Photos by Chris Taggart

The Hollywood version of a hacker who infiltrates a computer system may look like someone hunched over a laptop in a dark remote location.

In fact, according to the FBI, between a quarter and half of all daily cyberthreats come from “insider threats.”

On March 16, law enforcement, private industry, and academic leaders convened at Fordham’s Lincoln Center campus for a day devoted exclusively to the challenges of stopping those threats.

The conference, “The Insider Threat: Before, During, and After an Incident,” featured three panel discussions and a “fireside chat” on bringing lawless “dark web” sites to justice.

The half-day event was jointly sponsored by Fordham and the FBI and served as a complement to the larger International Conference on Cyber Security (ICCS), held every 18 months at Fordham. The University also runs a Center for Cybersecurity and offers a master’s program in the subject.

In her welcoming address, Tania Tetlow, president of Fordham, noted that because universities are frequent targets of cyberattacks, they have a vested interest in working to stop them.

“We do it in that way that we’re so proud of in higher ed, and in particular, as a Jesuit institution, by being open to the answers, by constantly trying to challenge ourselves to think differently, to be one step ahead of those very creative enemies that we’re up against,” she said.

The Before

Testing and trust came up repeatedly in the first panel, which featured Dave Fitzgibbons, acting assistant director of the FBI’s Insider Threat Office; Richard Aborn, president of the Citizens Crime Commission of New York City; and Chris Farr; executive director of commercial strategy for the strategic intelligence firm Strider.

Aborn said in large organizations, programs that train employees to spot threats are only effective if they’re practiced zealously.

“I think it’s an oxymoron to say you train too much. You have to refresh, you have to train over and over and over again,” he said, noting that his organization had recently sent out test phishing e-mails to its own members.

“We had about a 35% failure rate, and I was pretty shocked at that. We train a lot.”

Behavioral Indicators

Farr said a common misconception is that the first place to start is in the technical realm. In fact, it’s far more important to focus on individuals and have in place a dedicated team to assess behavioral indicators and raise red flags about potential workplace violence, espionage, or fraud. Those indicators might include visits to websites that promote violence, unusual travel patterns, and inexplicable income increases.

The trick is to cultivate a culture of respect where it’s okay to alert a supervisor to a co-worker’s worrisome behavior. It’s tricky, given Americans’ expectations of privacy, but it can be done.

“Employees have to trust your process though,” he said. Programs that have anonymous reporting and policies of no retaliation are super important.”

In the Mix

A key lesson from the second panel, which featured Harold Chun, director of security legal at Google; Darron Smith, insider threat program manager at Bloomberg L.P., and Bill Claycomb, principal researcher at CERT Division’s National Insider Threat Center, was that any insider threat team should also have clear parameters about how to respond.

Is the threat from a full-time employee or a contract one? Is it a one-time issue or an ongoing problem? Is there a threat of physical violence? The response should be commensurate with the problem, said Smith.

“You may not want to raise the fire alarm immediately. It’s really important when you’re thinking about things like duty of care to the employee or privacy,” he said.

Learning from the Past

The final panel featured FBI supervisory special agents Scott Norwell, John Reynolds, and Paul F. Roberts Jr., who specialize in employee, state-sponsored, and white-collar insider threats, respectively. They shared the lessons that have been learned from past cases, such as the 2017 conviction of Kun Shan Chun, a longtime member of the bureau, of passing sensitive information to a Chinese government official.

In that case, Norwell said the bureau had learned that there is a long-term, concerted effort by the Chinese government to identify and recruit people, like Chun, who appear to be vulnerable to flattery, cajoling, or intimidation.

Lessons From the Dark Web

Ed Stroz, GABELLI ’79, co-founder and president of Stroz Friedberg and Fordham trustee, closed the day out with a discussion with Andy Greenberg, senior editor of Wired Magazine and the author of Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency (Penguin RandomHouse, 2022).

Greenberg’s book shows how agents were able to track down the founders of dark web marketplaces such as Silk Road by analyzing Blockchain, the technology that underlies the cryptocurrency that was being used to facilitate the sale of drugs, child pornography, and weapons.

Blockchain was thought by the site administrators to grant them anonymity, but it did not. The path to Silk Road’s demise also included the apprehension of two federal agents who were using the site to commit crimes. One of them was initially accused by an anonymous tipster.

