Brain-Computer Interfaces: A New Frontier for Hackers 

Guest author Jason Pittman, Sc.D., is a collegiate faculty member at UMGC where he teaches in the School of Cybersecurity and Information Technology. 

The potential of Brain-Computer Interfaces (BCIs) is enormous, from helping people with disabilities to improving work and personal performance but so, too, are the untold cybersecurity risks. 

The idea of using our brains to control a computer may seem far-fetched, even in science fiction. Yet, brain-computer interfaces (BCIs) are already commercially available. We can use a BCI to float a ball in mock Jedi fashion, enable the physically disabled to enter data into a computer, and academically plumb the mysteries of human-computer interaction. Indeed, companies such as OpenBCI and Emotive offer research-grade equipment. Manufacturers including Mattel and NeuroSky sell toy BCIs.  

The good news is these devices benefit millions of people today. The bad news is that BCIs provide three new frontiers for hackers.  

First, a little background about BCI technology. BCI technology is either invasive or noninvasive. Invasive BCIs measure neural activity from within the brain through some form of implant. While such methods are medically intrusive, the fidelity of recording is high since the sensors connect into neural clusters and can measure single-neuron activity. Noninvasive BCIs gauge neural activity using sensors placed on the scalp. Signal recording in noninvasive BCIs is broad because sensors can only measure clustered neural activity. Currently, all commercial BCIs are noninvasive except for some medical implementations, such as cochlear implants. 

The promise of BCIs is impressive, but the technology carries attack opportunities for hackers.  It is important to understand the cybersecurity of BCIs if we are to proactively prevent threats to this new frontier of innovation. We need to be ahead of the hackers willing to use it for nefarious outcomes.  

Malicious software. Malicious software—viruses, worms, and Trojans—have existed since the dawn of the internet. This software has one purpose: to cause harm and mayhem. Modern malicious software, or malware, leads to more than $20 billion in damages every year. On one hand, the concept of malicious software infecting a wired-up brain is scary. On the other hand, the concept of ransomware or malicious software that uses encryption to lock the brain is downright terrifying. 

Integrity. Our data and their transmission are the primary drivers of modern computing. With BCI, our thoughts become part of the operating landscape. As such, BCI data are subject to the same at-rest and in-transit problems as regular data. Just as normal data can be intentionally corrupted to cause harm to the integrity of the data, hackers will be able to corrupt or otherwise alter thoughts-as-data.  

Interception. An obvious vector for hackers is going to be reading our thoughts since BCI uses our thoughts as input to a computing system. Hackers can already do this with data flowing over a computer network. They can intercept and block or intercept and alter messages. Because a BCI transmits neural activity, we should expect that existing interception techniques apply. When this happens, no thought will be private or safe. 

We should not let the grimness of potential attack vectors dampen the great potential of BCI. We have conquered harder problems. Moreover, we are in a unique position to understand the threats before hackers start exploiting these vulnerabilities. But we need to begin now, and we need to take these frontiers seriously. 

Perseverance Pays Off for Couple Pursuing Careers in Cybersecurity and Health Informatics 

Shkelzen Deshishku and his wife, Teuta, came to the United States in 1999, just after the war in their home country, Kosovo, ended. The move forced both to leave family, jobs and university studies, but it never diminished either’s desire to earn a college degree. 

In his first years in the United States, Shkelzen, who goes by Xeni, worked in a series of jobs that included selling cars. Then he discovered University of Maryland Global Campus (UMGC) and realized he could work full-time while studying in a program that afforded him the flexibility he needed. Teuta found employment as a medical assistant. 

They settled into their new life and started a family that would grow to include four children now ranging in age from 6 to 19. They juggled work, school and home life. 

With patience and perseverance, Xeni obtained a Bachelor of Science in Cybersecurity in 2019. He went on to earn a Master of Science in Digital Forensics Cyber Investigation in May 2021. Meanwhile, Teuta moved up the ranks to clinical manager at the medical practice where she works. She obtained a B.S. in psychology from UMGC. 

