RSS Feed for Latest News

WPI Selected as Key Partner in National Cybersecurity and AI Training Initiative to Advance U.S. Automotive Innovation

cbwamback — Wed, 13 Aug 2025 12:00:00 +0000

Worcester Polytechnic Institute (WPI) has been named to a select group of academic institutions leading a nationwide effort to strengthen cybersecurity and artificial intelligence (AI) capabilities in the U.S. automotive industry鈥攁 sector increasingly reliant on smart, connected technologies.

Supported by a $2.5 million grant from the National Centers of Academic Excellence in Cybersecurity the DRiving Automotive Industry WorkForce Transformation (DRIFT) program will provide specialized online and in-person training designed to upskill the workforce and protect vehicle systems from emerging threats.

WPI associate professors Jun Dai, Xiaoyan Sun, and Xiaozhong Liu, all from the Department of Computer Science, will lead the university鈥檚 DRIFT program. WPI will receive $749,994 over two years, with the opportunity for an additional $300,000 in a third year. The program will offer tuition-free modules, workshops, and real-world training to help engineers and professionals develop advanced competencies in cybersecurity and AI.

鈥淭oday鈥檚 vehicles are computers on wheels鈥攑owered by data, software, and smart systems,鈥?said Dai. 鈥淎I is transforming the future of mobility, but without robust cybersecurity, we put innovation鈥攁nd lives鈥攁t risk. DRIFT directly addresses the workforce gap by preparing engineers and professionals with the tools they need to protect connected and autonomous vehicles, and ultimately, to accelerate the development of next-generation transportation.鈥?lt;/span>

As vehicles become more connected, equipped with internet-enabled infotainment systems, GPS, remote diagnostics, and automated driver assistance systems, they also become more vulnerable to cyberattacks. While autonomous vehicles are often in the spotlight, nearly all modern vehicles are now potential targets.

In one of the most publicized demonstrations of this risk, cybersecurity researchers remotely took control of a Jeep Cherokee in 2015, manipulating its brakes, steering, and transmission while it was on the highway. More recently, the 2025 Global Automotive and Smart Mobility Cybersecurity鈥痳eport鈥?lt;/span>by鈥疷pstream鈥痳evealed that massive-scale incidents鈥攅ach impacting millions of vehicles鈥攎ore than tripled between 2023 and 2024, rising from 5% to 19%. The data shows the vulnerability of even top-tier smart vehicles. These incidents underscore the urgent need to secure both automotive systems and the talent pool capable of doing so.

The DRIFT curriculum is designed for a wide audience, including:

Automotive engineers
Cybersecurity and AI professionals
IT workers transitioning into transportation-related sectors
Educators and students at two- and four-year institutions
Department of Transportation personnel
Military and civilian defense staff
First responders and public safety officials
Policymakers and regulators

Courses will be delivered online, in-person, and hybrid formats and will cover:

The architecture and key components of connected and autonomous vehicle (CAV) systems
AI applications and their role in enabling core CAV functions
Common vulnerabilities in connected vehicle systems, including GPS spoofing, sensor interference, and over-the-air update threats
Defensive cybersecurity strategies tailored for CAV environments
Hands-on case studies to bridge theoretical knowledge with real-world applications

WPI joins the following partner institutions in offering DRIFT training:

Oakland University
University of Delaware
University of Michigan-Dearborn
Cleveland State University
Sinclair Community College

Those interested in this program can access the application link for the activities at: https://www.secs.oakland.edu/ei/drift/programs/. For more information about WPI鈥檚 DRIFT program, visit: /academics/departments/cybersecurity/drift.

Countdown to Commencement for the Class of 2023

adill — Mon, 08 May 2023 12:00:00 +0000

As Commencement 2023 kicks into high gear, WPI students reflected on how their projects, friendships, accomplishments, and even failures brought them to this exciting transition. Those featured below represent only a tiny slice of our dynamic campus community. A hearty congratulations to all of our graduates!

WPI Club Seeks to Empower and Mentor Aspiring Cybersecurity Professionals

jlevy2 — Fri, 29 Oct 2021 12:00:00 +0000

October was Cybersecurity Awareness Month, which usually means thinking about changing your password and keeping an eye out for phishing emails, but it鈥檚 also a time to take a step back and reflect on the industry as a whole. Cybersecurity is facing two significant workforce issues鈥攁 gender gap and widespread vacancies鈥攖hat affect not just the industry, but many aspects of people鈥檚 daily lives. Cybersecurity professionals are critical to identifying and protecting against threats such as ransomware attacks on schools and police departments, the hack of Colonial Pipeline that led to a widespread fuel shortage, and the data breach at T-Mobile that compromised the personal information of millions of customers.

Increased threats underscore the increased demand for defenders. Historically, the field of cybersecurity has been dominated by men, but to fill the reportedly 500,000 open positions in the United States the gender gap must be addressed. According to 2020鈥檚 Women in Cybersecurity report, women working in the field account for 24% of its overall workforce. While that number is still low, it鈥檚 grown from just 11% in 2017.

That growth may be thanks, in part, to groups focused on engaging girls and women in computer science fields and to organizations like Women in Cybersecurity (WiCyS), a national organization established in 2012 through a National Science Foundation grant. A chapter was created at WPI in 2019 and, since that time, has held events ranging from team and individual coding exercises, bringing speakers to campus, and mentorship programs to engage young women in the field.

WPI WiCyS President Nicole Conill 鈥?2 says she 鈥渇ell in love鈥?with the concept of women in cybersecurity after attending the national WiCyS conference in 2019. Soon after returning to campus, she and a founding team decided to start their own chapter of WiCyS. Conill says at first she viewed the club as a way to boost her r茅sum茅, but quickly became more invested in the club, realizing how many opportunities it opened both for her future career and for ways to give back to others. Now, she says, she has been 鈥渢raveling and meeting people [in the field] all the time, every year鈥?both on and off campus.