“When people ask about insider programs, it’s easy to think ‘Oh, we’re going to get somebody in trouble,” said Stroz.

“But in many instances, it gets someone out of trouble, or it makes it easier … for people to have a way to raise something so that it can be pursued responsibly. ”

Students Learn from the Pros

Among those in attendance was Jakub Czaplicki, a senior at Fordham College at Lincoln Center working on a five-year, accelerated master’s degree in cybersecurity. He became interested in cybersecurity when he was in middle school, and hopes to join law enforcement after graduation.

He said he enjoyed the case studies in the third panel as well as Greenberg’s talk.

“When the FBI agent was talking about how there is this risk of China and different nation-state actors, it really got me thinking, yeah, we have to secure this. Even though it’s a low percentage, it is a genuine problem for large organizations and the FBI,” he said.

“I learned a lot about cryptocurrency, nation-state actors, and what to look out for.”

Czaplicki was one of six Fordham students who attended, said Thaier Hayajneh, Ph.D., university professor and founder and director of Fordham’s Center for Cybersecurity. Grants that the center won in 2019 from the National Security Agency and the Department of Defense made it possible for them to attend.

“We really want to expose them to the real world and also excite them to work with the executive branches of the federal government,” he said.

“Here, they saw the real cases, and they got to connect the theoretical, the technical, and the practical aspects of cybersecurity.”

“Once the project is completed, it will give us a framework under which hundreds of researchers can build interesting AI models that can be used every day in middle-income countries like Bangladesh and India, as well as with other Bangla language speakers worldwide,” said Amin. “This will potentially reduce the digital divide on a global scale.” 

A Popular Language With a Critical Weakness

Artificial intelligence has become an essential part of everyday life, from online spell-checkers to voice-enabled devices like Amazon Echo. In order to use AI, these machines first need to be trained to understand the human language. Their natural language processing (NLP) system needs to absorb large amounts of data in order to recognize all the unique parts of a language, including idioms, metaphors, and even sarcasm. 

English, the primary language of the internet, has a plethora of online texts to learn from, including a mature corpus: a large collection of English texts assembled by academics that are used to build up NLP for the English language. It includes social media, newspapers, and blogs. 

But that isn’t the case for the national language of Bangladesh, known as Bangla—one of the most widely spoken languages in the world. 

“When it comes to English, Google first understands a query, processes the query, and then provides a user with the best result. But that doesn’t happen with Bangla and other low-resource languages,” said Amin. “Google provides very good search results for some languages like English, Chinese, and Spanish. With Bangla, Google provides search results, but it can’t analyze that data because it doesn’t have a foundation of Bangla semantics information to draw from. Google does not understand the language, linguistically. So Google search results in English are very dynamic, but not in Bangla.” 

A Global Project to Develop Artificial Intelligence Abroad

Over the next two years, Amin is working with Giga Tech, a global technology company in Bangladesh, to develop the first Bangla corpus. 

“We want to create a large dataset labeled with grammatical properties by linguistic experts, which will then be able to identify people, places, and things. This will strengthen the Bangla national language’s NLP framework. Then we will develop a large-scale computational algorithm that can automatically detect those things from Bangla texts,” said Amin. “In the future, researchers can improve the model and local industries can build applications with it. That is the Bangladesh government’s goal—to create the framework so that information and communication technology within the country can lift off.” 

Amin is originally from Bangladesh. He was born and raised in the capital city, Dhaka, and immigrated to the U.S. in 2013. That same year, he developed Bangladesh’s first national search engine—Pipilika, which ran for a total of eight years—in a project co-funded by Telenor, Accenture, and a2i, a Bangladesh government program that aims to improve access to public services through new technology. 

Research Guided by Ignatian Philosophy

In 2019, Amin joined Fordham’s faculty, where he teaches and conducts research with undergraduate and graduate students. He also collaborates with academic institutions in North America, Europe, Australia, and Southeast Asia. 

“Most of the problems solved by my team are local to the U.S., but that does not mean we have to only solve problems here. We can do the same thing for other languages and nations from where we are,” said Amin, who is virtually working with Giga Tech and the Bangladesh government on this project. 

Amin said that his research, whether it’s conducted in the U.S. or in Bangladesh, is always guided by Fordham’s Ignatian principles. 