“It was important for us to earn degrees so that our kids would see us as role models. In fact, I graduated a year before my oldest started college,” said Xeni. “I tell my kids that college might be difficult, but it’s a gift many people around the world aren’t able to obtain.

“‘Slow and steady wins the race’ became our motto,” he added.

For Xeni, a degree in cybersecurity culminated a lifelong interest in information technology. Teuta’s childhood enthusiasm about becoming a medical doctor evolved into an interest in psychology and the administrative side of the medical field. She is now pursuing a Master of Science in Health Informatics Administration at UMGC to advance her career as a clinical manager of electronic health record systems. 

Xeni now works as an information systems security officer at Synergy ECP, where he enjoys bringing new talent together to positively address challenges. 

Teuta also recognizes the cybersecurity risks inherent in her work. “It is important to keep health records secure, especially when considering all the cyber intrusions as well as ransomware attacks that are crippling the health care systems,” she said. 

Xeni aspires to become a special agent with a focus in digital forensics and cyber investigation, while Teuta has her eye on becoming a clinical informatics analyst. For both, the biggest challenge is time management. Through their pursuit of work-life balance, perseverance has emerged as the tool that keeps them focused and committed to the end goal. 

“A letter from my son at graduation showed me that our greatest achievement is not necessarily our degrees, but the example and the expectations we set for our children,” said Xeni. 

Can Public-Private Partnerships Solve Our Cybersecurity Woes?  

Guest author Bruce deGrazia, JD, CISSP, is a collegiate professor of cybersecurity management and policy at UMGC.  

Every day a new cyberattack takes place somewhere in the United States. These attacks can originate domestically or internationally, and their motives range from financial gain to state-sponsored, low-level warfare. Whatever the threat, the common thread is that there is no easy way to stop them.  

What is the solution? We’ve seen policy approaches, including simple strategies such as training. We’ve seen technical approaches, such as stronger firewalls. Also in the national cybersecurity conversation is a discussion around what is known as the Orlando Doctrine, in which private organizations can legally target suspected hackers and destroy their infrastructure. None of these approaches appear to work, as successful cyberattacks have only increased, leading experts to search for other solutions.  

One of those is the idea of public-private partnerships. 

A public-private partnership takes various forms, from the sharing of costs and profits, as occurs with a toll road, to the sharing of information between the private sector and the government without the fear of liability for antitrust. It is the latter type of public-private partnership that has been proposed to address cyber-vulnerabilities and attacks. The question is: Will it work?  

This idea is not new. As early as 2009—a lifetime in cybersecurity years—the Intelligence and National Security Alliance (INSA), a not-for-profit organization of private sector government contractors in the intelligence and national security fields, offered various models of how such a partnership would work. INSA looked at successful partnerships in fields other than cybersecurity to determine whether those approaches could be transferred. Ultimately, it proposed bringing together a series of panels, the members of which would encompass individuals, private sector companies and government organizations, to share information and draft voluntary standards for use across industry. 

INSA’s proposal was good but was never implemented. To have done so would have required action not only by the executive branch of government, but also through legislation. In addition, the private sector, including internet service providers, would have needed to accept the concept of voluntary regulation. The information technology industry is vehemently opposed to regulation of any sort. Even voluntary standards were a non-starter. 

Legislation has been proposed in Congress to create public-private partnerships for cybersecurity. In 2020 and 2021, the bipartisan Enhancing Grid Security Through Public-Private Partnership Act was introduced in both the U.S. House and Senate. This bill focuses on just a single industry—the electricity creation and transmission sector—but one that is seen as particularly vulnerable and for which a successful attack on the grid would have devastating consequences. Focus on preventing such an attack is a logical place to start. 