While the club has an academic and technical focus, some of its greatest strengths may be in empowerment and representation. Alexa Freglette '22, the WPI WiCyS vice president, says she first became involved with cybersecurity in high school, and joined WiCyS during her sophomore year at WPI at the recommendation of a friend. Freglette says she has benefitted from taking part in the club and is already looking forward to paying it forward. 鈥淚t鈥檚 exciting to be at the forefront of [cyber security], and I hope to inspire future generations of women and girls as they pursue their dreams.鈥?lt;/p>

Mentorship, networking, and career guidance are important aspects of the club that may run counter to the stereotypical idea of a solitary cybersecurity professional, which is something Computer Science professor Craig Shue says distinguishes WiCyS. 鈥淭here鈥檚 actually a friend group in this discipline and a group of people who want to help [these women] and see them succeed,鈥?he says. He adds that鈥檚 not only giving a boost to the students already studying Computer Science and Cybersecurity, but also to those students looking to get into the field as they see more women in the classroom and at WiCyS events.

As the visibility of women in the industry increases, so do the opportunities and pipeline of women studying cybersecurity and starting their careers in the field. Freglette says being a part of the club has also opened doors to internships, during which she worked alongside other women and helped her feel more included鈥攃ombating 鈥渋mposter syndrome鈥?and giving her a professional support group.

It also should be noted, even though the word 鈥渨omen鈥?is in the name of WiCyS, it鈥檚 an inclusive club where events are open to all, and to all levels of experience. 鈥淲e鈥檙e beginner-friendly and you don鈥檛 have to know anything about cybersecurity to become involved with us,鈥?says Conill. She and Freglette hope that inclusivity not only helps grow the membership of their club, but also the number of women in the field in general.

Both Conill and Freglette will be at WPI for an additional year to pursue their MS degrees in Cybersecurity. However, their involvement and attachment to WiCyS likely won鈥檛 end there. As Conill says, 鈥渋t is almost a lifelong organization.鈥?lt;/p>

WPI Announces New Master鈥檚 in Cyber Security; Program Targets Global Shortage of Cyber Security Professionals

admin — Tue, 13 Apr 2021 12:00:00 +0000

In its ongoing effort to help combat a global shortage in cyber security professionals, Worcester Polytechnic Institute (WPI) has created a Master鈥檚 in Cyber Security, a new graduate program that prepares students to be leaders in the fields of cyber security and computer science. The program features real-world experiential learning and research to prepare students for the evolving cyber-threat landscape. The program will launch in fall 2021 and applications are currently being accepted.

A global need exists for more well-trained security professionals to help protect organizations vulnerable to security breaches, which cost the global economy hundreds of billions of dollars annually. Employment in the cyber security field has to increase by about 41% in the U.S. and 89% worldwide to meet the need, according to a study by (ISC)虏, a nonprofit association of certified cyber security professionals.

WPI鈥檚 new master鈥檚 draws from the university鈥檚 expertise across the computer science, electrical and computer engineering, and mathematical sciences departments and its Foisie Business School to provide students with highly sought-after technical skills and insight into applying those skills within a broad societal context.

鈥淲e recognize that the workforce needs professionals who can combine technical expertise in security with an understanding of its impact on people and businesses. Our new master鈥檚 in cyber security exposes students to each of these topics, ensuring that they can make a real impact,鈥?said Craig Shue, associate professor, Computer Science. 鈥淲PI has the interdisciplinary depth, the flexibility, the focus on saying, 鈥榶es, you鈥檙e going to learn the foundations, but we鈥檙e also going to make sure you know how to apply them. It鈥檚 what WPI is all about.鈥欌€?lt;/p>

Students choose courses that match their interests and specific career goals. A path of study may include applying security techniques, researching new techniques, or combining research with its application in policy and industry.

WPI鈥檚 program has both a standard and an advanced academic track to accommodate those relatively new to the field who want to build experience in cyber security and those who鈥檝e already studied cyber security or earned an undergraduate degree in a related field. Applicants are expected to demonstrate sufficient background in computing for graduate-level work and a background in developing or using software tools. A bachelor鈥檚 degree in computer science, electrical engineering, information technology, or other related fields should be adequate preparation. Students from other backgrounds may apply if they can demonstrate their readiness through other means, such as GRE exams, professional certifications, or relevant technical work experience.

WPI undergraduate student Carly Pereira 鈥?1 plans to enroll in the new program when she graduates in May. 鈥淚 was already a computer science major with a strong interest in cyber security, and I had planned to have a cyber security concentration as well. When I heard that Professor Shue was proposing a cyber security master's I was instantly interested,鈥?she says.

鈥淎fter already having taken some senior-level and grad-level cyber security classes, I knew that the professors were extremely invested in their research and dedicated to providing an interesting learning experience.鈥?Pereira hopes to work with a federal agency, specifically in a research or risk management position.

Cyber security jobs are in areas as diverse as intrusion detection, security information and event management, and cloud computing. Finance, insurance, manufacturing, public policy, and defense are other areas where cyber security professionals play vital roles. The average annual cyber security salary is highest in North America at $112,000, according to the (ISC)虏 report. WPI is also helping fill this talent gap through its participation in the federal Scholarship for Service program funded by the National Science Foundation. This competitive scholarship provides full tuition for up to three years of a recipient鈥檚 full-time study of cyber security at the graduate or undergraduate level. WPI is one of only three universities in the state to receive NSF funding for the program.

The university is also designated a National Center of Academic Excellence in Cyber Security by the National Security Agency and the Department of Homeland Security, which gives students access to important cyber security research addressing a host of security threats across multiple disciplines.

WPI Welcomes 19 New Full-Time Faculty Members

leckelbecker — Tue, 20 Oct 2020 12:00:00 +0000

Worcester Polytechnic Institute (WPI) has welcomed 19 full-time educators and researchers to its faculty for the 2020-21 academic year.