“I am deeply motivated by the Ignatian principles, and I believe that education is one of the best ways to help people. We should continue to spread the knowledge we create within Fordham to touch people outside the University,” said Amin. “The best way to do it is through collaboration with outside entities—not just through academic research, but implementation that touches people’s lives beyond binaries and boundaries.” 

“I’ve seen a lot of people go blind, including my grandmother, and there are a lot of direct and indirect costs that patients suffer from,” said Serpa, a data science student in the Graduate School of Arts and Sciences. “I want to make sure that people can see as long as possible.” 

The idea for the project originally came from Amin, an assistant professor of computer and information sciences, and Alauddin Bhuiyan, Ph.D., the founder of iHealthScreen and an associate professor at Mount Sinai’s Icahn School of Medicine. While searching for thesis ideas, Serpa reached out to Amin, who then introduced her to his research with Bhuiyan. 

“Many middle-aged people have diabetes, including myself,” said Amin. “They often develop eye problems, especially age-related macular degeneration (AMD) and diabetic retinopathy. These diseases spread slowly until they reach a stage where it’s difficult to recover, but if you diagnose them early, they’re easier to manage.” 

Together, the three researchers are trying to build an app that uses artificial intelligence to detect these eye diseases at an early stage. 

Training Software to Recognize Disease Symptoms

Serpa began her thesis last fall with initial research and interviews with neurologists and ophthalmologists, who shared what they thought was needed in their field. Then she visited health care facilities in the Bronx, where she recorded images of patients’ retinas with professional equipment, focusing on patients at least 55 years old and/or diabetic. The images were then uploaded to AI software that is being trained to identify signs of AMD or diabetic retinopathy and also sent to an ophthalmologist for diagnosis. Later, Serpa compared the results from the software and the ophthalmologist to see if they both agreed on a diagnosis. 

“The software uses machine-learning and deep learning to scan images, pixel by pixel, and search for specific spots that indicate a person is at risk and should be seen by a professional for further referral,” said Serpa. “Basically, we’re training the software to know what to look for in the data and to accurately diagnose patients.”

So far, Serpa has recorded and uploaded about 100 images. Her goal is to collect more than 500 images by the end of the study, but she says that most of the time, the ophthalmologist and the software agree on a diagnosis. And the more images processed by the software, the smarter it becomes. 

“It’s like if you were to study for an exam and take 10 practice exams. If someone else takes 20, then that person might do better because they’ve practiced more,” said Serpa.  

Finally, Serpa’s team will incorporate the software into a smartphone application in which anyone can take a photo of their eye and screen themselves for eye diseases at little to no cost. 

“In the past, most researchers have used a separate camera or a removable smartphone lens instead of an actual iPhone camera, but those can cost a lot of money. We’re trying to see how accurate we can get with an iPhone camera,” said Serpa. “If people can’t afford to visit a doctor, this could be a good way to first let them know that they should see a doctor and get real imaging done because we see something that may be dangerous.” 

A Cost-Effective Form of Diagnosis

After graduating from Fordham next spring, Serpa said she hopes to work full time in the medical technology field. 

“A lot of people find databases boring, but I think it’s fascinating to find patterns in the data that can be important to a business or health care system,” said Serpa, who is originally from Monroe, New York. 

She said she not only enjoys working with data, but also interacting with patients, many of whom she can personally relate to. 

“As someone who has had a lot of chronic illnesses since I was young, I feel like I understand where they’re coming from,” said Serpa, who has asthma and has suffered from migraines and fibromyalgia since childhood.

Although her thesis will be completed by May 2023, she said she plans to continue her research post-graduation. 

“In the long run, our goal is to create a cost-effective and accurate way to know that a patient is going to lose their sight, but also help them to retain some of it,” Serpa said. “Nothing’s going to reverse the damage; we can only slow down the process. But hopefully we can find a better way to detect these diseases earlier.”  

“Power failures can lead to great economic loss and greatly impact on our daily lives,” said Chen, who was awarded the grant last December. “My goal is to improve people’s lives by ensuring the security and resiliency of our energy system.” 

Electric power systems are a critical component of society that provide power to our homes, businesses, and devices. But when they fail, they can have devastating consequences, said Chen. Disastrous events have previously shut down the electric grid and left millions of people without power, including the 2019 Manhattan blackout and the 2021 Texas power crisis.  

