Cybersecurity educationNew Program: Hardware-Cybersecurity Education
Many commonly reported cyberattacks focus on computer software vulnerabilities. But what about computer hardware? As complex global supply chains are stressed by the pandemic, risks increase of corporate or state espionage via hardware, such as malicious “trojan” circuits hidden on a motherboard by a shady third-party vendor.
Phishing attacks, malware, distributed denial-of-service (DDoS) attacks, zero-day exploits. Many commonly reported cyberattacks focus on computer software vulnerabilities. But what about computer hardware? As complex global supply chains are stressed by the pandemic, risks increase of corporate or state espionage via hardware, such as malicious “trojan” circuits hidden on a motherboard by a shady third-party vendor.
Now, a new effort based at the University of Kansas School of Engineering aims to design course modules to train students in building and maintaining more secure computer hardware. The work is supported by a $400,000 grant from the National Science Foundation’s Secure and Trustworthy Cyberspace (SaTC) program. Of that, $163,000 will come to KU.
“When we think about cybersecurity, we think about software and network security, but hardware has become an important aspect of security — especially because the supply chain of electronic devices has become globalized,” said Tamzidul Hoque, principal investigator of the new grant and assistant professor of electrical engineering & computer science at KU. “Today, hardware is designed and manufactured by a number of different vendors, not just one specific vendor. For example, the Apple iPhone that you are using has components from untrusted vendors all over the world — that means security of the hardware is very critical.”
Yet, most college and university curricula for electrical and computer engineering and computer science focus on software security rather than hardware security.
“Some universities are trying to offer courses so that students get training on hardware security and then can join the industry,” Hoque said. “But the problem is these courses are often hard to propose or develop by institutions that don’t have a lot of resources. You need to hire a faculty member who’s an expert on hardware security to develop such a new course — and because these courses are usually elective courses, only a few students take them.”
Hoque and his colleagues, Swarup Bhunia of the University of Florida and Tauhidur Rahman of Florida International University, plan to change this by developing course modules on hardware security that can plug seamlessly into existing courses. Once the modules are tested and evaluated at their own institutions, the team plans to offer them free to colleges and universities across the United States. The team considers it as a new paradigm of cybersecurity education that enables the foundational training on security, without offering a new course.
