An Indiana University of Pennsylvania computer science faculty member and director of IUP’s Institute for Cybersecurity has received $731,099 from the National Security Agency to develop cybersecurity solutions for contemporary work habits, including remote working environments.
Waleed Farag authored the grant proposal. The goal of the project is to develop an automated solution that both identifies risks and triggers an automated risk response system.
Two computer science faculty members will join him in this work. Soundararajan Ezekiel is the grant proposal co-author and Xin-Wen Wu, an associate professor at the University of Mary Washington, will serve as a senior faculty researcher. Graduate and undergraduate IUP students will also work with the project, titled “Innovative autonomous risk detection and mitigation powered by collaborative machine learning for zero-trust systems.”
“This award to Farag and his colleagues is especially exciting because of its potential impact in the field of cybersecurity and student engagement,” Dean of IUP Graduate Studies and Research Hilliary Creely said. “Projects like these, that actively involve student experiential learning through research, are powerful and transformative activities that prepare IUP students to be persistent, curious, problem-solvers, and ready to change the world with new thinking and innovations,” she said.
The two-year project, begun this fall, is designed to develop a framework, based on a sound theoretical foundation, for automated detection and mitigation of cyber risks to improve the security of computer systems in zero-trust environments, Farag said.
Zero Trust is a strategic approach to cybersecurity that secures an organization by eliminating traditional trust models and continuously validating every stage of a digital interaction.
“Trends including ‘work from home’ and ‘Bring Your Own Device (BYOD)’ have made the digital boundaries of corporates and organizations disappear,” Farag said. “With boundaries diminishing, traditional perimeter-based security solutions have become ineffective in meeting increasing demands for access from literally everywhere and for using every device.
“This has led to the zero-trust model concept (also known as perimeter-less network security model), but few efforts have been put into developing effective security mechanisms for the next generation of networks in the zero-trust security architecture,” Farag said.
The goal of the project is to develop effective security mechanisms for the next generation of networks in the zero-trust security architecture, he said.
During the first year of the project, the team will develop a risk evaluation scheme, identify the most appropriate procedure among the available security controls, and implement a risk detection solution.
In the second year, the team will develop an automated risk response system powered by machine learning models; this system will be designed to trigger risk responses using automatically generated thresholds. The team also will develop a security auditing scheme to ensure the adaptability and effectiveness of the risk detection and mitigation system under the zero-trust architecture.
Research papers also will be written throughout the two-year time period to report research findings.
If funding continues for a third year, the team will identify the criteria under which the proposed automated system will select and deploy one of the three top-performing machine learning solutions to detect and mitigate cyber risks and evaluate and fine-tune the performance of the developed integrated suite of solutions to ensure its effectiveness, Farag said.
“I am very honored to have IUP selected for this funding, and our team is very pleased to contribute to a solution to address a very important concern for businesses and individuals, especially as cybersecurity attacks and zero-trust environments continue to increase,” Farag said. “This project also provides hands-on, real-life experience to our students that gives them that extra edge as they begin careers in cybersecurity,” he said.
IUP’s Research Institute, a separate, private, nonprofit corporation affiliated with IUP, provides research administrative assistance at all stages of externally funded projects. It is the official recipient of the grant funds.
IUP is one of the first institutions in the nation to receive the Center for Academic Excellence in Cyber Defense (CAE-CD) designation by the National Security Agency, and it has held this designation since 2002, one of only 16 universities in Pennsylvania to hold this designation.
Over the last five years, Farag has secured more than $2 million through a Department of Defense program that has provided 37 full scholarships to students in IUP’s cybersecurity bachelor’s degree program. In fall 2022, Farag secured more than $200,000 for a full scholarship and stipend for a student studying for a doctoral degree in a cybersecurity-related field; this initiative is designed to address the national shortage of qualified cybersecurity instructors at National Centers of Academic Excellence in Cybersecurity colleges and universities.
In the last six years, IUP’s Institute for Cybersecurity, founded in 2005 to further encourage and promote cybersecurity at IUP and the surrounding community, has secured more than $15 million in federal funding for IUP-sponsored initiatives and programs.
This $15 million in funding includes $4.98 million from the Department of Defense for the first three years of a novel project to enhance cybersecurity and STEM education in Pennsylvania (Science, Technology, Engineering, and Mathematics). Received in September, this is the largest single grant that has ever been awarded to IUP. The project period of performance is expected to be six years with a total funding of about $11 million.
This $15 million in funding also includes more than $1 million in federal funding for IUP to enhance cybersecurity training for middle school students and teachers through the GenCyber program. More than 450 middle school students and teachers have completed GenCyber camps since 2016.
In 2017, a team of faculty at IUP led by Farag received a grant of $212,000 from the National Security Agency to enhance cybersecurity education in western Pennsylvania. The team included faculty from English, Professional Studies in Education, and Political Science and students at IUP.
The project, completed in 2018, resulted in the development of a cohesive set of services to innovatively address known challenges facing cybersecurity education, incorporating an interdisciplinary approach in designing and implementing these services that will appeal to diverse cyber talent—including women and minorities—and serve a geographical area that is predominantly rural. This project was part of the Cybersecurity National Action Plan: Investment in Expansion of CAE-C (Centers of Academic Excellence in Cybersecurity) Education Program.
The IUP Institute for Cybersecurity also continues to organize and present an annual Cybersecurity Day and conducted a research study during 2020–22 on improving IoT (Internet of Things) systems security, funded through a $250,000 grant from the NCAE-C Cyber Curriculum and Research 2020 Program.
IUP began offering its Bachelor of Science in Computer Science/Cybersecurity Track (originally Information Assurance) and a minor in cybersecurity in 2002. This program combined core computer science and cybersecurity classes with a minor in criminology, creating a novel curriculum that helped students gain a broad understanding of the field and be work-ready.
The IUP Cybersecurity program has about 120 students enrolled, and about 20 students annually complete the program and receive their bachelor’s degree in the Computer Science/Cyber Security Track. IUP’s program also focuses on cybercrime detection, loss prevention, and how to collect evidence to prosecute cybersecurity offenders.
IUP has a longstanding commitment to research on all levels and in all disciplines. In 2021, IUP was one of only two public universities in Pennsylvania and one of only 93 public universities in the United States selected for the “High Research Activity” designation by the Carnegie Classification of Higher Institutions of Higher Education.