鈥淲e are excited to add these talented and accomplished individuals to the WPI faculty,鈥?said Provost Wole Soboyejo. 鈥淭hey possess stellar credentials and will expand the university鈥檚 teaching and research agenda.鈥?lt;/p>

New members of the faculty:

Olufunmilayo (Funmi) Ayobami will join the faculty in January 2021 as assistant teaching professor in the Department of Biomedical Engineering. She is currently assistant dean for inclusion and engagement in the Graduate School at the University of Massachusetts, Amherst. Ayobami has studied orthopedic biomechanics, mechanobiology, contact mechanics in human joints during activities of daily living, and the persistence and success of traditionally underrepresented populations in higher education. A WPI alumnus from the Class of 2011 with a BS in biomedical engineering and professional writing, she has an MS and PhD in biomedical engineering from Cornell University. At Cornell, she received the 2014 Zellman Warhaft Commitment to Diversity Award. Ayobami completed a postdoctoral fellowship in biomechanical engineering at the Hospital for Special Surgery in New York City.

Francesca Bernardi is assistant professor in the Department of Mathematical Sciences. Before joining WPI, she was a postdoctoral scholar in mathematics at Florida State University. Her research focuses on small-scale fluid mechanics and microfluidics. Bernardi has a BS in engineering physics and an MSc in nuclear engineering from Politecnico di Milano in Italy. She earned a PhD in applied mathematics and a graduate certificate in Women鈥檚 and Gender Studies at the University of North Carolina at Chapel Hill. She is a co-founder of Girls Talk Math, a free math and media camp for female and gender non-conforming high school students.

Crystal Brown is assistant professor in the Department of Social Science and Policy Studies. She was an assistant teaching professor at WPI from 2019 to 2020. Brown has a Master of Public Administration from Pennsylvania State University, and an MS and a PhD in political science from the University of Oregon. Her research compares policies and politics that impact marginalized groups in different societies. She is most interested in comparative politics, international relations, human rights, immigration policies, women鈥檚 rights, and race/ethnicity and politics. She was a 2017-2018 Fulbright Schuman Scholar and received the Russell Sage Foundation and the Bill & Melinda Gates Foundation Proposal Development Institute award for summer 2020 that was postponed to the summer 2021 due to the pandemic.

Kelly Colvin is assistant teaching professor in the Department of Humanities and Arts. Colvin previously taught courses on European history and gender history at the University of Maryland and Brown University. Her research focuses on the intersection of gender, culture, and politics, and how those factors impacted events and conflicts of the 20th century. She is the author of the book 鈥淕ender and French Identity since the Second World War鈥?(Bloomsbury, 2017). Colvin received a BA in history and French studies from Bowdoin College, and an MA in history and a PhD in European history from Brown University.

Fatemeh Ganji is assistant professor in the Department of Electrical and Computer Engineering and in the Cybersecurity Program. She was previously a post-doctoral associate at the University of Florida and the Telecom Innovation Laboratories/Technical University of Berlin. Ganji earned a PhD in electrical engineering from the Technical University of Berlin. Her research focuses on interdisciplinary approaches to machine learning and cryptography for design and evaluation of security-critical hardware.

Aswin Gnanaskandan is assistant professor in the Department of Mechanical Engineering. Before joining the WPI faculty, he was a research scientist at Dynaflow Inc., developing numerical models for multiphase flows for applications in aerospace engineering, marine engineering, and biomedicine. His research focuses on high-fidelity mathematical models for multiphase flows to answer critical questions in engineering and biomedicine. Gnanaskandan has a BS in aeronautical engineering from Madras Institute of Technology in India and an MS and a PhD in aerospace engineering and mechanics from the University of Minnesota. He did postdoctoral research at the California Institute of Technology.

Mitchell Lutch is assistant teaching professor in the Department of Humanities and Arts. Lutch earned a BA in music education at the University of Lowell, an MA in music at the New England Conservatory of Music, and a Doctor of Musical Arts in instrumental conducting at the University of Washington. He began his teaching career in the Malden Public Schools in Massachusetts and has conducted concerts and made presentations around the world. He is the author of 鈥淚n Search of Meaning: Frank L. Battisti鈥擳he Conservatory Years and Into the New Millennium鈥?(Meredith Music, 2019). Lutch was previously interim associate director of bands at the University of Northern Colorado and associate professor of music and director of bands at Central College in Pella, Iowa.

Markus Nemitz is assistant professor in the Department of Robotics Engineering. Nemitz earned a Bachelor of Engineering in electrical engineering from Bochum University of Applied Sciences in Germany, and an MS in electronics and a PhD in electrical engineering from the University of Edinburgh in Scotland. During his PhD, he was a research scholar at the University of Michigan. He was a postdoctoral fellow at Harvard University, under the mentorship of George Whitesides. His work blurs the line between machines and materials by integrating intelligence into elastomeric polymers, thermoplastics, and textiles to develop collaborative robotic systems that support, protect, and interact with humans.

Doug Olsen is instructor/lecturer in the Department of Humanities and Arts. A jazz educator and trumpeter, Olsen has performed with Boston and national acts, and he coordinates clinics for the Massachusetts Association for Jazz Education. He was previously interim director of jazz studies at WPI. Olsen has directed jazz programs at the Massachusetts Institute of Technology and the Community College of Rhode Island, and he was director of music for the Medfield Public Schools. He has a BA in jazz and African-American music studies and in music education from the University of Massachusetts, Amherst, and he has an MA in jazz studies from the New England Conservatory. Olsen鈥檚 CD of original compositions, "Two Cents," was published in 2019 by BMI.

Guanying Peng is assistant professor in the Department of Mathematical Sciences. He received a BS in mathematics from Peking University and a PhD in mathematics from Purdue University. He has held postdoctoral positions at the University of Cincinnati and the University of Arizona. Peng鈥檚 research explores partial differential equations with a focus on applications to the sciences. His work has been published in journals such as the Archive for Rational Mechanics and Analysis, and Annales de l'Institut Henri Poincar茅 C, Analyse non lin茅aire.

Dina Rassias is assistant teaching professor in the Department of Mathematical Sciences. Rassias has taught at WPI since 1994 and has broad project-based research and teaching experience. Her recent research focused on molecular mechanisms that drive malignancies, novel drug delivery, and treatment strategies for cancer, including those with the natural product Artemisia annua. She earned a BA in mathematics at Assumption College and has MS degrees in applied mathematics and mechanical engineering and a PhD in biomedical engineering from WPI.

