber Security both online and in person as well as a M.S. in Information Technology degree with a concentration in cyber security and a Ph.D. in Information Technology with a concentration in cyber security.