UMUC Adds New Network Security Track

Garth MacKenzie

By Andrea Martino

Whether it is an innocent prank by a high school student, like the one played by Matthew Broderick in the movie WarGames, or the malicious plotting of a corporate titan in The Net, Hollywood is not far from the mark when it portrays online mischief. The need for network security is all too real.

Now UMUC has designed a track of courses in information assurance (network security) for two graduate programs that will better prepare students in corporate, government, and nonprofit information technology arenas for dealing with the potential of security threats. In December, the university added an energy track of courses to five graduate degree programs, in part to protect energy facilities from terrorism.

On February 22, 2002, the National Security Agency designated UMUC a Center of Academic Excellence in Information Assurance Education in recognition of the university's programs in information assurance and its plan to incorporate new information assurance courses this fall in two graduate programs and in a new graduate certificate program in information assurance.

The distinction, which indicates that UMUC can produce professionals with the skills needed to improve the protection of the National Information Infrastructure, is becoming increasingly important. Last month, the U.S. House of Representatives passed a bill to expand research on protecting computer networks from terrorist attacks. The bill, H.R. 3394, now in the Senate, authorizes $878 million over five years for research on improving computer-network security.

Of 15 UMUC graduate degrees offered completely online, approximately half are in information technology (IT), e-commerce, and software engineering. The new track of courses, which includes such topics as intrusion detection, computer forensics, and disaster response and continuity of operations, will allow students to earn a specialization in information assurance for their Master of Science in Computer Systems Management (MSCSM) and Master of Science in Information Technology (MSIT) degrees. The courses can also serve as electives in any other UMUC graduate degree or certificate program. Courses in security and information assurance are also available at the undergraduate level.

UMUC's IT program—the largest and most comprehensive in Maryland—is operated in accordance with National Security Telecommunications and Information Systems Security standards. The university also offers collaborative programs with the National Defense University, the General Services Administration, and the U.S. Army Signal Center to provide graduate IT courses for chief information officers and signal officers, respectively.

"Because UMUC is such a leader in technology education—as well as state-of-the-art online delivery—information technology is not treated as a separate discipline," said Garth MacKenzie, associate chair and program director for the university's MSIT program, pointing to the Sloan Award UMUC received in November for institution-wide Web-based education. "We know that in today's Information Age, technology must be incorporated into all functions at every organization, and our 800 percent enrollment growth in advanced IT programs in five years tells us students agree."

Mary Hoferek

The growing need for information assurance is evidenced by the increasing prevalence of computer viruses, two of which—the Code Red virus and the Nimda worm—resulted in more than $3 billion in damages last year, prompting President Bush to appoint a cyberterrorism czar to address the threat of cyberattacks. In metropolitan Washington, Fort Myer and Fort McNair both were targets of a cyberattack on February 22, 2002, halting computer systems and affecting some 16,000 military users.

"We don't have all the tools needed to warn us that a system has been disrupted," said Capt. Alexander Isaac, officer in charge of the Military District of Washington Regional Network Operations and Security Center, of the attacks. "We are in the process of getting them now."

To exacerbate the threats of information breeches and their far-reaching effects on organizations large and small, the attacks come at a time when the world's global economy is becoming more dependent on e-commerce, driving firms to invest heavily in fending off cyberintruders.

Worldwide business-to-business e-commerce will total $823.4 billion by the end of 2002, according to eMarketer, and the strong growth will continue through 2004, when Internet-based, business-to-business trade is expected to total $2.4 trillion.

Meanwhile, the FBI estimates that U.S. businesses lose $138 million every year to hackers.

The Computer Emergency Response Team (CERT), a government-funded research group, warns that security holes have been found in devices that make up the backbone of the Internet. CERT research also revealed that the number of known security holes rose 124 percent to 2,437 last year and computer attacks climbed 160 percent to more than 52,000 during the same period.

"September 11 had almost nothing to do with information assurance," said MacKenzie. "It had a lot to do with intelligence. Information assurance has been a persistent problem for many years, and we made the decision to design this track of courses in December 2000. Because of September 11, 2001, though, I think we are all for good reason highly sensitized to terrorism of any kind."

To prepare for the fall start, UMUC seeks to develop "real world" applications with corporate partners this spring for a network systems laboratory so that students worldwide can utilize remote, hands-on training as support in their information assurance and telecommunications courses.

"The new lab's purpose, like the [purpose of the] database laboratory we established last fall, is to improve learning by enabling students to design their own work, because that simulates what they would do in industry," said Mary Hoferek, program director for UMUC's database systems technology track. "Most virtual labs simply utilize simulations to demonstrate the range of responses to manipulation of a single variable, and that is not our goal."

UMUC will be presented a certificate from the U.S. government at the sixth annual conference of the National Colloquium for Information Systems Security Education, to be held June 4 at Microsoft headquarters in Redmond, Washington.

For more information about the new information assurance track of courses, point your browser to www.umuc.edu/grad/news.