University of Idaho opens new cybersecurity training center in Post Falls
It sounds like a state-of-the-art burrow in a Tom Clancy techno thriller – the Cybersecurity Training and Operations Center.
Instead, it’s a new extension of the University of Idaho inside the college’s Post Falls research park. Here, aspiring computer security experts can prepare and test for their professional certifications, and employees in the field can pursue on-the-job training.
In addition, a laboratory will use simulated cyberattacks as a training tool, and area businesses can learn how vulnerable they are to a security breach and what to do about it.
“It’s like a command center, an air traffic control room,” said Karen Thurston, the center’s director and head of Emerging Technology Business Development at UI.
The professional development and technical education program is a response to the escalation of cybercrime targeting companies and organizations, and a growing demand for cybersecurity experts.
Michael Meline, director of data and security at Kootenai Health and a catalyst for the UI center, recently taught a certification class at the site, located near the Greyhound Park and Event Center in west Post Falls.
With the regularity of cyberattacks on companies, Meline is alarmed there aren’t more experts in this field working in the Inland Northwest. “I would expect to have five to 10 times the number of cybersecurity professionals in our area, at least,” he said.
The job outlook is encouraging for people with these skills. Information security analyst positions are expected to grow by 14,800, or 18 percent, from 2014 to 2024, according to the U.S. Bureau of Labor Statistics. In 2014, the median pay was about $89,000 a year.
“I don’t care if you’re a mom-and-pop or a multibillion(-dollar) company, every company out there needs cybersecurity,” said Meline, whose background is in law enforcement, banking security and medical security. “If they look at their computer logs they will find out they are under attack on a regular basis. They need to know that and they need to act on it.”
Seminars underway
The UI is kicking off the program with a two-year state workforce training grant and private-sector support totaling $460,000. The university expects to enroll 31 students in the program, with a potential open enrollment of up to 350 students.
The professional development component, geared toward those with a bachelor’s degree and/or three to four years of work experience, began in November with a certification preparation seminar held over three weekends. A similar 10-week certification seminar will begin next Tuesday.
The lab is expected to open in the next couple of months.
A curriculum for the on-the-job training component is being developed with help from Avista Utilities, Tier Point, Kootenai Health, Fire Eye, Intrinium and BAE Systems Applied Intelligence. Through a series of classes over a year or two, workers will become fully qualified security specialists capable of detecting and reacting to breaches.
A local Internet service provider, for instance, might send employees there to enhance their skills, Thurston said.
“They might be a small company themselves, but they’re managing the Internet for thousands of people,” she said. “That would be a place where a security specialist would really be a valuable person to have on staff.”
Businesses too small to employ a security expert still could benefit from the UI program’s new security operations center.
“Initially we’re going to set up our own network, and students that come in will be able to use some tools to understand how networks get monitored,” Thurston said. “We’re then going to open this up to the community.”
A retailer or office could come in for a free consultation to learn about their computer vulnerabilities and options for better defenses.
The program has caught the attention of Gary Chapman, a producer and surplus lines broker with Coeur d’Alene Insurance. Small-business owners need help learning what they can do to lower their risk of cybercrime, Chapman said.
Businesses that lose customer data in an attack are required by law to notify their customers and perform a forensic exam of the breach, and both can be expensive, he said.
“The average cost of the notification is $100 to $150 per customer,” Chapman said. “Even the loss just in terms of the legal expense can run into the tens of thousands of dollars.”
He added, “We are doing our best to make them aware of the exposures, but most people don’t believe it’s going to happen.”
The global online marketplace has helped mom-and-pop retailers boost sales and stay competitive, but that also multiplies their exposure to cybercrime.
“I tell people technology is enabling you now to have customers all over the world, from anywhere, but it also means criminals can get at you from anywhere,” Thurston said.
Already under attack
In an effort to improve awareness of cybersecurity risks and help businesses and organizations learn how to protect their systems, Meline at Kootenai Health founded the Community Security Coalition three years ago. Serving the Inland Northwest, the coalition hosts a free security training seminar once a year as well as shorter training sessions each quarter.
At the last daylong session, the group discussed predictions for cybersecurity attacks in 2015, then ended with a mock assault and how the latest security systems can protect a network. “We showed what a full-scale attack would look like and how you defend against it,” Meline said.
About 200 people are following the coalition’s programs, but few of them are cybersecurity professionals, Meline said.
“What we’re finding is more companies are starting to recognize the need as we go through this training,” he said. “A common scenario is we have an IT director who will come in and attend one of our meetings, go back to their company and start talking about what they should be doing, and the company will reach out and ask for help.”
Most businesses already are under attack by computer hackers, but many times they don’t know it, he said. “The vast majority of companies out there do have some kind of security event occurring regularly.”
Criminals steal all sorts of information on customers, clients and employees. But some also take over the computer system in order to commit other crimes.
“So not only are they stealing data from you, they are using you to attack other people, other companies, and gaining information through the use of your system,” Meline said.
Malware is becoming more resistant to anti-virus programs, requiring a layered approach to security, he said.
Meline encourages small businesses to get involved with the coalition’s free seminars and meet professionals who can assist them at little or no cost.
It’s not just external threats they must worry about. Meline has seen many security breaches triggered by employees, intentionally or not.
“Internal employees are just as much of a danger in a cybersecurity program as the hackers out there,” he said.
He also sees attacks being launched from every corner of the world, including within the U.S.
“This is real, it’s happening to everybody, and we need to prepare ourselves,” Meline said. “It is almost like a war that we’re fighting right now. The unfortunate thing is, the enemy, it could be anybody.”