Governor’s Cybersecurity Task Force (GCTF)

I am very happy to be part of the California Governor’s Cybersecurity Task Force (GCTF), serving on the Workforce Development and Education Subcommittee. The main objective of this subcommittee is to address the growing workforce gap; currently, there are 37,000 available cybersecurity positions in California, and 314,000 in the nation. About 70% of those positions require a 4 year degree or more.

The aim of our subcommittee is three fold: to enrich and standardize the educational pathway from K12 to PhD/Certification; to teach a general Cyber hygiene, both to the workforce and the public; and to help military, especially veterans, transition into civilian careers in Cybersecurity.

Computer Science at CI is well positioned to address some of the challenges:

  • A thriving program in Computer Science, with a minor in Cybersecurity; we are part of CyberWatchWest, we have a Cybersecurity student club, and we teach courses in Cybersecurity at the undergraduate and graduate level.
  • Experience in “hands-on” education, which is one of the aims of the workforce development. We have strong connections with the industry and the public sector (such as the SoCal High Technology Task Force).
  • An ongoing collaboration with the Navy, and have worked with both Navy officer and civilians as instructors and collaborators.

Please read more here.

SEAKER

Raspberry Pi controller, the hardware for SEAKER

In the summer 2017, while I was teaching COMP 524 (Cybersecurity) at California State University Channel Islands, the students were introduced to a project based on an R&D from the SoCal High Technology Task Force (HTTF). The requirements and specifications asked for a device that could automate the search through vast amounts of data contained in portable devices (such as hard disks and thumb-drives), looking for pre-established patterns in file-names.

The students designed and prototyped a device the we christened SEAKER (Storage Evaluator and Knowledge Extractor Reader), based on a Raspberry Pi, with a custom designed version of Raspbian (the OS running on Raspberry Pis), and a bash shell script for cloning such devices. The first presentation of SEAKER took place on August 7, 2017, to an audience composed of CI faculty and students, as well as investigators from the SoCal HTTF.

As SEAKER was being developed, it was presented at various other venues, for example:

We have also published the research resulting from the SEAKER project:

  • As the masters thesis of Eric Gentry, April 2019 [pdf]
  • In the proceedings of the 2019 Future of Information and Communication Conference (FICC) [doi]
  • To appear in the proceedings of the 2019 23rd International Conference on Knowledge-Based and Intelligent Information & Engineering Systems (KES), track: Cybercrime Investigation and Digital Forensics

The Beast project

The Beast at the SCHTTF forensic lab

In September of 2018, a group of CI students, working on their senior capstone project under my supervision, started to build a machine capable of massive parallel computing. We christened the machine “The Beast.” We undertook to build the machine following the specification of the So Cal High Technology Task Force (HTTF) digital forensics lab in Ventura County.

The Beast was built with five EVGA GeForce GTX 1080Ti, capable of massive computational parallelism, a MSI Z370-A-Pro motherboard, a i5-8400 CPU, as well as a Hydra II 8 GPU 6U Server Mining Rig Case, and power supplied capable of maintaining four big fans; cooling The Beast was an important part of the project.

Presenting The Beast at the Capstone Showcase

The students who participated in the project were, in alphabetical order, Noelle Abe, Benjamin Alcazar, Matthew Atcheson, Joshua Buckley, Joshua Carter, John Miller, Scott Slocum, Ryan Torres and Devon Trammell (the team leader). On May 2nd, after working on the project during both terms of 2018/19, and having overcome many technical difficulties, the team presented The Beast at the Computer Science Advisory Board Meeting and the Computer Science Capstone Showcase; following these presentation, The Beast was handed over to the SoCal HTTF digital forensics lab. As you can see from the first picture above, The Beast has settled in its new home, a cooling room at the HTTF lab.

Rattled by Cyberattacks, Hospitals Push Device Makers to Improve Security

Hospitals are pushing medical-device makers to improve cyber defenses of their internet-connected infusion pumps, biopsy imaging tables and other health-care products as reports of attacks rise.

Rattled by recent global cyberattacks, U.S. hospitals are conducting tests to detect weaknesses in specific devices, and asking manufacturers to reveal the proprietary software running the products in order to identify vulnerabilities. In some cases, hospitals have canceled orders and rejected bids for devices that lacked safety features….

Source: Rattled by Cyberattacks, Hospitals Push Device Makers to Improve Security – WSJ

The NSA Makes Ghidra, a Powerful Cybersecurity Tool, Open Source

THE NATIONAL SECURITY Agency develops advanced hacking tools in-house for both offense and defense—which you could probably guess even if some notable examples hadn’t leaked in recent years. But on Tuesday at the RSA security conference in San Francisco, the agency demonstrated Ghidra, a refined internal tool that it has chosen to open source. And while NSA cybersecurity adviser Rob Joyce called the tool a “contribution to the nation’s cybersecurity community” in announcing it at RSA, it will no doubt be used far beyond the United States.

You can’t use Ghidra to hack devices; it’s instead a reverse-engineering platform used to take “compiled,” deployed software and “decompile” it. In other words, it transforms the ones and zeros that computers understand back into a human-readable structure, logic, and set of commands that reveal what the software you churn through it does. Reverse engineering is a crucial process for malware analysts and threat intelligence researchers, because it allows them to work backward from software they discover in the wild—like malware being used to carry out attacks—to understand how it works, what its capabilities are, and who wrote it or where it came from. Reverse engineering is also an important way for defenders to check their own code for weaknesses and confirm that it works as intended.”

If you’ve done software reverse engineering, what you’ve found out is it’s both art and science; there’s not a hard path from the beginning to the end,” Joyce said. “Ghidra is a software reverse-engineering tool built for our internal use at NSA. We’re not claiming that this is the one that’s going to be replacing everything out there—it’s not. But it helped us address some things in our workflow.”

Source: The NSA Makes Ghidra, a Powerful Cybersecurity Tool, Open Source | WIRED

Invitation to the HAAS/CSUCI Cybersecurity conference

This event is now at capacity; if you didn’t get a spot, we hope that you can join us on October 7th, for the 2nd biannual HAAS/CI Cybersecurity conference.

I would like to invite you to the first meeting of the HAAS and CSUCI Cybersecurity Conference on February 11, 2019. This is going to be a biannual conference, to be held this year at HAAS on Feb 11, and at CSUCI on Oct 7.

This conference aims to serve Ventura, Santa Barbara and LA Counties. There is a lot of interest and need in the area of cybersecurity. We have local groups that work in

  • business & industry security
  • Navy security
  • digital forensics
  • compliance, policy and law
  • research & education

but it will serve all of us well to have a venue where we can all meet, learn about the latest software tools, best practices and certifications, and speak to fellow IT experts who are being proactive in defending businesses and infrastructure.

Please come and attend our first meeting at HAAS in Oxnard, and circulate this flyer among your colleagues and friends. As I said, a flyer with more information, in particular a registration email, will be circulated in January.