The proposed legislation is hardly earthshaking. It simply directs the secretary of energy to create a program to develop a basic framework for auditing, self-assessments, training, sharing best practices and setting up third-party vendor guidelines. It also requests that the secretary of energy provide a report that evaluates policies and procedures for enhancing the cybersecurity of the grid.  

So, what happened to the bill? In the previous Congress, it passed the House and was sent to the Senate, where it died in committee. In the current Congress, the bill has also passed the House and is back in the Senate—under consideration by the same committee that previously reviewed it. 

Unfortunately, the outlook for public-private partnerships to advance cybersecurity looks dim. The most comprehensive proposal, that of INSA, appears to have gone nowhere. Even approaches that target a single industry, like the bill now in the Senate, are not assured.  

Perhaps the public-private partnership is not the way forward. We need only look as far as the INSA proposal to see why. Voluntary regulation is unpopular. Industry does not like regulation in general and will use the process to delay any attempt to impose rules. The IT industry is notoriously independent and likes it that way. Also, because there are as many cybersecurity technology solutions as there are companies, competition among the creators of those solutions is fierce. Where would the “best practices” come from?  

The bottom line is that the INSA and legislative approaches presuppose a high-level of voluntary cooperation between government and the private sector. In our competitive marketplace, that cooperation is difficult to achieve if a trade secret might be revealed or if a company might lose a strategic advantage.  

UMGC Cyber Team Enters Fall Season with a Victory at Parsons Capture the Flag Competition

Adelphi, Md. (October 8, 2021)–The University of Maryland Global Campus (UMGC) cyber competition team placed first in in a recent capture the flag (CTF) tournament sponsored by Parsons Corporation, a global provider of cyber and converged security services.

At the Sept. 28 event, which attracted cybersecurity professionals and students of all skill levels, UMGC scored 4,300 points to beat out 10 other teams and take first place. The winning UMGC team included current student and active duty Air Force member John Cole, as well as recent alumni Paul Chilcote, Alex Barney and Jonathan Woodward, who all received their undergraduate degrees from UMGC. 

“Our win in this Parsons event was particularly meaningful because the team fell out of first place with only 24 minutes left, but then regained the lead for good and won by only 100 points,” said Jesse Varsalone, associate professor of Computer Networks and Cybersecurity at UMGC and coach of the competition team. “The victory was a testament to the highly developed skills of the students and alumni who participated.”

The Parsons jeopardy style CTF event tested participants’ skills on a range of relevant topics, including network forensics, coding, web hacking, cryptography, analytics, penetration testing, malware analysis, algorithms and reverse engineering. Typically an in-person event, students participated in this Parsons CTF competition remotely due to COVID-19 restrictions. “In the face of the pandemic, UMGC has continued to grow its team and compete in remote events at the highest level and the Parsons competition, based in Denver Colorado, is yet another example,” said Varsalone.

Established in 2012, the UMGC cybersecurity team is composed of students, alumni, and faculty who compete regularly in digital forensics, penetration testing, and computer network defense scenarios that help them gain experience to advance their cybersecurity careers. To prepare for competitions, students detect and combat cyberattacks in the university’s Virtual Security Lab and work through case studies in an online classroom. Through its history, the team has received numerous top honors, including recent first-place finishes in the 2021 Maryland Cyber Challenge and the 2020 MAGIC, Inc. capture the flag competition. 

About University of Maryland Global Campus

University of Maryland Global Campus is a world leader in innovative educational models with award-winning online programs in biotechnology, cybersecurity, data analytics, information technology, and other high-demand disciplines in today’s increasingly technical, global workplace. With an enrollment of some 90,000 students, UMGC offers open access with a global footprint and a specific mission—to meet the learning needs of students whose responsibilities may include jobs, family, and military service. The university offers both undergraduate and graduate degrees and certificate programs, including doctoral programs. A pioneer in distance education since 1947, UMGC is harnessing the power of learning science and technology to deliver accessible high quality, low-cost higher education.

