Outthinking The Bad Guys Part of the Job at NUCIA

• 2006/03/01

• search keywords:
• information assurance

Company A suspects Company B of hacking its computers and spying on its internal activities. Accordingly, Company A hires specialists in "Information Assurance" to verify that its security has been breached-and to help plug the holes.

Once the Information Assurance (IA) experts begin checking Company A's systems, however, they discover that Company A is in reality spying on Company B. Was the spying the result of some organized internal plan to infiltrate Company B? Was it the work of some rogue employees of Company A, working outside their directive in order to find ways to advance their own careers? Or, could it have been the work of a cyber-terrorist cleverly using Company A's computer system to cover his tracks as he penetrates Company B's systems?

It's a scenario that fascinates fans of techno-thriller novels-and students of the Nebraska University Consortium on Information Assurance (NUCIA).

Founded by the Peter Kiewit Institute and the UNO College of Information Science & Technology, NUCIA (pronounced "new-sha") has garnered considerable recognition. Most recently, it was re-designated a National Center of Academic Excellence in Information Assurance for the academic years 2005-2008 by the U.S. Department of Homeland Security and the NSA. NUCIA was one of the first 20 centers to receive the designation, in 2001.

Directing NUCIA is Blaine Burnham (pictured), a 62-year-old professor and research fellow with a penchant for New Age music, collectable medallions and Hawaiian shirts. His career has been just as varied. Burnham worked more than a decade with the National Security Agency (NSA), serving as division chief of the Infosec Research Council and in other information assurance roles at the Los Alamos National Laboratory and Sandia Laboratory in New Mexico. Immediately prior to joining UNO's faculty he was director of the Georgia Tech Information Security Center.

Burnham characterizes IA as an emerging, rapidly expanding science that addresses problems in the fundamental understanding of the design, development, implementation and life-cycle support of secure information systems.

"It's fun, invigorating, interesting and compelling," he says. "At its finest it's better than chess. Can you outthink the bad guy? Can you defeat the bad guy before he knows he's defeated? Knowledge in IA gives a person the opportunity to work in neat places with some really neat stuff."

A bachelor's degree in IA is being developed from its current standing as an area of concentration for IS&T graduate and undergraduate students studying computer science (CS) or management information systems (MIS). A degree could provide many career paths in industry, government, academic and research arenas.

"We offer programs that bring bright young people along to where they understand how you do and don't build a secure computer system," Burnham says. "It's in-depth experience that will have lots and lots of long legs to it."

Brian Wiese earned his bachelor's degree from UNO in computer science with a minor in MIS and concentrations in Internet Technologies and IA. He is working toward a master's degree in CS at the Naval Postgraduate School in Monterey, Calif.

"After I finish my graduate degree, I will work in civil service to strengthen the IA capabilities of our nation," Wiese says, "and quite possibly make a long career out of it."

NUCIA, he says, helped chart his future. "NUCIA has been the catalyst to strengthen my academic understandings and my professional entrance into the IA world through internships with Lockheed Martin, Sandia National Labs in California and the Department of Defense. Personally, I've been excited, inspired and thoroughly prepared to pursue my career aspirations with a strong foundation in computer science and IA."

Sophie Engle, who received her bachelor's degree in computer science in 2002, is studying for her doctorate at the University of California, Davis. She became involved in NUCIA through mentoring and independent study courses with Burnham and Ken Dick, telecommunications chair.

Engle says NUCIA gave her valuable experience conducting and critiquing research and presenting her findings to industry professionals. "Without my experiences at NUCIA," she says, "I doubt I would be in graduate school."

Students utilize two high-tech, well-outfitted labs at IS&T. The Security Technology Education and Analysis Laboratories (STEAL) are continuously monitored and completely isolated from university production networks and the Internet.

As part of their study, students learn about ways to attack information systems. Due to the potential harm through the misuse of such information, they are required to sign an ethics statement. "Basically, it says that they know the difference between right and wrong, that they won't do wrong, and that if they can't tell the difference, they'll stop and ask," Burnham says. "That's not complicated."

The scope of NUCIA is purposely designed to be inclusive and broad. In addition to traditional technical areas of information assurance, NUCIA students work in CS and MIS, criminal justice, public policy, law, national and international security, cyber terrorism, health informatics and privacy.

If approved, an undergraduate degree in IA would afford students the opportunity to fulfill their general requirements by including several focus areas of study-Middle Eastern, Eastern European, Post-Soviet Eurasia, Latin America and Western Pacific.

"That way, you'll come out of this with a cross-cutting view of some geo-political environment other than your own," Burnham says. "We think our direct effort to foster a broader understanding will pay remarkable long-term dividends for our students throughout their lives."

Such a broad overview is beneficial to NUCIA students, says Megan Benoit, who earned her bachelor's in CS from UNO in May 2002. She currently is employed as an information assurance engineer with an Omaha-area Department of Defense contractor.

"NUCIA taught me the value of having individuals with similar interests and drives around, even if all you were doing was bouncing ideas off of each other," Benoit says. "I learned to see IA in ways I never really thought of before, to consider problems from angles I had never thought of. I learned to understand that IA is more than just 'information security' or 'computer security,' and that it has value beyond what companies typically label as simply, 'return on investment.'"

She says she draws upon the knowledge she gained at UNO and NUCIA every day to do risk analysis, evaluate new technologies and examine current architectures and ways of doing things. "Without that fundamental knowledge and understanding of how computer systems and networks work, and how IA fits into each and every aspect of an organization, I would certainly not be as effective, or my talent as valued," Benoit says.

Her appreciation goes to the top. "It takes world-class individuals to make a world-class program, and I cannot thank Dr. Burnham enough for working with UNO to produce an IA program to be proud of," she says. "Dr. Ken Dick is another world-class individual. I learned everything I know about computer networks from him, and I can't count the number of times I use that information in a day.

"There are many others involved with NUCIA who help make the program one of the best, and current and future students at UNO should consider themselves lucky to have the opportunity to learn from them."

Although developing and teaching such a high-security, cutting-edge field of study appears complicated, Burnham has a way of simplifying it.

"I see myself as a value-added reseller," he says. "I want students to understand what technology can and can't do regarding the need to protect information. I want them to understand how to help organizations act and behave according to their own rules.

"And," he adds, smiling, "I teach kids it's important to shred your garbage."