Thanks to advances in technology, many electric power systems now use energy devices that can be controlled remotely through smartphone apps and other Internet-based devices. These devices, known as Internet of Things (IoT)-enabled energy devices, can be found in solar panels, wind generation systems, and electric vehicles, said Chen. They can also be found in commonly used household appliances like air conditioners, water heaters, and electric ovens. 

A Weakness with Potentially Devastating Consequences

The original goal of using IoT-enabled energy devices was to improve operational performance through greater reliability and sustainability, said Chen. However, he said that these devices are weak in one critical area—cybersecurity.  

“IoT-enabled energy devices are easy to hack because they are not built with a high level of security. These devices have limited capabilities, and they are incapable of running sophisticated encryption and authentication mechanisms, which our computers have,” Chen said. “These devices are also often operated under factory settings with a default password, so it can be relatively easy to hack them.” 

Hackers can compromise devices in a coordinated manner, said Chen. The attacker first gains control of a group of IoT-enabled energy devices and then forms an IoT botnet—a network of infected devices that can launch a large-scale attack and disrupt the normal operations of an entire power energy system. 

“This can disrupt the supply-and-demand chain of energy suppliers and consumers. It can also create a power surge that makes our electric grid more unstable and potentially lead to a power failure that causes economic loss and human injury,” Chen said. “The cyberattack initially leads to a local power failure. An energy supplier will try to restore the power, but the power failure could propagate and lead to a major blackout due to the highly complex and dynamic nature of grid operations.”

Increasing Protection in the Field and at Home 

In a two-year-long project, Chen and his team of graduate and undergraduate students will conduct a comprehensive study of modern electric power systems, analyze the behavior of potential hackers, and develop defensive strategies to protect the power systems from cyberattacks. Their overarching goal is to create cost-effective mechanisms to improve the security and resiliency of electric power systems under IoT botnet attacks. Collectively, these mechanisms can serve as a guide for grid operators who are responsible for protecting the electrical power system, said Chen. 

Right now, everyday people can protect their personal IoT devices from cyberattacks by taking one simple step—changing their devices’ default passwords, said Chen. 

“Many people ignore this step and leave their devices in a very vulnerable situation. An attacker can guess their passwords very easily and have complete control over their devices,” Chen said. “We also need to regularly patch and update the software systems on our devices, just like we do with our smartphones.” 

Chen said that his team’s research results will be integrated into a new course at Fordham called Artificial Intelligence for Cybersecurity. The course, which will provide students with cross-disciplinary training in cybersecurity, artificial intelligence, and informatics, will potentially be offered in 2023. 

“What excites me most is the nature of this project,” said Chen. “This is a societal problem that will potentially have a lot of impact on our daily lives.”

The program is currently accepting applications from potential students for enrollment in fall 2022.

Damian Lyons, Ph.D., professor of computer science, said the need for those with doctoral degrees in computer science is enormous, particularly in the private sector. The U.S. Bureau of Labor Statistics projects a 15.3% increase from 2012 in the number of jobs in computer science requiring a doctorate degree by 2022.

Despite the strong market demand, there remains relatively low Ph.D. production in computer science, he said. Just 2% of all degrees conferred in the computer science discipline are doctorates, he noted, compared to 8% in the sciences, math, technology, and engineering fields overall.

He added that doctoral degrees are also becoming a more common prerequisite to private sector employment. Often, large, multi-sectoral organizations will reserve top-ranked positions for doctoral degree holders. For example, 16% of all positions at Google now require a doctorate.

A Focus on Ethics

A Ph.D. at Fordham will address more than just the technological aspects of the discipline, though. Students who earn the computer science doctorate will learn to wrestle with the thorniest issues of the field, including privacy and responsibility in fields such as artificial intelligence, data science, and cybersecurity.

“Our program will promote ethically informed public-interest technological research,” Lyons said.

“The program is also unique in its commitment to training students in computer science pedagogy,” he said, “and in its commitment to engaging students in research within the first year of being in the program.”

The Ph.D. program is the latest expansion of Fordham’s focus on computer science education. In 2014, the department added a master’s in cybersecurity to its offerings, and a year later, it added a master’s degree in data science.

In 2017, Fordham was designated as a Center for Excellence in Cybersecurity by the NSA and the Department of Homeland Security. For 12 years, Fordham has hosted the International Conference on Cyber Security, jointly sponsored with the FBI.

