The National Security Agency and the Department of Homeland Security have named Virginia Commonwealth University a National Center of Academic Excellence (CAE) in Cyber Research. The CAE program promotes higher education and research in cyber defense to reduce vulnerability in the national information infrastructure.
“This designation is important because it places particular emphasis on technologies involving the collection, exploitation and response to specialized cyber operations," said VCU President Michael Rao, Ph.D. "Thanks to the considerable expertise of our faculty and staff, including in the College of Engineering, VCU is a recognized leader in new technologies that are critical to intelligence organizations tasked with national security and with is creating the skilled and highly trained workforce upon which the nation’s security depends.”
VCU’s designation as a CAE, which is effective through 2025, is particularly relevant today, said Barbara D. Boyan, Ph.D., the Alice T. and William H. Goodwin, Jr. Dean of the VCU College of Engineering.
“COVID-19 has taught us that we are now firmly in the digital age, with computers, tablets, smart phones and even implantable medical devices, all playing a role in how we conduct business and manage our lives,” Boyan said. “Each of these technologies brings vulnerabilities that can impact information security. VCU has accepted this challenge by providing our students with the skills that they need and by conducting research in cyber to ensure our safety and welfare.”
VCU, Virginia Tech, the University of Virginia and George Mason University are Virginia’s only schools to meet this designation’s rigorous criteria regarding publications, funding and M.S. and Ph.D. degree production in multiple areas of cybersecurity.
“This was a team effort on the part of many computer science and other VCU faculty members, building on our earlier designation as a Center of Academic Excellence in Cyber Defense Education. Computer science faculty are known, for example, for their cryptography and blockchain research. For the latter, they have started a company, as well,” said Krzysztof “Krys” Cios, Ph.D., D.Sc., M.B.A., professor and chair of VCU’s Department of Computer Science.
The designation also reflects VCU’s highly interdisciplinary approach to cybersecurity research, which includes its computer science, electrical and computer engineering, information systems and homeland security and emergency preparedness departments.
“The modern problems of cybersecurity are not just tied to technology,” said Milos Manic, Ph.D., professor of computer science and a fellow of the Commonwealth Cyber Initiative. “There are aspects of computer science, human factors, policy, ethics and the increasing presence of artificial intelligence (AI) and cybersecurity. This is what makes cybersecurity complex. Solutions that don’t take all of those aspects into account do not truly work and leave us vulnerable to threats.”
Manic is also the director of the VCU Cybersecurity Center. Established in 2018, the center has been the key institutional entity in obtaining VCU’s status as a Center of Academic Excellence in both cyber defense education and cyber research. It is housed in VCU Engineering’s computer science department, whose faculty members run labs dedicated to blockchain, resilience of critical infrastructures, wireless networking and mobile computing, malware and digital forensics and lead the university in cyber research funding.
The university currently has more than $2.1 million in cyber research funding from the National Science Foundation, the U.S. Department of Energy and other agencies. In the last five years, VCU researchers have authored more than 140 peer-reviewed publications on cybersecurity and cyber defense.
VCU also leads the Central Virginia node of the Commonwealth Cyber Initiative, established in 2018 to support Virginia’s national and international leadership in cybersecurity, data technologies, autonomy and related emerging technologies.
The university has been active in research to help secure cyber-physical systems, which use embedded computers and networks to control physical processes. Examples include autonomous vehicles, power plant equipment, industrial 3D printers and medical devices.
“These autonomous systems are the wave of the future. As more and more wireless systems engage with machines, there are new cyber vulnerabilities that have to be planned for to prevent attacks on physical infrastructure,” said Erdem Topsakal, Ph.D., professor and chair of VCU’s Department of Electrical and Computer Engineering and director of the Central Virginia node.
To that end, Topsakal said plans are in the works for two new cyber-physical systems labs at VCU. One will focus on medical device security. The other will be an elaborate smart city test bed featuring a two-city-block model with automated health care, security and transportation systems.
As artificial intelligence and cyber-physical systems drive more municipal infrastructure, cybersecurity policy questions emerge, including the legal and strategic implications of dealing with threats from state and non-state actors, and how to balance security with the right to privacy.
Christopher Whyte, Ph.D.,is an assistant professor of homeland security and emergency preparedness and a VCU Cybersecurity Center fellow. Whyte is widely published on issues of cyber conflict and doctrine, information warfare and artificial intelligence. He sees the application of advances in deep learning to cyber and information operations as among the most important trends for future cybersecurity policy research.
Continued growth in laboratory facilities will be crucial to VCU’s ongoing success in cyber defense education and research, said Irfan Ahmed, Ph.D., the assistant professor of computer science who spearheaded VCU’s application process for certification as a Center of Academic Excellence.
“NSA wants to see cybersecurity being taught in labs where students can deal with cyber threats hands-on,” he said. “It’s a very different skill set. Students can run network penetration simulations and reverse-engineer live malware. This requires dedicated networks, of course. You can’t run malware on university networks. But if they can conduct those kinds of real-world exercises, students at all levels gain a deep technical knowledge that they don’t get otherwise.”