Farnoush Reshadi is assistant professor of marketing in the Foisie Business School. Her research focuses on consumer well-being, financial and health-related decision making, and social influence. Reshadi previously taught consumer behavior and marketing research courses at West Virginia University, where she also earned a PhD in business administration. She has a BS in computer engineering from Bu Ali Sina University, an MSc in e-commerce from Iran University of Science and Technology, and an MBA from the University of Tehran, all in Iran.

Sarah Riddick is assistant professor in the Department of Humanities and Arts. She teaches courses in rhetoric and writing, and she directs the Professional Writing Program. Riddick earned a BA in English and a BA in Spanish from the Honors College at Virginia Commonwealth University, an MA in comparative literature at University College London, and a PhD in English with an emphasis on rhetoric at the University of Texas at Austin. Her research focuses on the relationship between rhetorical tradition, digital rhetoric and writing cultures, and emerging media.

Adam Sales is assistant professor in the Department of Mathematical Sciences, with an affiliation with the Learning Sciences and Technology Program and the Data Science Program. Formerly the lead statistical consultant in the University of Texas College of Education, Sales researches methods for causal inference using administrative or high-dimensional data, especially in education. He has a BS in physics and mathematics from Johns Hopkins University and a PhD in statistics from the University of Michigan. Sales also was a post-doctoral researcher at Carnegie Mellon University and RAND.

Stacy Shaw is assistant professor in the Department of Social Science and Policy Studies. Her research focuses on creative thinking in mathematics, how anxiety and other experiences impact mathematical cognition and reasoning, and how classroom experiences can impact learning and performance in science, technology, engineering, and mathematics. Shaw has a BA in human development from California State University and an MA and PhD in psychology from the University of California Los Angeles. She is an ambassador for the Center for Open Science, a nonprofit organization dedicated to promoting transparency and reproducibility in science.

Shahin Tajik is assistant research professor in the Department of Electrical and Computer Engineering and is affiliated with the Cybersecurity program. Tajik previously was an assistant research professor at the Florida Institute for Cybersecurity Research at the University of Florida. His research focuses on noninvasive and semi-invasive side-channel analysis, Physically Unclonable Functions (PUFs), machine learning, field-programmable gate array (FPGA) security, and designing anti-tamper mechanisms against physical attacks. Tajik has a BS in electrical engineering from K.N. Toosi University of Technology in Iran and an MS and a PhD in electrical engineering from Technical University of Berlin in Germany.

Raisa Trubko is assistant professor in the Department of Physics. Trubko is an experimental quantum physicist who comes to WPI from a postdoctoral fellowship at Harvard University. Her research uses ensembles of nitrogen-vacancy quantum defects in diamond to image magnetic fields with high spatial resolution. She graduated from the Massachusetts Academy of Math and Science at WPI and went on to earn a BS in optics and a BA in physics, both at the University of Rochester, and a PhD in optical sciences at the University of Arizona. Trubko founded the University of Arizona Women in Physics group.

Edvina Uzunovic is assistant teaching professor in the Department of Electrical and Computer Engineering. Uzunovic has been an adjunct professor at WPI since 2012 and has also served as associate director of power systems engineering in the Corporate and Professional Education Office. Her research focuses on power system modeling, simulation, control, and optimization in distribution and transmission power systems. After earning a BSc in electrical and computer engineering at the University of Sarajevo in Bosnia and Herzegovina, she earned an MSc and PhD in electrical and computer engineering at the University of Waterloo in Canada.

Zhangxian Yuan is assistant professor in the Department of Aerospace Engineering. He comes to WPI from a postdoctoral fellowship at the Georgia Institute of Technology, where he also earned an MS and PhD in aerospace engineering. Yuan has a BS in aircraft design and engineering and an MS in engineering mechanics from Nanjing University of Aeronautics and Astronautics in China. His research focuses on the mechanics of advanced structures, composite materials and structures, computational methods for high performance computing, structural dynamics, stability, and fracture mechanics.

Protecting the Power Grid from Cyber Attacks

amracicot — Tue, 25 Sep 2018 12:00:00 +0000

As the national power grid becomes increasingly dependent on computers and data sharing鈥攑roviding significant benefits for utilities, customers, and communities鈥攊t has also become more vulnerable to both physical and cyber threats.

Michael Ahern

While evolving standards with strict enforcement help reduce risks, efforts focused on response and recovery capabilities are just as critical鈥撯€揳s is research aimed at creating a well-defended next generation smart grid. The Daily Herd recently sat down with Michael Ahern to discuss the many challenges involved in securing the national power grid against physical and cyber attacks鈥撯€揵oth now and in the future.

In addition to his role as director in WPI鈥檚 Corporate and Professional Education and instructor for the Foisie Business School, Ahern also leads a WPI research team supporting BAE Systems as part of the Defense Advanced Research Project Agency's Rapid Attack Detection, Isolation, and Characterization Systems (DARPA RADICS) intitative.

What is being done in the U.S. to protect the power grid from cyberattacks?

Here in the U.S., a lot is being done to protect the power grid from cyberattacks. The power grid, or electric transmission system, is required to meet the North American Electric Reliability Corporation's Critical Infrastructure Protection (NERC CIP) Standards. These standards include mandatory requirements for specific actions to protect the power grid from both physical and cyberattacks. CIP Standards are updated regularly to address emerging threats and are vigorously enforced by independent auditors backed by Federal Energy Regulatory Commission [FERC] fines for noncompliance.

The result of these regulations and their enforcement is reduced risk of attacks that create widespread power outages.

Even with these evolving standards, cybersecurity is like a race that never ends. Attackers are learning and building their capabilities, too. Many nation states and rogue organizations are developing their cyberattack capabilities. We've seen attacks against power grid control systems create widespread outages twice in Ukraine. Recently, the U.S. Department of Homeland Security reported attempts to insert malware in our electric power control systems.

The U.S. recognizes the risk that other nations may develop cyberattacks the industry is unable to stop. One initiative DARPA launched several years ago is called Rapid Attack Detection, Isolation, and Characterization Systems [RADICS], research to develop technology that cybersecurity personnel, power engineers, and first responders can utilize to accelerate restoration of cyber-impacted electrical systems.