A Research-Heavy Sequence

Research will be a key element of the Ph.D. program. Lyons noted that students will be required to take a research method class their first year and conduct an initial but significant supervised research project that will result in a peer-reviewed publication. That project may or may not be connected to their dissertation research, but it must be completed before any dissertation research can be proposed.

Students will be supervised and mentored at all stages throughout the program. “This curriculum has been designed to facilitate advising and nurturing students as they go through the process,” Lyons said.

The program is poised to offer students an excellent return on investment: It is estimated that 60% of computer science doctoral students enter private industry after graduating, at firms such as Google, Uber, Bloomberg, Microsoft, IBM, and others.

Artificial Intelligence: Seeing the Bigger Picture

Lyons is especially excited at the prospect of Fordham graduates addressing the challenges of artificial intelligence, data science, and cybersecurity.

“There’s a great deal of information and sentiment out there about the role that such advanced computer science could play in society, with arguments spanning the spectrum from it being a tremendous good that will help everybody, to well-known comments by Stephen Hawking and Elon Musk that it could lead to the downfall of society,” he said.

“The way you deal with that is, you ensure that the researchers you’re training understand that science is a part of society, that they aren’t so focused on the technical perspectives and excitement of what they’re doing that they don’t see the bigger, ethical picture.”

So when Rayvid, a New Jersey native who is pursuing a master’s degree in data analytics at the Graduate School of Arts and Sciences, learned this past winter that the N.F.L. was holding a contest to see who could use data to propose new rules to cut down on concussions, he jumped at the chance.

“I wanted to do something productive and build up my portfolio a little bit more, and I thought, ‘What better way than doing something that I’m genuinely interested in, where I can apply what I’ve learned in class?” he said.

The contest involved analyzing data from every single play executed in every National Football League game held in the 2017 and 2018 seasons. The data included everything from the kinds of hits that resulted in concussions, to what the weather was at the time of the hit, to videos of the hits. It was all uploaded to the online database Kaggle.com.

Rayvid used the winter break to analyze the data. He created “features,” which are groups of data that include aspects of the game such as the team formation during the play that led to a concussion, the distance between the opening kickoff and the opposite teams’ receiver, and whether the kickoff resulted in a ball that stayed within the boundaries of the field. From there, he created a “correlation matrix.”

Based on his analysis, the first rule change that Rayvid proposed was altering the formation of the team receiving the ball, so as to encourage the receiver to execute a higher number of “fair catches,” in which the ball becomes dead at the moment they make the catch. That alone, according to his analysis, would result in a 65 to 70% reduction in concussions. The second change he would make is to ban what’s known as a “blind side block,” which sometimes happens during punt returns.

“It’s like a clothes line, where you get blocked by a guy and you don’t see him coming. That is extremely dangerous, because the guy who is running doesn’t have a chance to defend himself so he could get really pretty injured,” Rayvid said.

Rayvid impressed contest officials enough to earn a trip to Atlanta during the week of the Super Bowl, where he presented his findings to an audience of 150 team executives, league administrators, and medical professionals at Georgia Tech’s VentureLab. His presentation was also streamed live at NFL.com.

“We had to cut it down to five minutes, which is pretty difficult. The first day I was there, it was about 10 minutes, so we had to basically chop it in half and keep the good stuff,” he said.

“We worked with local entrepreneurs, a couple professors from Georgia Tech, and a couple of NFL people as well, refining our presentation, rehearsing it, making sure it was all looking good. We even did a dress rehearsal.”

Rayvid felt like he did well during his presentation, and even though he ultimately didn’t win the contest, his consolation prize more than made up for it. In addition to the free trip to Atlanta, he won $20,000 in cash.

He credits the data mining class he took at Fordham with his success; it was there that he learned how to build what’s known as a regression model, which allowed him to predict what the results of his proposed rule change would be.

What’s really appealing, he said, is the notion that data science and analytics can be used to help games evolve in new and exciting ways. In baseball, for instance, data analysis has confirmed that pitchers give up the most runs in the first and sixth innings, when starting pitchers are either just getting warmed up or are beginning to tire. As a result of this data, in the last year, teams like the Miami Marlins and the New York Yankees have experimented with “openers,” which are pitchers who only pitch the first inning.

