Cybersecurity complex open for business

Tour the three floors of the Global Cybersecurity Institute

Boris Sapozhnikov

RIT’s new 52,000-square-foot Global Cybersecurity Institute (GCI) has opened on campus.

More than one wave of infections swept across the globe in 2020.

Cybercriminals used the COVID-19 pandemic to up their attacks and create a pandemic of their own. According to the FBI’s Cyber Division, the number of complaints increased 400 percent from what they were seeing pre-coronavirus.

This cyber pandemic is just one of many cybersecurity issues that RIT experts are working to address in the new Global Cybersecurity Institute (GCI).

Late last fall, the GCI opened the doors to its 52,000-square-foot state-of-the-art facility on campus. With the institute, RIT is on its way to becoming one of the best places in the world for cybersecurity education, training, and research.

Other Research

  • Detecting fake online videos
  • Using artificial intelligence to predict cyberattacks
  • Vehicle-to-vehicle communications for smart and autonomous cars
  • 5G and wireless security
  • Preserving online privacy
  • Improving cybersecurity education

“Being able to work remotely and use digital technology in every aspect of our lives has tremendous potential to improve the world, but it also really opens up the attack surface,” said Steve Hoover, the Katherine Johnson Executive Director of the GCI. “At the GCI, we understand that and are aiming to make you and your digital-self safer.”

At the core of the cybersecurity problem is the fact that employers can’t find enough qualified professionals to hire for the more than 1 million unfilled cybersecurity jobs worldwide. RIT is working to change that.

In the three-story cyber­security institute, experts are coming together to train new professionals and students, as well as push the frontiers of research.

First floor: Cyber training center

At the heart of the GCI is the Cyber Range and Training Center, a virtual and physical lab for simulating network cyberattacks and problem-solving scenarios.

“When you walk into this room, you can experience what a cyberattack is really like,” said Justin Pelletier, director of the Cyber Range. “For cybersecurity experts and anyone involved in real-life cyberattacks, this is a giant sandbox where you can prepare and train without getting hurt.”

GCI organizers are currently constructing immersive incident response experiences for organizations to come in and face off against advanced persistent threats seeking to steal valuable information and wreak havoc.

“These experiences will be varied and customized, so participants will never know exactly what to expect—just like real life,” said Pelletier.

For example, participants might have to defend the network of a medical center during a natural disaster or discover a malware attack that could impact millions of retail customers.

The range has 30 computer stations and is capable of hosting more than 5,000 virtual machines simultaneously. It features a video wall with 1080p and 4K screens, a control room, a conference room, and electrostatic privacy glass walls.

LED lights that surround the room can bring the mood of a training scenario from a welcoming blue to a stress-inducing flashing red. Rumbling speakers can be used to mimic disaster scenarios, while temperature controls can literally turn up the heat of the situation.

Thanks to a more than $3.3 million contribution from IBM, the cyber range has also been equipped with some of the best Security Information and Event Management (SIEM) products on the market.

Across from the Cyber Range sits a large atrium and expansive configurable mini-conference space, where the GCI can host competitions, talks, workshops, and hackathons.

The first floor also features a section for teaching the general public about cybersecurity. The Cyber Experience Center has exhibits on cybersecurity history, cyber hygiene, student and faculty research projects, and hands-on demonstrations.

Second floor: Next generation of cyber defenders

This year, RIT’s undergraduate computing security program saw its largest incoming class ever. On the second floor of the GCI, several new lab spaces have been created to help train this next generation of cybersecurity defenders.

Hanif Rahbari, assistant professor of computing security, is teaching a wireless security course in the GCI’s new Network Security Lab this spring.

“The modern design and state-of-the-art equipment allow for a more diverse set of lab activities, beyond traditional networking labs, which helps further enrich the education our students get at RIT,” said Rahbari. “Now we have a more usable space for wireless security and networking equipment, software-defined radios, and antennas, among other things.”

In addition to the Network Security Lab, the GCI has two new security instructional labs and is home to the Eaton Cybersecurity SAFE (Security Assessment and Forensic Examination) Lab. A new Air Gap Lab in the building also gives students the ability to work with dangerous malware, while staying safely sealed off from the rest of campus and the internet.

More than 500 students are currently studying computing security at RIT, which has been nationally recognized for cybersecurity education and research.

The second floor has dedicated space for the students enrolled in the NSF’s CyberCorps: Scholarship for Service program.