Overall, the U.S. industry is improving defenses and the U.S. government is conducting research to add new restoration capabilities.

What are the risks if attempts to disrupt the power grid are successful?

Clearly, power grid outages are disruptive. Not only do we lose the lights, after a few days, we may lose water treatment capabilities and also find it difficult to find an open gas station to refuel our cars and trucks. If a nation can do this, it can make coercive threats against other nations without actually going to war.

"Other universities may offer some of these courses and specializations. However, few offer the same range [as WPI]鈥攆rom managing cybersecurity as a business risk all the way to teaching computer skills that can be applied to develop today鈥檚 defenses." -Michael Ahern

How can the U.S. better protect against such attacks?

With attackers learning and developing, defenses for all types of critical infrastructure control systems鈥攊ncluding water, gas, and transportation鈥攎ust improve just to keep pace.

On a personal level, we would all do well to learn to protect ourselves from cybertheft with malware like ransomware. Most of these attacks start with phishing to get us to install their malware and then exploiting an existing software vulnerability. The top few things we should all do to better protect ourselves include hovering over links and checking to see where these links are sending our internet browser before we click; having a questioning attitude about any and all information requests (never give away your ID and password); and quickly installing software patches and updates to apps to eliminate known vulnerabilities.

What are some of WPI鈥檚 academic offerings in cybersecurity? How does WPI approach the topic differently from other universities?

WPI offers several multidisciplinary options for graduate-level cybersecurity education. Our computer science department teaches courses in software security, intrusion detection, digital forensics, and machine learning. In fact, we offer a specialization in security within the master鈥檚 degree program.

The Foisie Business School has taught graduate courses in information security for years. We include cybersecurity as a course and, more recently, we have taught cybersecurity as a type of business risk to manage. Also, WPI鈥檚 electrical and computer engineering department has taught cryptography for over 20 years, offering courses in wireless and internet security while actively adding more courses.

Our data science education provides capabilities that can be applied to improve cybersecurity. And there鈥檚 a Cyber Security Club for both graduate and undergraduate students from any WPI major.

Other universities may offer some of these courses and specializations. However, few offer the same range鈥攆rom managing cybersecurity as a business risk all the way to teaching computer skills that can be applied to develop today鈥檚 defenses.

- By Paula Owen

WPI Professor Debuts Start-up Company at RSA Security Conference

amracicot — Tue, 10 Apr 2018 12:00:00 +0000

With the backing of the Department of Homeland Security (DHS), a WPI computer science professor is gearing up to show off his network security start-up at one of the world鈥檚 largest and most influential cyber security conferences.

Craig Shue, associate professor of computer science and founder and CEO of ContexSure Networks Inc., will demo his security technology and give presentations as part of the DHS exhibitor booth at the RSA Conference, April 16鈥?0 in San Francisco (about 43,000 attendees expected).

ContexSure Networks uses software dubbed PEACE, designed to stop attacks on individual computers from spreading throughout a company鈥檚 entire network by distinguishing between user-generated information and surreptitious malware. The software, which is installed on each computer in the network, not only uses fine-grained permissions for each user but can send information about each computer鈥檚 activities to company IT analysts to help them pinpoint and quarantine the problem.

The system, conceptualized and researched at WPI, was developed with a 2014 National Science Foundation grant. In 2016 Shue received a DHS grant to further develop the system under the agency鈥檚 Transition to Practice Program, which seeks to commercialize promising cybersecurity technologies. The technology was licensed from WPI and the company was created in September 2016.

With his RSA Conference debut fast approaching, Shue talks about the inspiration for the technology, the role students played in its development, and plans for his future at WPI.

How did you come up with the idea for this technology?

There were news reports coming out saying how different organizations kept getting compromised. And I was on the incidence response team for a company that had an attack spreading through its network. They couldn鈥檛 tell which machines were infected and which weren鈥檛. It鈥檚 hard to clean up the mess when you can鈥檛 tell where the mess is. My main goal was to make corporate network security better than what it was. What could we be doing to make them more secure?

How big a role did WPI students play in your research for this project?

Whenever I pitch a research project, I鈥檓 already thinking about which grad students could be involved and how MQP teams could contribute, testing ideas, and seeing what will make something work. They鈥檙e exploring the boundaries of the possible. We had two MQP teams on this. For those students, I was thinking about what they could build and evaluate and then someday talk to future employers and say, 鈥淗ey, I built this.鈥?lt;/p>

We also had one master's student working on this, along with two PhD students, one of whom worked on the basic research elements, figuring out what the pieces would be. He did that on the Linux operating system, but that鈥檚 not going to get you to the commercial product since Linux market share is about 5 percent. We brought in MQP teams to work on how to implement this in Windows.

How important has the student work been?

It鈥檚 been essential. I used to work at Oak Ridge National Laboratory, where I could work on whatever I wanted. But I came to a university because I wanted to tap into students. They help me. I get to hear their thoughts and they act as sounding boards, giving me additional ideas. There鈥檚 the joy of teaching and there鈥檚 the additional energy of working with students. Their help was essential.

Did WPI act as an incubator for this project?

It definitely is a place that made this research possible and gave me the resources I needed for it.

"[Student work has] been essential ... They help me. I get to hear their thoughts and they act as sounding boards, giving me additional ideas. There鈥檚 the joy of teaching and there鈥檚 the additional energy of working with students. Their help was essential." -Craig Shue

At what stage of development is ContexSure Networks now?

We've finished our first round of product development and have something people could install on their computers and use. Now we鈥檙e looking for people to try it out and act as pilot testers, telling us where the papercuts are. Where are the tweaks that would make the technology easier to use? It鈥檚 essentially beta testing. We鈥檝e also submitted technology for independent evaluation through the DHS. They鈥檙e testing our software, making sure it does what we say it will do, and giving us feedback.

What鈥檚 your timeline for moving forward with the company?

Ideally, we鈥檇 be getting our pilots done this month or in May so we can get their feedback. Then by July, we鈥檇 like to get this in front of paying customers.