“Data science and analytics have a really big impact on the game because you’re taking out the human bias and putting real numbers behind it. So I think I can actually have a big impact on something that I actually really love,” he said.

Rayvid’s success already has paid off in an especially tangible way. Even though he won’t finish his studies until August, this month he accepted a position as analytics manager with ESPN+, the sports network’s streaming platform.

“I’m going help them get more users by using analytics and data science. The contest came up a lot in the interviews, and one of the things they want to see is your passion for sports,” he said.

“Obviously, I’m a big sports fan, but having something on paper that I actually accomplished professionally was huge.”

Its neutral color scheme has been swapped with brighter shades: lime, emerald green, and sundry shades of blue. There are new touch-screen computers, glass whiteboards, and ceiling lights. And a dividing wall has been demolished, creating a continuous, looping corridor in its place.

“It looks more modern, tech-wise,” said Annie Nguyen, a junior computer science major. “It’s aesthetically better and has more space for students.” 

Over the past three months, the third floor—home to Fordham’s computer and information science department at Rose Hill—has received a $5 million makeover. Half of it was funded by a state grant; the other half came from Fordham funds, said Marco Valera, vice president for facilities management.

Making Strides in STEM

The third-floor transformation was spurred by Fordham’s growth in the STEM field, said Xiaolan Zhang, the chair of the computer and information science department. Over the past decade, undergraduate enrollment in STEM has more than doubled. Graduate enrollment in STEM has septupled, according to Fordham’s Office of Institutional Research.

“When I started in this department, we had maybe eight or nine graduate students,” said Palma A. Sisca, the computer and information science department administrator. That was in 2011. “We have close to 300 now.”

And since 2008, the percentage of women among the total number of STEM majors has increased—a fact that has not been lost on the students. 

“Statistically [nationwide], women are underrepresented,” said Nguyen, a Clare Boothe Luce Scholarship for Women in Science recipient. “But in my classes at Fordham, it’s not as uneven as I thought it would be.” Almost half of her classmates are women, she estimated.

Accordingly, a new ladies restroom—complete with a full-length mirror—and an all-gender restroom have been built on the third floor.

But one of the most striking improvements took place in the labs and classrooms. In the old classrooms, students shared long desks along three tiers, Nguyen said. They now sit in individual tablet arm chairs on a single plane.

The old labs seated students around the perimeter of the room. Now, the desks are clustered together to encourage collaboration among their peers. They also feature brand-new, black touch-screen Dell computers. Instructors can project any computer display to the classroom’s new flat-screen TV, and share a student’s coding work with the whole class. And with the press of a button at the edge of the table, the computer sinks into a slot, leaving more space for students to conduct hands-on projects on the table surface.

Clearing Space for Robots and Drones

The department-wide renovations extend to the JMH’s Robotics and Computer Vision Laboratory, where students operate drones with little black propellers—small enough that they can fit in the palm of your hand—and moving robots with sensors. Picture a little red version of Wall-E. They conduct indoor experiments that could assist, for example, human responders in disaster recovery efforts.

Before the renovations, there simply wasn’t enough space. Only one student could effectively run an experiment with the robots. Because of the new additions—workstations with shelves, a storage room, and a ceiling suspension system that holds cables and equipment—there is room for at least three students to run robotics experiments at once, and space for even more students to conduct other work, said Damian Lyons, founder and director of the lab. 

“It’s laid out as a lab, as opposed to just an accidental collection of tables,” said Lyons.

Those aren’t the only changes. Additional spaces—a faculty breakroom and a space entirely devoted to tutors and their mentees—have been created. The conference room and faculty offices have been upgraded. And the entrance to John Mulcahy Hall—the doors, terrace, and railings—was renovated to improve ADA access.

“We are now also one of the crown jewels of the University,” Sisca said.

To many, the threat to cybersecurity brings to mind a computer system breach, but it’s more than that.

According to Thaier Hayajneh, Ph.D., associate professor of computer science, modern-day algorithms have made it next to impossible to hack into computers, so most hacks today result from social engineering geared toward convincing unwitting users to give away their passwords. That is one reason the field is moving toward interdisciplinary expansion.

“Eighty percent of cybersecurity experts in the market right now come from fields as varied as management, business, law, or music, and they just jumped into cybersecurity,” he said. “This is something the National Security Agency and the Department of Homeland Security are pushing toward, because right now, we don’t have enough experts.”