These students earn a scholarship covering their costs at RIT, in exchange for agreeing to work at a government computing security job for the same number of years.

The GCI also has space for students participating in competitions and the university’s cybersecurity club RITSEC.

International Champs

A team of RIT students beat Stanford and 13 other colleges to win the Collegiate Penetration Testing Competition (CPTC) in January. The GCI hosted the event virtually.

RIT is the founder of CPTC, which is the premier ethical hacking competition. RIT is also a perennial contender at the National Collegiate Cyber Defense Competition.

Neha Sharma, a computing security master’s student, said she is happy to see these student spaces in the new building. As the graduate representative of RIT’s WiCyS (Women in CyberSecurity) Student Chapter, which is an independent program within RITSEC, and a member of RIT’s Collegiate Penetration Testing Competition team, she has seen first-hand how much these experiences can help students grow.

“The club members and competition leaders are always ready to help and guide you toward the right resources and direction,” said Sharma, who is originally from India. “RITSEC has become like a safe space for any student with an interest in cybersecurity to be among like-minded people, to learn from them, and grow—not only in the cybersecurity field, but as a person as well.”

Third floor: Making software more secure

The Global Cybersecurity Institute’s third floor is devoted to researchers tackling some of the most pressing cybersecurity problems of today and tomorrow.

Mehdi Mirakhorli is one of those researchers looking to make large-scale software systems more secure, faster, and more reliable.

Since joining RIT in 2014, Mirakhorli, associate professor of software engineering, has been working to analyze and change the way people create and maintain complex software systems. Today, with more than $4 million in support from the National Science Foundation, Defense Advanced Research Projects Agency (DARPA), and other organizations, Mirakhorli and his team of student researchers are working to change the culture of development.

“Fifty percent of vulnerabilities in today’s software systems are because of design flaws,” said Mirakhorli, who was named Kodak Endowed Scholar in the Golisano College of Computing and Information Sciences. “Today, we patch security bugs, but we don’t get to the root of the problem and identify architectural flaws in the software.”

Software architecture goes beyond just code, explained Mirakhorli. Whether it’s a banking system or electronic medical records, most software requires reliability, availability, security, and performance. However, if the pieces don’t fit together perfectly, the whole system can crumble.

“Not all programmers are designers that understand these important software design principles,” said Mirakhorli. “However, it takes years of experience to become a designer and they are expensive, so we have fewer of them in the industry.”

That’s why Mirakhorli made it his long-term goal to synthesize software design into something more intuitive, particularly or new learners and novice programmers.

In 2020, he received a prestigious NSF Faculty Early Career Development (CAREER) award for his efforts in software architecture.

His project aims to change software design and programming from a purely manual and exclusive task, to one in which a programmer and an automated design synthesis tool can collaborate to generate software design and implementation that meets its quality attributes scenarios.

“I’m essentially creating a new programming language that makes it easier for people to express design intent,” said Mirakhorli. “This tool would walk programmers through architecture step-by-step and tell them if they’re violating any design principles. This will lead to fewer errors and security problems.”

For example, programmers who are excited about adding a login and password to their system might not know exactly where to place their technology. If they locate it on the client-side, they could expose their system to an authentication bypass vulnerability.

With Mirakhorli’s tool in hand, a programmer would get an alert about this vulnerability and learn how to mitigate it.

As part of the CAREER award, Mirakhorli is looking at software design from a cognitive perspective. He meets with new students, novice programmers, and expert designers to learn how different people approach architecture problems. He is also developing artificial intelligence that can learn best practices from good software systems out in the world today.

In the GCI’s research space, Mirakhorli is also guiding a team of student researchers that is creating different tools and techniques coders can use to make more reliable and secure software.

“Ultimately, we hope to make all of our software secure by construction,” said Mirakhorli.

Cybersecurity Bootcamp

The GCI is home to RIT’s Cybersecurity Bootcamp—a 15-week immersive training course that is helping people switch careers and join the cybersecurity workforce.

Integrating RIT’s world class Cyber Range and strength in interactive games and media, this innovative offering integrates classroom and lab work with work experience in a simulated real world cyber business. This highly innovative training model prepares professionals from all backgrounds (even those with no prior coding or IT experience) for critical entry-level cybersecurity roles that come with an average salary of more than $50,000 a year.

The bootcamp is being delivered remotely and new cohorts start almost every month.

Recommended News