You鈥檝e been on sabbatical since July 1 so you could focus on transitioning your technology into a working business. How much has this project taken over your life?

This has been what I鈥檝e been doing鈥?lt;strong>all that I鈥檝e been doing. How do I get this in front of customers? How do I do the marketing? I am a jack of all trades and maybe a master at software development. It鈥檚 been busy!

You're launching this exciting start-up company. Why do you plan to stay at WPI?

When I was an undergrad, I knew I wanted to be a college professor. I certainly wouldn鈥檛 want to give up after having achieved my goal. The company is exciting, but my goal is to keep building the next new thing. The company goal is to say, 鈥淭his is the next new thing,鈥?and sell it. I鈥檓 more interested in saying, 鈥淲e鈥檝e done this but what can we do now?鈥?Maybe next we look at the residential sector. Let鈥檚 look elsewhere. I want to go back to the beginning and do it again with something else.

Right now you鈥檙e CEO of ContexSure Networks. What do you want your role to be going forward?

Likely I鈥檒l be the science advisor, providing the staff with insights into what they can be doing but not involved with day-to-day management.

Will it be difficult to give up that granular control?

Yes, it鈥檒l be hard to give that up. I have mixed feelings. I know a specialist in marketing and sales will do a far better job with that than I can. I know I can keep a company running but there are professional CEOs who can make the company really big.

How soon do you think you鈥檒l have a new CEO on board?

As soon as I can. The main challenge is finding someone who knows what they鈥檙e doing in this space but who isn鈥檛 already running a company. We need someone looking for something new and exciting. With what we鈥檝e invested in this, I feel obligated to find a CEO who has experience and who already has taken a start-up and transitioned it.

How critical has your backing from the NSF and DHS been to this work?

Without either of them, this wouldn鈥檛 be possible. If the NSF hadn鈥檛 funded the research to explore the technology, we wouldn鈥檛 have come across what we did. We had the good idea but until you spend a year or two working on it, you don鈥檛 know if it鈥檚 going to work. Without that time and work, you just have a hypothesis. You need to show it can work to get people excited. And as a professor, my goal is to train students. It is not to create start-up companies. So without the DHS saying, 鈥淲e鈥檒l give you money to do this, to pay for your students to work on this and for you to take a sabbatical,鈥?we wouldn鈥檛 be starting a company. We鈥檇 be saying, 鈥淟ook at all these research papers. Aren鈥檛 they great?鈥?lt;/p>

How excited are you about going to the RSA Conference to talk about your technology and new company?

RSA is a gathering of security professionals from across the world. I鈥檒l be able to talk to people from different companies, to be part of the overall show as one of the companies showing off its products. This is a major thing. I鈥檓 very excited to be participating in it. It will be cool to see what other people are offering and to show what makes us unique.

What are you hoping to get out of going to the conference?

I want feedback. I want to hear from customers about what they like about the product. What could be added to it? What do they not care about? That will help me refine the product. Hopefully, we鈥檒l find an organization or two that want to try the product out and be pilot partners. We really want to get people鈥檚 time and feedback about what they want so we can match their expectations.

- By Sharon Gaudin

Equifax hack is a whole new level of bad, says WPI professor

amracicot — Wed, 13 Sep 2017 12:00:00 +0000

When Target Corp. and The Home Depot, Inc. were both hacked in 2014, more than 120 million records were stolen.

That鈥檚 nothing compared to the Equifax, Inc. hack.

In terms of how much risk Americans are in right now, there鈥檚 absolutely no comparison to previous hacks where credit card numbers were stolen, according to Craig Shue, associate professor in the Computer Science department and the Cyber Security program at WPI.

Craig Shue

鈥淢ost attacks, like the one on Target, are mostly about stolen credit card data,鈥?says Shue. 鈥淵ou identify any fraudulent charges on your account and they鈥檙e refunded. You get a new card. For the card holder, it鈥檚 not that big an issue. But the Equifax breach is a completely different ballpark.

鈥淭he severity of the Equifax hack is due to the type of information they鈥檙e holding,鈥?he added. 鈥淭hey are holding all the information someone needs to steal your identity. 鈥?This is the crown jewels of breaches.鈥?lt;/p>

On Sept. 7, Equifax, one of the major credit reporting agencies in the United States, reported that the personal data of 143 million Americans鈥攖hat鈥檚 44 percent of the country鈥攚as potentially compromised in a cybersecurity attack that happened from mid-May through July this year.

The data that now sits in the hackers鈥?hands includes names, Social Security numbers, addresses, birthdates, and even driver鈥檚 license numbers in some cases.

It鈥檚 the perfect brew of information for attackers to use to steal someone鈥檚 identity and clean out their bank accounts, take out loans in their names, get copies of their birth certificates and passports, and take out credit cards and buy anything from sneakers to furniture and boats.

The hackers could use this information over the next several months, or even years, to slowly attack U.S. consumers, or they could release the information en masse and cause nationwide panic, notes Shue. They also could sell the highly valuable information to governments or other criminal groups.

鈥淲hat鈥檚 particularly frightening is this is all the information anybody needs to verify who you are,鈥?says Shue, who has worked as a cybersecurity research scientist at the Oak Ridge National Laboratory. 鈥淗ow do you prove who you are? The information you need to do that is now out there. An adversary with this information could convince the government to give them a certified copy of your birth certificate, a reissued social security card, and even a replacement driver鈥檚 license. They could reconstruct your entire identity.鈥?lt;/p>

Equifax has not released any specifics on the hack other than saying criminals exploited a website application vulnerability.

"This is the crown jewels of breaches." -Craig Shue

Any company could be targeted by hackers, but when that company holds such critical information on so many millions of people, they need to have better cybersecurity than an average company, Shue contends.

鈥淭here are certain entities in the world that exist to be trusted,鈥?says Shue. 鈥淓quifax is one of them. They are a juicy target because of the information they have. Every financial institution, or credit reporting bureau, knows they鈥檙e going to be targeted given the information they have.鈥?lt;/p>

Shue says he was surprised the hackers made off with so much information before any security administrators at Equifax took notice. With that much data鈥攈ighly sensitive data鈥攎oving out the cyber door, alarms should have been going off.