Cyberbullying: Five Common Misconceptions 

Guest author Richard White, Ph.D., is an adjunct professor of cybersecurity information assurance at UMGC. He is also the author of the books “Cyberbullying: The Silent Sickness of America’s Youth,” and “Cybercrime: The Madness Behind the Methods.” 

In the last 15 years or so, a new menace has emerged that threatens to erode trust and destroy young lives. Before children had access to mobile phones, social media accounts and online gaming forums, bullying occurred mainly in schoolyards and on playgrounds. There, at least you knew who the bullies were and that you would be safe at home. Sadly, today we live in a world where “cyberbullies,” perpetrators who use electronic communication to intimidate or threaten, follow their victims right into their homes and even the safety of their bedrooms.  

Cyberbullying occurs out of public view and away from the sightline of mindful parents, teachers, friends and bystanders. Victims of cyberbullying have nowhere to hide. 

Many people do not take the cyberbullying epidemic seriously, mainly because they do not see it or understand its implications. But the consequences can be devastating. According to the Journal of Health Economics, statistics collected as far back as 2017 indicate that internet bullying increases suicidal thinking among its victims by 14.5 percent and suicide attempts by 8.7 percent. In recent research published in the Journal of School Violence, Sameer Hinduja and Justin Patchin, co-directors of the Cyberbullying Research Center, found that students who experienced bullying or cyberbullying are nearly twice as likely to attempt suicide.   

Social media, an integral part of how teens, especially, communicate and interact with friends, has made it particularly difficult for parents to identify the signs cyberbullying and even more difficult for them to prevent it. The social aspect of social media—namely retweets, “likes” and comments—opens a world of opportunity for nefarious behavior. An original message can be distorted, private photos can be shared, and a perfectly innocent communication can be misused to victimize and torment its originator. 

Cyberbullies remain anonymous or masquerade as someone else. They attack at any time of day or night and from any place in the world. Victims often find themselves alone in the fight as others steer clear to avoid becoming targets, too. This gives the advantage to the cyberbully and makes it harder to stop the malicious activity. 

To better understand and combat online abuse and hate, it is helpful to dispel common misconceptions about cyberbullying.   

  1. Cyberbullying is less harmful than traditional bullying. 

False. Traditional bullying can be damaging and lead to physical altercations. But the  persistent and pervasive nature of cyberbullying can fuel deep emotional and physical problems that even lead, in some cases, to suicide. The real problem with cyberbullying is the persistent relationship between the victim and the digital media source of the abuse. A cyberbully take advantage of this relationship. 

  1. Victims of cyberbullying show signs of emotional abuse early. 

False. With younger victims, often there are no obvious signs of abuse until the bullying problem becomes overwhelming and dangerous. Victims, embarrassed by the content a cyberbully focuses on or spreads, may make every effort to hide it from those who care about them.  

  1. A parent can tell if a child is being cyberbullied.  

False. Not only is this not true, but a parent may be the last to know. Children and young adults are experts when it comes to hiding emotional distress. They go great lengths to hide their pain from parents and other authority figures, particularly in the early stages of the abuse.  

  1. Cyberbullying usually unfolds in one form. 

False. Cyberbullying takes many shapes, including the following: 