Hayajneh, the new director of Fordham’s Center for Cybersecurity and MS Programs in Cybersecurity and Data Analytics, is spearheading several initiatives to help fill that gap. Last year, Fordham was designated a National Center of Academic Excellence in Cyber Defense Education by the National Security Agency and the Department of Homeland Security. The designation came in part because the University is home to a wealth of cybersecurity experts in interdisciplinary fields—within the computer science department, in the Gabelli School of Business’ Center for Digital Transformation, and in Fordham Law’s Center on Law and Information Policy.

Hayajneh hopes to leverage all of that expertise toward education, research, and outreach. In addition to a Master’s Program in Cybersecurity, the department plans to offer an undergraduate cybersecurity major and minor. Professional certificates, which can be earned through five courses, are also in the works.

To further broaden its reach, the center is also pursuing grants, such as the National Science Foundation Scholarship for Service grants, which cover full tuition and a stipend for students who commit to work for the Federal government upon graduation.

To illustrate cybersecurity’s interdisciplinary needs, Hayajneh pointed out that trying to predict terrorism by analyzing web sites requires experts in psychology and data analytics.

“If I give you a website, it would take you 10 to 15 minutes to look at it and determine whether the authors have bad intentions. But we are looking at hundreds of thousands, maybe millions of websites,” Hayajneh said.

“You can’t do this manually. Federal agents don’t have an automated technique to do it, so we are working with data analytics to develop techniques that can make this a more efficient process.”

Hayajneh’s own background lies in applied cryptography, cryptocurrency, blockchain, and authentication protocols for wireless networks. His current research is on algorithms used to secure devices such as pacemakers and insulin pumps. Security is paramount for them, he said, but so is efficiency and energy consumption.

Being wary of Barbie

The “Internet of Things,” as such devices have come to be known, is also of interest to Hayajneh’s students, he said. Refrigerators, baby monitors, and even Bluetooth-enabled Barbie dolls are vulnerable to a determined hacker if a person’s cable router is not secure. As with medical devices, there is a tradeoff—manufacturers can either install the strongest possible security protocols in their products or they can sell them cheaply, but they can’t do both.

“The Barbie is connected via Bluetooth to a web app, and the [dolls]can easily be hacked. They have a camera. They have a mic. So hacking them means that you can listen to everything in the house, and view everything in the vicinity of the camera,” he said.

Century-old technologies can also be pressed into service by unscrupulous actors, he said. One of Hayajneh’s students participated in a “white hat” exercise, where he called an unsuspecting worker and pretended to be a member of the IT department. Since the call showed up on caller ID as “IT,” and the student knew some basic technical information about the worker’s computer, the worker clicked on a web link that the student had e-mailed to him.

“He did it in real time in front of us, and then said ‘You know what, I’m going run to the restroom. You can do what you have to,’” said Hayajneh.

“My student had full access to his machine.”

Because psychology is so integral to tackling the problem, the center is reaching out to local schools, and undertook a recent collaboration with Lehman High School. Members of the center have also conducted awareness sessions and provided cybersecurity modules to community colleges for use in their curriculum.

Education is more important than ever, he said, because even though security algorithms are stronger than ever, people are using technology more widely than ever.

“Invasion of privacy is going to happen with more extensive use. Adults don’t care much that their coffee machine is connected through their other things to their router. That’s what’s really scary,” he said.

“I’m not worried about large institutions, because they invest in education. I’m worried about people who are just enjoying technology, and don’t understand the consequences of the privacy theft that could happen.”

In “The Internet at the Speed of Light,” Bruce Maggs, Ph.D. the Pelham Wilder Professor of Computer Science at Duke University and vice president for research at Akamai Technologies, described why slower internet speeds hurt consumers and businesses and how the system often thwarts efforts to speed up the delivery of data from computer to computer.

To illustrate the challenge, Maggs and his team downloaded the first 20 kilobytes from the 500 most popular websites in each of 103 countries—roughly 28,000 distinct websites. The medium download was 35 times slower than the time it would have taken at the speed of light.

This is nothing new, he said. Amazon.com has determined that every 1/10th of a second—a seemingly trivial amount of time—that customers are waiting for a website to load accounts for the loss of 1 percent of revenue.

“Whether we say we do or not or whether [we]perceive it or not, people browsing interactive web pages get frustrated and quit if the results aren’t fast,” he said.