鈥淚t鈥檚 like seeing a lot of money coming out of a bank vault. You鈥檇 notice that, right?鈥?he says. 鈥淚n this instance, someone took an entire copy of everything in the vault before anyone noticed. That speaks volumes about their security.鈥?lt;/p>

Any company, at the least should be keeping its software up to date and monitoring network communications within its systems and with the outside world.

The attack on Equifax also points out the need to figure out a better way to identify people.

鈥淲e鈥檝e been using Social Security numbers like they鈥檙e some sort of super secret identification,鈥?says Shue. 鈥淭he problem is you can never get a new one if it gets compromised. If we insist that we use a government identification number, you should be able to get a new one if it鈥檚 been compromised. But society is simply not there yet.鈥?lt;/p>

- By Sharon Gaudin

Transitioning Cybersecurity Innovation to Practice

amracicot — Fri, 04 Aug 2017 12:00:00 +0000

If computer science professor Craig Shue meets his goals for his start-up company, computer screens in businesses, universities, and other enterprises throughout the world will be sporting a peace sign icon in the years ahead.

The icon is key to the cybersecurity system that Shue has designed through his company, ContextSure Networks. Whenever a security system detects a potential threat, the computer users can simply click on his program鈥檚 icon to send background information about their computer activity, along with overall network data, to information technology analysts. This data gives those IT analysts a quick and reliable way of identifying and remedying the situation.

鈥淎ll this is a treasure trove of information available for the analysts to figure out what is going on, and we aren鈥檛 requiring the end user to do anything but click a couple of buttons,鈥?he says.

Craig Shue

Shue is on sabbatical for the coming academic year to further develop and market the system.

鈥淚t鈥檚 really about getting it installed on people鈥檚 computers,鈥?he explains. 鈥淯nlike antivirus software that constantly requires updating and isn鈥檛 particularly effective, this essentially puts the IT staff in charge so they can constantly adapt to new threats without having to update everyone鈥檚 computer.鈥?lt;/p>

By developing information on how individuals are using a network鈥檚 computers, and establishing a series of fine-grained permissions relating to those uses, the Policy Enforcement and Access Control for Endpoints鈥攐r PEACE system鈥攅nhances security and allows IT analysts to identify and deal with malware quickly.

鈥淥ne of our key differences from traditional network security products is we try to figure out what the human user is trying to do,鈥?says Shue. 鈥淲e think it is important to know why a network request is happening.鈥?lt;/p>

If an action on the network isn鈥檛 related to an interaction with a user, chances are good it is the result of malware trying to spread through the system, a situation that IT analysts can deal with immediately.

The system was developed with a 2014 National Science Foundation grant, and the technique is under patent consideration. In June 2016 Shue received a Department of Homeland Security grant to further develop the system under the agency鈥檚 Transition to Practice Program, which seeks to commercialize promising cybersecurity technologies.

He says he has been working since the end of the academic year on making PEACE more user-friendly.

鈥淚鈥檝e been working this summer to try to get the product to where it is ready for possible production use,鈥?he says. 鈥淚鈥檝e been talking to potential customers on the phone to find out what they need.鈥?lt;/p>

Shue went to Washington, D.C, in May for a conference sponsored by Homeland Security, in which venture capitalists and potential customers gathered to review new ideas like the PEACE system.

He is planning to go to another road show鈥攖his time in New York鈥攍ater this year.

On the company website, ContexSure Networks tells prospective customers that 鈥渆nd users can learn about security and become a powerful line of defense for your organization with the right outreach, communication, and service resolution.鈥?lt;/p>

鈥淲e believe in teachable moments, where end users can be receptive to IT security messaging as part of their workflow,鈥?the company explains. 鈥淲ith ContexSure, we engage users and help them see that IT security is an ally, not an obstacle.鈥?lt;/p>

"[ContexSure Networks] essentially puts the IT staff in charge so they can constantly adapt to new threats without having to update everyone鈥檚 computer." -Craig Shue

According to the website, the PEACE program includes encouraging end-user engagement in network security, promoting an understanding by IT professionals of the context within which a network and its users operate, and allowing those professionals wide authority to take immediate action when a threat is discovered.

Shue is also involved in a residential software-defined networking project that has received funding through a National Science Foundation CAREER Award. The project is an effort to use software and cloud-based technologies to provide greater security to the average every-day computer user.

Shue, who has a PhD in computer science from Indiana University, came to WPI in the summer of 2011 from the Oak Ridge National Laboratory, where he was a cybersecurity research scientist. He continues to collaborate with scientists from the laboratory. In fact, his colleague in the PEACE endeavor is Curtis Taylor, a former student of Shue鈥檚 who received his PhD in computer science in May and is now working at the Oak Ridge Lab in Shue鈥檚 former role.

Last year Shue taught courses in Network Security, Operating Systems, and Advanced Networks. He was granted tenure and promoted to the rank of associate professor effective July 1, 2017.

In 2014 he was awarded the Romeo L. Moruzzi Young Faculty Award for Innovation in Undergraduate Education for his work in the undergraduate network security course.

鈥淚 love teaching computer science and security at WPI,鈥?he says on his university profile page. 鈥淥ur students are enthusiastic about mastering the technical details of systems, networks, and software, making it a thrill to work with them.鈥?lt;/p>

Shue is the director of WPI鈥檚 Scholarship for Service program, a cybersecurity scholarship effort funded by the National Science Foundation. He is also an advisor to the WPI Cyber Security Club and the coach for the WPI Collegiate Cyber Defense Competition Team.

He says he will miss teaching this coming academic year鈥斺€淕etting to see people back in the classroom is one of the things that makes fall fun.鈥?lt;/p>

- By Thomas Coakley

GenCyber Camps Teach Students about Cybersecurity Safety and Careers

amracicot — Thu, 25 May 2017 12:00:00 +0000

While the news brings near daily reports of compromised data and new hacking successes, young students might not realize what it means or understand how they can change it. A camp at WPI is changing that.

