November 11, 2022 — The National Science Foundation (NSF) has awarded Elias Bou-Harb, associate professor of cyber security in UTSA’s Carlos Alvarez College of Business, two grants totaling $1.5 million to further his work on Internet of Things (IoT) and critical infrastructure security.
Focused on research, development, operations and training, these grants include collaborations with researchers at UTSA, Vanderbilt University, San Diego State University and the University of the Incarnate Word, including projects with two researchers who received their doctorate degrees from UTSA.
The IoT refers to physical devices such as Ring doorbells, Amazon Echos, Apple smartwatches or Nest thermostats with sensors, software or processing abilities that interact with other systems over the Internet. It is estimated that around 30 billion IoT devices will be online worldwide by 2030.
Consumers are drawn to these devices for their convenient features, but cyber criminals have found ways to utilize this technology for nefarious purposes.
“These devices are attractive targets for attackers and state-sponsored actors who abuse them to gain access into critical networks because of their lack of fundamental security measures, access policy controls and patch management capabilities,” said Bou-Harb, director of The UTSA Cyber Center for Security and Analytics, a university-wide center focused on cyber security research, development and training initiatives.
The first project, “Collaborative Research: CISE-MSI: Active and Passive Internet Measurements for Inferring IoT Maliciousness at Scale,” began this month. The three-year $500,000 grant is dedicated to support research endeavors for minorities pursuing cybersecurity careers.
Using data-driven methodologies, the researchers will design and implement algorithms to fingerprint exploited IoT devices and discover their inherent security problems. Work will begin first on consumer devices, which are readily available, but will also include an analysis of sensors deployed in critical infrastructure systems such as power grids and water systems. The researchers will develop mitigation tactics for improving Internet security on IoT devices.
“We’ll tackle this project in two different ways. First, we’ll analyze IoT devices and report on our findings from studying the equipment in our laboratories. Then, we’ll analyze the network traffic from these devices to better understand their characteristic traits and security protocols remotely,” said Bou-Harb, who specializes in this type of network traffic research.
Following the research portion of the project, the collaborating institutions will incorporate the knowledge they gain into the classroom through virtual labs and workshops focused on female and minority students.
“We hope to impact the domain by expanding the training in the future to professionals in the field and other institutions including community college students as well as high school students,” said Bou-Harb.
The second grant, “Collaborative Research Cyber Training Implementation: Medium Cross-Disciplinary Training for Joint Cyber Physical Systems and IoT Security,” is a $1 million grant co-led by UTSA faculty members Paul Rad, an associate professor, and Rita Mitra, a professor of practice from the UTSA Department of Information Systems and Cyber Security.
Uniquely studying both cyber and physical attacks, the researchers will focus on critical infrastructure security in water systems related to water quality. The primary focus of this grant will be on enhancing the cyber security and data science workforce, with a complementary research component.
“For this project, we’re not just looking at the sensors, but we’re looking at how these sensors and the civil engineering infrastructure actually interact with each other and the security implications of this type of interaction,” said Bou-Harb. “Why is this important? Because typically security and physical control researchers conduct their research independently.”
The training objective for this project involves three components: virtual labs with simulation toolsets, curriculum development and interdisciplinary workshops with private and public sector partners.
“Most of today’s wars are not physical. They’re either economic or cyber wars,” said Bou-Harb. “By attacking critical infrastructures like a water system, you can paralyze a country. As an academic we get to address these evolving problems before they can become a reality. And while publishing is one outcome of this work, it is meaningless if it can’t be put into practice in society.”
Recognizing the security risks found in IoT devices, how can a consumer protect themselves and their families?
“Don’t adopt technology blindly,” said Bou-Harb. “Understand what security implications exist when you bring a new device into your home since all devices are vulnerable to exploitation. And, only choose products that you truly need.”
UTSA is home to the top cyber security program in the nation according to the Ponemon Institute. It is also the only Hispanic Serving Institution in the nation with three national center of excellence designations from the U.S. Department of Homeland Security and National Security Agency. It is a Center of Academic Excellence in Information Assurance/Cyber Defense Education, in Cyber Operations and in Information Assurance Research.
UTSA excels in both cyber academic programming and research. The Alvarez College of Business offers a B.B.A. in Cyber Security online and in person, a B.S. in Applied Cyber Analytics, a M.S. in Information Technology degree with a concentration in cyber security and a Ph.D. in Information Technology with a concentration in cyber security.