University of Southern Maine students are preparing to infect networks with malicious software, hack into hardware, secretly monitor user activity and lure Web surfers to predatory Internet sites.
And they’ll even get credit for doing it.
That’s because it will all happen within a controlled setting as part of a new cybersecurity curriculum in which they will examine technical, legal and ethical issues surrounding the collection, sharing and theft of sensitive data.
USM’s new Cyber Security Lab, which officially opens at the Portland campus Tuesday, will be a playground for hackers and other students seeking jobs in the booming high-tech industry.
But the interdisciplinary curriculum developed in the lab will extend far beyond information technology into areas such as corporate communications, law and even philosophy.
“It allows students to think about what (data) security means and how it fits into modern society,” said Julien Murphy, a professor and chairman of the USM Philosophy Department, who is involved in the project.
Security has become a nationwide issue as cyber-heists of sensitive data, such as credit card numbers, have become more frequent, widespread and sophisticated.
In late 2013, a high-profile security breach at discount retailer Target resulted in the theft of roughly 42 million customer credit card numbers and other information. Black market websites began offering for sale large batches of stolen numbers, including thousands belonging to Mainers.
On Aug. 14, the company that processes payments for Shaw’s supermarkets and other retailers reported a major security breach and said that sensitive customer data might have been stolen.
Cybersecurity analysts say data security breaches cost U.S. organizations billions of dollars in added expenses and lost revenue each year. The Target breach alone is estimated to have cost the company about $148 million.
USM faculty and staff came up with the idea to create a research lab dedicated to cybersecurity four years ago, said Glenn Wilson, associate research professor and director of information and innovation. They hoped to create an environment in which students could get hands-on experience, but the university lacked the necessary funding.
USM eventually obtained $1 million in grants from the National Science Foundation and Maine Technology Institute to fund the lab, Wilson said.
The foundation later awarded another $300,000 to install an isolated, private network connecting Maine’s public universities, which will be used for research.
“We plan to release viruses on it and say, ‘Clean it up,’ ” said Edward Sihler, a USM cybersecurity researcher and assistant director of the Maine Cyber Security Cluster.
The grants come with some strings attached, Wilson said. One is the development of teaching modules that could be introduced into a variety of university classes in Maine and other states. Another is educating the public at large about the importance of data security and how to maintain it.
Students will examine cybersecurity from multiple angles, the researchers said.
For example, students in USM’s Communication and Media Studies Department will study the most effective ways of notifying the public about a data-security breach and how to manage the public relations crisis that comes with it, associate professor of communications Maureen Ebben said.
In the Philosophy Department, students will discuss ethical issues surrounding access to sensitive information in terms of national security, privacy, confidentiality and conflicts of interest, Murphy said.
Department of Technology students will learn how to perpetrate and protect against security breaches, said Stephen Houser, director of USM’s Division of Information and Technology.
They will break things to learn how to fix them, he said.
“They’re getting experience on the ground, doing things that require creative thinking,” Houser said.
Even though fall classes have not yet begun, USM sophomore Alex Weeman and senior Eric Dubois already frequent the Cyber Security Lab.
On Wednesday, Weeman and Dubois were using a hacked router to divert a test subject to fake versions of popular websites that the students created, where they could monitor the subject’s online activity.
“They look so real that you don’t know the difference,” Weeman said.
Another security issue the students are examining is the vulnerability of public Wi-Fi networks, which they referred to as “evil at the coffee shop.”
Internet users should never input sensitive data, such as credit card numbers or passwords, over public Wi-Fi, they said.
One benefit of the lab is that it allows more experienced students to show beginners how cybercriminals perpetrate their crimes, Weeman said.
“It’s kind of like a magic show, but we show you how we do it,” he said.
USM does not offer a standalone degree in cybersecurity, but faculty and staff are considering the possibility of establishing one, Wilson said. The importance of data security is something every student – and every person – needs to understand.
“It’s not a matter of if you’re going to be attacked,” Wilson said. “It’s a matter of when, and what are you going to do about it.”