Maggs said there are both technical and economic challenges related to the speed of data transmission. On the economic side, Internet Service Providers promote bandwidths as high as 500 megabits per second, but ignore “latency,” or how many milliseconds it takes data to travel between its source and destination.

On the technical side, internet traffic travels on optical fiber cables, which are 1.5 times slower than the speed of light in a vacuum. More vexing, however, is the way the internet is designed as a “network of networks,” as Maggs dubbed it. This is because internet protocols were designed to allow independent organizations to run their own networks and to route traffic as they see fit, he said.

In an experiment, he sent data from one machine in Warsaw, Poland, to another just across the city. It arrived, but not before it took a 660-mile detour through Frankfurt, Germany.

“There are thousands of internet service providers around the world all running networks. Each one is self-contained, but if it ever needs to talk to the rest of the world, there has to be a place where two networks peer and exchange traffic,” he said. “Although these two networks had a presence in Warsaw, they didn’t actually have a connection in Warsaw” and needed to make the “exchange” through Germany.

To get around these problems, Maggs suggested that networks work together more closely and to create incentives for faster delivery—perhaps through a separate subscription rate to those willing to pay for it. If the number of steps computers have to go through to establish a connection could be lowered, speeds could improve.

Another option, Maggs said, is the use of microwave towers like the system that high-frequency traders have built between Chicago and New York. The latest network is within 95 percent of the speed of light, and a second one is being considered between Chicago and Seattle, where a trans-oceanic cable runs to Tokyo.

Maggs said his research showed a system like it could be established among the 120 largest U.S. cities, on 3,000 existing towers. It would have limited capacity, however; thus would only be useful for people who would pay a premium—gamers, content providers, and content delivery networks, for example.

“You’d have to still bundle this with traditional service and you’d have to mediate with traffic that goes over the fast network versus the traditional network,” he said.

But by “shaving latency off interactions with their users, they’d make more profit.”

Maggs’ appearance was part of the Clavius Distinguished Lecture series.

 You’ll be sitting on a panel about education and cybersecurity. With the number of cybersecurity jobs expected to increase by 37 percent over the next 6 years, how would you describe a good cybersecurity education today?

Cybersecurity education has become an interdisciplinary program. It’s primarily a science and technology, but it’s also related to policy and society. There are many aspects, including cognitive science, psychology, political science, economics, sociology, law, as well as computer and information science. But you cannot just teach students the skills; you have to have the methodologies. A good cybersecurity education will provide the foundations, but above all students have to learn how to keep learning.

What are some of the newer issues to be discussed this year?

Insider threats. A company not only has to have a policy on cybersecurity that includes instant response, but they also have to prevent or predict something that might happen. Many of those intrusions are really coming from the inside. It’s called exploitation of the company’s cyber infrastructure. You can screen people before they get into the company, but you should also be able to identify and forsee people who may become disgruntled and might want to cause the company harm.

How about cyber health?

When we talk about cybersecurity we’re not just talking about cyberattack, we’re also talking about cyber exploitation, which may be happening to you and you’re not aware of it. That’s why we need to be aware of our cyber health. When you use a computer in a library and you don’t log out or delete your searches, you leave a fingerprint and people can get into your account. That’s not good for your cyber health.

What are some of the perennial topics?

Critical infrastructure remains very important, because so much of it, like the power grid, is connected to the internet. There’s been much progress, but there’s much more to do. Much of the critical infrastructure has been there for 50 to 100 years, and it’s difficult to revise or reinvent all of it. It also relates to what we call the “Internet of Things.” There are more physical devices connected to the internet than ever before—and that should also be a concern for cybersecurity professionals and policy makers. 

Is there money to be made amidst all the risk?

If the cybersecurity industry is to move ahead, it’ll have to attract more investment. Up until now, there haven’t been that many cybersecurity companies that have an IPO. It’s only recently become recognized as a place to invest, so we’ll be talking about venture capitalism and how to attract investment. Cybersecurity is so hot that every investor is trying to get in to it, but it’s not easy to make a decision on where to invest. From a tech point of view, cybersecurity is a good investment, but from a financial investment standpoint the risk may be pretty high. Many startups fill a niche, but if the niche is suddenly gone, it cannot sustain the growth. I’d say that cybersecurity is very different from a trendy niche or a traditional IT technology.