Cybersecurity Awareness Month: Expert opinion from Tony Dahbura
MEET THE EXPERT: ANTON T. DAHBURA, PHD
Dr. Anton Dahbura is the executive director of the Johns Hopkins University Information Security Institute, co-director of the Johns Hopkins Institute of Assured Autonomy, and an associate research scientist in computer science. His research focuses on security, fault-tolerant computing, distributed systems, and testing. He earned his BSEE, MSEE, and PhD in electrical engineering and computer science from Johns Hopkins University.
In previous roles, Dr. Dahbura has served as a researcher at AT&T Bell Laboratories, an invited lecturer in the Department of Computer Science at Princeton University, and a research director at Motorola Cambridge Research Center in Cambridge, Massachusetts. He has also held numerous leadership positions at Johns Hopkins University. In 2004, Dr. Dahbura received the Johns Hopkins Heritage Award for his service to the university.
THE STATE OF CYBERSECURITY TODAY
“Everyone needs more fundamental cybersecurity awareness,” Dr. Dahbura says. “This isn’t an issue that’s going away.”
Modern cybercrimes and cyberattacks occur at the personal, organizational, and nation-state levels. The precise cost of those attacks is difficult to measure: while statistics do exist, they’re unlikely to paint the full picture, as victims may not wish to publicize the fact that they’ve paid hefty sums to ransomware attacks in the past.
What is certain is that the number of attacks is going up, and so is the cost. In the last few years, cybercriminals have targeted not only individuals and businesses but also some of the nation’s most critical infrastructure. The nature of those attacks can range from highly technical to brazenly simple: even a straightforward phishing attempt, if successful, can have enormous consequences.
“The human factor is often the weakest point in a network’s security,” Dr. Dahbura says.
One way Cybersecurity Awareness Month seeks to bolster our nation’s cyber defenses is by improving the public’s cybersecurity literacy. Five simple steps can be taken to defend against cybercrime and cyberattacks:
- Enable multi-factor authentication
- Use strong passwords
- Back up your data automatically
- Recognize and report phishing
- Regularly update your software
Much like how regularly washing one’s hands and taking simple hygienic precautions helped slow the spread of a pandemic, these steps towards cyber hygiene, at scale, can make a sizable difference.
BUILDING THE IDEAL CYBERSECURITY PROFESSIONAL
For the general public, those five steps may be all they need regarding cybersecurity. But for the ideal cybersecurity professional, the learning never stops. It starts with a strong foundation in computer science, beginning at the undergraduate level, where one learns what can and can’t be done with networked devices and systems.
“It’s really important to have a solid computer science background,” Dr. Dahbura says. “You need to understand programming languages, operating systems, and networks. You have to understand how computers work, inside and out.”
In addition to the core curriculum and its electives, Dr. Dahbura also recommends taking some mezzanine courses: upper-division and graduate-level courses in security-related topics. Students who are truly committed to becoming top cybersecurity professionals should also seek out extracurricular events, like security-focused hackathons and capture-the-flag cyber-competitions. And, to stay up-to-date, they should also be attending cybersecurity conferences and reading cyber-related news regularly.
“Cybersecurity is a fast-moving field,” Dr. Dahbura says. “You need the foundation, but you also need other things that are building your knowledge on a day-to-day, week-to-week basis. You have to learn about new attacks, new defenses, new everything. This is a field that requires that.”
It’s possible to start working in cybersecurity with just a bachelor’s degree, but it’s becoming increasingly popular to complete a master’s degree as well. These allow a cybersecurity professional to become a cybersecurity expert, and many who graduate from these programs go on to become leaders in the field.
Several scholarships exist for cybersecurity students at the undergraduate, master’s, and doctoral levels. Perhaps most notable is the CyberCorps Scholarship for Service (SFS) program. Awarded through the National Science Foundation (NSF), it pays full tuition and a generous stipend for room and board. In return, all that’s required is for the scholarship recipient to work on cybersecurity for the US government for a length of time equal to the length of their scholarship.
“It’s an amazing scholarship,” Dr. Dahbura says. “If used in our master’s program, its value is close to $200,000. And then after graduation, you go to a well-paid job, where you’re doing interesting work. It’s really under-publicized.”
THE FUTURE OF CYBERSECURITY
As technology advances, the size, scale, and complexity of potential cyberattacks will, too. Phishing scams, which can already be difficult for the average person to detect, may become nearly indistinguishable from real emails once powered by AI, and AI-assisted cybercrime could also be cheaper and quicker to produce and proliferate. Even though cybersecurity professionals are increasingly using AI for cyberdefense, the average consumer will likely continue to face increasingly sophisticated threats.
As more and more sensitive data is stored online, people will need to rethink their relationship with cybersecurity. Dr. Dahbura notes that the Supreme Court’s reversal of Roe v. Wade, and the resultant anti-abortion laws in several states, have created moral, ethical, and legal concerns in the cybersphere. Someone searching on Google for information about reproductive services, or sending direct messages on social media about those services, may find themselves in legal jeopardy when their expectations of privacy are reversed.
“In our master’s program, we teach the technical aspects, but we also teach things like the legal, moral, and ethical aspects of security,” Dr. Dahbura says. “And it’s great to have people on the regulatory side with technical knowledge of what’s going on. Regardless of whether you’re a regulatory person, a policy person, or an engineer, I’d argue you need to have the full picture in order to be effective.”
In May 2021, President Biden signed Executive Order 14028, which focused on improving the nation’s cybersecurity, and this was followed in January of 2022 by a National Security Memorandum to improve the cybersecurity of the Department of Defense and intelligence community systems. These are hardly the first moves by a presidential administration to bolster the nation’s cybersecurity abilities, and they won’t be the last. Dr. Dahbura foresees cybersecurity undergoing a similar revolution to what IT experienced in the late 90s and early 2000s, to the point where every institution and business will have a dedicated cybersecurity specialist or department on staff.
“Cybersecurity is a field that’s absolutely exploding,” Dr. Dahbura says. “For the foreseeable future, there will be a strong need, a growing need, for cybersecurity specialists. What we’ve seen so far is just the beginning.”
RESOURCES FOR CYBERSECURITY AWARENESS MONTH
To learn more about the state of cybersecurity today, and how you can get involved, check out some of the resources below:
- Cybersecurity and Infrastructure Security Agency (CISA): The US government’s operational lead for cybersecurity, CISA and its partners work to understand, manage, and reduce risk to America’s cyber and physical infrastructure. Their website also includes several resources for cybersecurity students and young professionals.
- JHU Information Security Institute (ISI): The Johns Hopkins University Information Security Institute is the University’s focal point for research and education in information security, assurance, and privacy. Through ISI’s leadership, the University has been designated as a Center of Academic Excellence in Information Assurance by the National Security Agency and leading experts in the field.
- Hacking Humans: Hosted by ISI’s Joe Carrigan, Hacking Humans is a weekly podcast about social engineering scams, phishing scams, and criminal exploits that power modern cyberattacks. In May 2022, The New York Times listed Hacking Humans as one of its top podcasts.
- The CyberWire: A cyber-focused media outlet, The CyberWire is a key resource for cybersecurity students and professionals seeking to stay up to date on the constantly shifting cyber landscape, providing news, podcasts, interviews, and briefings on key issues.