  • Using text messaging to harass a victim: Bullies often work as a gang to identify a target and then send hundreds of messages filled with vulgarities and personal insults. The goal is to overwhelm a victim by the sheer number of attacks. These bullies may magnify this by posting rumors—meant to cause as much emotional distress as possible—on social media platforms.  
  • Falsely reporting a victim as a cyberbully: Many websites and chatrooms feature a button to notify moderators of a user who is causing harm to other people on the platforms. If they receive multiple reports over a short period of time, the systems are designed to automatically remove someone from their service. Bullies use this feature to kick innocent victims off social media networks. 
  • Identity theft: Bullies will steal the password to a social media account and then post inappropriate material in full view of parents, relatives and friends. Some cyberbullies post racist or sexual information specifically to embarrass. 
  • Trolling: Trolling is a term that has received widespread notoriety over the last few years. This practice involves sending a message aimed at eliciting an emotional response from the victim. These messages target ethnic, religious or social background. Most of these offenders, or Trolls, seek to overwhelm their victims and make them feel vulnerable and humiliated. This leads to feelings of hopelessness. It also leaves victims powerless to control emotional and social situations in their lives.  
  • Cyberstalking: An especially dangerous type of bullying, cyberstalking occurs when a perpetrator monitors a victim’s digital media presence to gather information on their personal life, whereabouts and behavior patterns. The information is used to blackmail, harass or solicit sex from a victim. This is additionally dangerous due to the close link between stalking and violence.  
  • Ostracism: A large group of friends can decide to purposefully ignore one member by failing to acknowledge phone calls, texts or online posts. This makes the victim feel isolated and embarrassed. 
  • Trickery: Trickery can take several forms. For example, someone can create a fake social media account to trick a victim into believing someone is romantically interested in them or to get the victim to trust them. Once the connection is achieved, victims might be lured into revealing personal information that could be used to blackmail or embarrass them.  
  1. Cyberbullies are evil and misguided. 

False. Cyberbullies, in most cases, appear well adjusted and socialize with others in a seemingly acceptable manner. This includes their interactions with parents, teachers, authority figures and even the parents of their victims. Who, then, becomes a cyberbully? The disconcerting answer is anyone. Context and situation, home environment, poor coping skills, past victimhood or a lack of supervision can all contribute to the emergence of a cyberbully. 

Cyberbullying is on a rapid rise, and we must take a stand now to prevent and eradicate this social disease. Tougher laws are needed to document and punish first-time and repeat offenders. More responsibility needs to reside with social media platforms. They must block and permanently remove offenders, both automatically and when reported. We also need to extend more authority to law enforcement agencies responsible for investigating and prosecuting offenders.  

Lastly, everyone must be involved: parents, teachers, friends, other family members. The cost of inaction will be the loss of those most vulnerable. If you know or suspect someone is being cyberbullied, act now. Tomorrow might be too late.  

Many Paths Lead to a Cyber Career but Continued Learning, Passion, Lead to Career Success Experts Say

Breaking into the field of cybersecurity can be daunting. Likewise, the difficult decision of whether to follow a technical or management and policy route is, perhaps, equally overwhelming. Choosing the right path, said a trio of former University of Maryland Global Campus students, often depends on one’s academic and professional goals.Continue Reading

Can Our Elections Ever Be Completely Secure?

Bruce deGrazia, University of Maryland Global Campus collegiate professor of cybersecurity management and policy, offered a historical look at the inner workings of voting systems and related cybersecurity challenges in U.S. election processes during the Oct. 19 session of the university’s Cybersecurity Awareness Month webinar series.Continue Reading

UMGC Experts Say Communication and Access Are Key to Addressing Online and Hybrid Learning Challenges

Chike Patrick Chike, University of Maryland Global Campus adjunct assistant professor of cybersecurity,  teamed with cybersecurity graduate student Olubusayo Ladelokun to discuss challenges related to online and hybrid learning—and outline remedies—during the Oct. 14 session of the university’s Cybersecurity Awareness Month webinar series.Continue Reading

UMGC Webinar Series Highlights Doing Your Part to Be Cybersmart

October Is Cybersecurity Awareness Month

Join University of Maryland Global Campus leaders and special cybersecurity industry guests throughout the month for a webinar series to promote online safety and best practices.Continue Reading

His UMGC Cybersecurity Degree and Acceptance to the Cybersecurity Talent Initiative Led Alumnus Steve Muthomi to a Successful Career Transition

Steve Muthomi always wanted to work in information technology, so he began his career journey by pursuing a bachelor’s degree in information systems management at the University of Central Oklahoma. But once he joined the U.S. Army in 2014, he found that juggling school and work was a bigger challenge than he anticipated.Continue Reading