Eaton partnership boosts cybersecurity learning and research
For cybersecurity students in RIT’s new Eaton Lab, the first step in fixing a product is to break it.
“That’s the goal of our penetration tests,” said Issa Hafiri, a computing security graduate student from Palestine, who’s working in the Eaton Lab. “Look at the internet-connected device from an attacker’s perspective and figure out how to leverage its vulnerabilities.”
Beginning last fall, a team of three students and one lecturer began the partnership with Eaton Corp., a global power management company that offers an array of electrical products and services. By performing penetration tests and vulnerability analysis on internet of things devices created by Eaton, students are gaining hands-on experience while helping the company better secure their new products.
“There is a demand for cybersecurity talent throughout the U.S.,” said Max Wandera, director of Eaton’s Product Cybersecurity Center of Excellence (CoE), Electrical Sector. “The lab allows Eaton to leverage our experience to train students majoring in computing security at RIT on our products and build trust and branding that will help Eaton tap into this top talent.”
In the extracurricular lab, Hafiri strategizes with Christian Halbert, a fifth-year computing security student from Nunda, N.Y., Kegan Sovay, a third-year computing security student from Canton, N.Y., and Robert Olson, a lecturer in RIT’s Department of Computing Security. Every few weeks the team receives a new Eaton product to dissect.
The devices come with an architectural review for students to better understand how the device works and would be used in the field. While some devices may need to communicate securely with cloud services using Bluetooth, others could be web-facing and vulnerable to denial-of-service attacks. Security can’t be overlooked.
“We appreciate Eaton’s assistance in providing field experience to students,” said Olson, who is also technical director of the SAFE (Security Assessment and Forensics Examination) Lab in RIT’s Center for Cybersecurity. “This type of hands-on, experiential learning is critical for understanding offensive methodologies and will help students whether they choose to pursue defensive or offensive security roles in the future.”
After analyzing the attack surface of the product and its functionality, the team determines the best avenue of attack and commences the authorized penetration test. From the test results, they develop a comprehensive written assessment that details hardware and software security weaknesses in the product and the associated risks.
“This process is a fun challenge,” said Halbert. “It changes your mindset from looking at the process step-by-step, like in an academic lab, to looking at security from a broad sense.”
Throughout the spring semester, the team will continue their work with Eaton. They even hope to see familiar products come back their way, with a few modifications.
“We’ll get products back and see that the problem is gone because of something that we did,” said Hafiri. “People rely on your work to make their products more secure, and that’s really rewarding.”
April 18, 2019
Partnership brings business education to Rochester classrooms
A unique community collaboration among Saunders College of Business, Junior Achievement and local elementary schools introduces young minds to business, economics and free enterprise through discussions, hands-on activities and video lessons.
April 18, 2019
Imagine RIT visitors get to control RIT’s ‘Weather Machine’ in new two-story-high video game
Imagine RIT visitors will help keep the skies above RIT clear during the festival on April 27, in a new video game on display at the MAGIC Spell Studios building. Festivalgoers can play “Weather Defense: A Two Stories High Video Wall Game” on six large 4K displays, mounted two stories up the atrium wall of the new 52,000-square-foot MAGIC building.
April 17, 2019
Why You Can No Longer Get Lost in the Crowd
Guest essay co-written by Evan Selinger, professor of philosophy, published in The New York Times.
April 16, 2019
Mahany Welding Supply donates equipment to College of Engineering Technology
Mahany Welding Supply donated two gas metal arc welding cells and two gas tungsten arc welding cells to be used within an advanced manufacturing degree program in RIT’s College of Engineering Technology to provide needed workforce skills.