For the third summer, WPI is offering a GenCyber Camp as part of its Frontiers summer camp series. Suzanne Mello-Stark, computer science professor, says the camp raises awareness of cybersecurity careers and gives high school students the knowledge of both personal and professional online safety.

鈥婫enCyber camps are funded by the National Security Agency (NSA) and are held at institutions nationwide, but it鈥檚 especially fitting at WPI where interest in cybersecurity is high. The 13-day camp, which fills up every year and attracts participants from as far away as San Francisco, introduces students to ideas from passwords and online privacy to the ethics of cyber issues.

The potential impact for a shortage of cybersecurity professionals is alarming, and it鈥檚 something younger students aren鈥檛 aware of. The news of hacks and data breaches might be on the front page for adults, but that doesn鈥檛 necessarily make it a hot topic for students. 鈥淭he kids don鈥檛 hear it in their own worlds,鈥?Mello-Stark says. 鈥淭hey are often surprised by what I tell them.鈥?lt;/p>

With an awareness activated by the camp, the students get excited when they learn about hacking techniques (albeit in a closed and protected virtual system developed for the camp) and how 鈥漷he good guys鈥?try to stop 鈥渢he bad guys.鈥?But Mello-Stark explains clearly why the students need to be able to do the very thing they are trying to prevent. 鈥淭o know how to protect something, you have to know how to break it,鈥?she says. That鈥檚 when the ethics of cybersecurity comes into play鈥攖he students learn the responsibility of having the knowledge.

Students build binary bracelets.

In addition to the real-world, hands-on projects, the camp, which hosts 20 participants from July 23 to August 4, offers up information in fun ways. 鈥淭here are lots of cool things,鈥?says Mello-Stark. 鈥淲e teach them about cryptography, and I run the Amazing Cryptography Race. We use invisible ink and they learn how to do crypto. The students work in virtual environments and gain some hands-on computer science experience as well."

鈥淵ou have to have a background in computer science before you can understand what the cybersecurity problems are, so we try to give them some hands-on experience while they鈥檙e here,鈥?she says. 鈥淲e know that in many schools, computer science isn鈥檛 taught as early as other sciences, like biology, and students are hungry for it.鈥?lt;/p>

While a main goal of the camp is to generate interest in cybersecurity as a college major and ultimately as a career, a broader awareness of cybersecurity issues is important for everyone, says Mello-Stark, who notes that of course not every participant will go on to have a career in cybersecurity. 鈥淚t鈥檚 interesting to see where they go,鈥?she says. 鈥淎fter the camp, I am sure they have a little more understanding about privacy and how to stay safe online, and what job opportunities are out there. If they decide not to go into cybersecurity, that鈥檚 fine. We want them to know about it and make an educated decision.鈥?lt;/p>

Several guest speakers came to camp last year, and Mello-Stark is hoping for a return this summer. Last year, two FBI agents regaled the students with a 90-minute Q&A. The agents talked about some cases they have worked on and how they have to stay fit for their jobs. A cybersecurity expert from MITRE, along with Nicholas Brown 鈥?6, 鈥?7 (MS CS), who was then a WPI grad student interning at the company, came to talk about bio-behavioral metrics.

Students take a break from the day's
activities.

This year, Mello-Stark will have an assistant helping her run the camp鈥擶esley Swenson, a math teacher at Tahanto Regional High School. In an effort to broaden the camp鈥檚 message and impact in the region, Swenson will develop lesson plans that he can then take back to use in his own classes. Even the simple tips will make a big impact, Swenson says. 鈥淚 took an informal poll about passwords with some of my students, and most of them are using the same password for everything,鈥?he says. 鈥淚 am excited to take back some of the coding for the students, but just to help them with awareness is very relevant鈥?Awareness of security and where the dangers lie.鈥?lt;/p>

And that is exactly what the camp鈥檚 mission should include, says Mello-Stark: Many high school teachers don鈥檛 have cybersecurity experience and, therefore, most high school students don鈥檛 learn cybersecurity as part of their typical curriculum. Because of these varying levels of capability, the camp might have beginner and advanced students simultaneously. Activities will include learning about parts of a computer and how the computer works, operating a simple Python program, understanding binary and hexidecimal, and building a Raspberry Pi.

While the interest is often in the more spy-like elements of cybersecurity, the camp really delivers accurate information about how to be safe online and piques interest in the field, with the ultimate goal of increasing the number and the diversity of qualified cybersecurity specialists. Teachers who attend improve their teaching methods and content thereby sparking interest among their students, but also among themselves.

With funding through the National Science Foundation, WPI also offers the CyberCorps: Scholarship for Service (SFS) program in cybersecurity that helps bring a well-educated workforce to an industry that needs workers. Now in its third year, the program is available for rising WPI juniors and seniors and graduate students who want to pursue a career in cybersecurity. In exchange for tuition and some reimbursements for things like books and travel, and annual stipends of $22,500 for undergrads and $34,000 for grads, the recipients agree to work as summer interns and then work in government (the federal level is preferred, but not required) after graduation for as many years as the scholarship was received.

Brown, who was also a SFS participant, says the SFS program helped him decide to pursue graduate level work in cybersecurity. 鈥淣ow that I've graduated, I'm going to work as a cybersecurity researcher at the MITRE Corporation, one of the many federally funded research and development centers that we can work at to fulfill our service requirement.鈥?lt;/p>

Alexander Witt 鈥?5, 鈥?7 (MS CS), says the SFS program helped him professionally and financially. 鈥淪FS offered the opportunity to learn more about the field of cybersecurity and identify areas of interest,鈥?he says. 鈥淎dditionally, the commitment required by the program provided valuable insight into employment offered by the public sector.鈥?lt;/p>

Drawing interested students into cybersecurity will certainly enhance their career opportunities, but also will have a much wider impact. 鈥淲ithout them, we will see more and more hacks and not be able to protect our infrastructure,鈥?she says.

With the broad sweep of both the camp and the SFS program, Mello-Stark hopes to raise interest. 鈥淚t鈥檚 critical work, but it鈥檚 also really fun,鈥?she says. 鈥淵ou can鈥檛 go a day without learning something new.鈥?lt;/p>

- By Julia Quinn-Szcesuil