Consumers are attracted to these devices because of their convenient features, but cybercriminals have found ways to use the technology for nefarious purposes.
“These devices are attractive targets for attackers and state-sponsored actors who abuse them to gain access to critical networks because of the lack of basic security measures, control access policy controls and patch management,” said Bou-Harb, director of UTSA Cyber’s Center for Security and Analytics, a university-wide center focused on initiatives cybersecurity training, development and research.
The first project, “Collaborative Research: CISE-MSI: Active and Passive Internet Measurements to Infer IoT Maliciousness at Scale,” began this month. A three-year $500,000 grant is intended to support research efforts for minorities pursuing careers in cybersecurity.
Using data-driven methodologies, researchers will design and implement algorithms for fingerprint-mined IoT devices and uncover their inherent security issues. Work will begin on pre-existing consumer devices first, but will also include analysis of sensors deployed in critical infrastructure systems such as power grids and water systems. Researchers will develop mitigation tactics to improve Internet security on IoT devices.
“We are going to tackle this project in two different ways. First, we will analyze IoT devices and report on our findings from studying the devices in our lab. We will then analyze the network traffic from these devices to better understand their characteristics and security protocols remotely,” said Bou-Harb, who specializes in network traffic research. this said.
Following the research portion of the project, the collaborating institutions will bring the knowledge they have gained into the classroom through virtual labs and workshops focused on female and minority students.
“We hope to impact the field by extending future training to professionals in the field and other organizations including community college students as well as high school students,” he said. Bou-Harb said.
The second grant, “Implementing Collaborative Research Cyber Training: Medium Multidisciplinary Training for Common Network Physical Systems and IoT Security,” is a $1 million grant led by UTSA faculty co-lead Paul Radan associate professor, and Rita Mitraa practicing professor from UTSA’s Department of Information Systems and Cybersecurity.
Uniquely studying both cyber and physical attacks, the researchers will focus on the security of critical infrastructure in water systems in relation to water quality. The primary focus of this grant will be on strengthening the cybersecurity and data science workforce, with an additional research component.
“For this project, we’re not just looking at sensors, we’re looking at how these sensors and the civil engineering infrastructure actually interact and the security implications of this. this kind of interaction,” says Bou-Harb. “Why is it important? Because usually physics and security control researchers conduct their research independently.”
The training objective for this project consisted of three components: a virtual lab with a simulation toolkit, curriculum development, and an interdisciplinary workshop with public and private sector partners.
“Most wars today are not physical. They are economic wars or cyber wars,” says Bou-Harb. “By attacking critical infrastructure like water systems, you can cripple a country. As academics, we must address these evolving issues before they can become a reality. And although publication is one of the results of this work, it would be meaningless if it were not put into practice in society.”
Aware of the security risks found in IoT devices, how can consumers protect themselves and their families?
“Don’t blindly adopt technology,” says Bou-Harb. “Understand what security implications exist when you bring a new device into your home as all devices are vulnerable. And, only choose the products that you really need.”