Municipal governments across the nation use computer systems in almost every facet of their day-to-day operations. Communications to emergency responders are dependent on intact communication channels. Essential service providers such as police, fire, medical and education personnel depend on computers and networks to do their jobs. Utilities are also dependent on cyber platforms.
But what happens when a cyber attack disrupts these essential services?
Dr. Greg White, professor of computer science and director of the Center for Infrastructure Assurance and Security (CIAS) at The University of Texas at San Antonio (UTSA), says many communities would be unprepared if their computer systems were to suddenly go offline due to a cyber attack. Electronic financial transactions would halt. Medical records would be irretrievable. First responders would have no way to track and respond to life-threatening emergencies. The list goes on and on.
For more than a decade, White and his colleagues at the UTSA CIAS have been teaching governments across the nation how to prevent, detect and respond to cyber attacks. The CIAS' courses are based on its unique Community Cyber Security Maturity Model, which helps communities across the country protect their assets and the citizens who rely upon the availability of those resources.
"We generally find that cities and communities have great incident response plans in place for traditional emergencies, but those response plans haven't been expanded to include cybersecurity attacks," said Ray Sims, CIAS assistant director of Infrastructure Assurance Programs. "Cyber attacks are an ongoing, volatile threat that cities must address. The training we are developing will allow communities to identify and address the vulnerabilities in their computer networks so they can take steps to prevent cyber attacks, or respond decisively."
Over the next three years, UTSA will receive $300,000 as a grant partner on a $2.3 million total grant awarded to the National Cybersecurity Preparedness Consortium (which is chaired by the CIAS) from the Federal Emergency Management Agency. The Norwich University Applied Research Institutes, a Consortium partner, is the project lead. CIAS will develop online training specifically for emergency managers. The Consortium's group of cybersecurity collaborators also includes the Texas A&M Engineering Extension Service (TEEX), University of Memphis Center for Information Assurance and University of Arkansas System Criminal Justice Institute.
Since 2004, the Consortium's members have developed, delivered and updated cybersecurity and cyberterrorism training and exercises nationwide to a targeted audience of municipal leaders and critical infrastructure technical personnel. The programs have reached individuals in 40 states and garnered consortium members widespread recognition among state and local government leaders and information technology departments, federal and law enforcement agencies, colleges and universities, training academies and other U.S. organizations.
UTSA's multimedia training, a course titled Developing a Cybersecurity Annex for an Incident Response Plan, will include case studies, best practices, samples and templates to help municipal officials develop a cybersecurity strategy to include in their community's incident response plan. The training, to be hosted by TEEX and offered online free to participating communities, will be especially relevant to small communities, which often do not have the financial resources to properly address emergency planning and response to cyber attacks.
UTSA students participating in the CIAS Intern Program will help develop the multimedia and online courseware associated with the 3-hour FEMA training module. Through the CIAS Intern Program, UTSA students from different disciplines have the opportunity to support UTSA's cybersecurity outreach programs and work at the cutting edge of national cybersecurity protection.
Cybersecurity education, research and outreach is one of many areas advancing UTSA's goal to become a Tier One university. Since the CIAS was founded in 2001, it has garnered $35 million in federal funding and trained more than 7400 individuals in 24 states. An additional 41,000 university undergraduates and high school students have competed in CIAS' annual National Collegiate Cyber Defense Competition and the high school-level CyberPatriot program.
UTSA's cybersecurity program is ranked the best in the nation, according to a national survey of certified information technology professionals that was conducted by the Ponemon Institute for Hewlett-Packard. Since 2002, it has earned three Center for Academic Excellence designations from the National Security Agency and U.S. Department of Homeland Security:
- the Center of Academic Excellence in Information Assurance Education (CAE) designation, earned in 2002;
- the Center of Academic Excellence in Information Assurance Research (CAE-R) designation, earned in 2009 and based on the research of business, computer science and engineering faculty; and
- the Center of Academic Excellence (CAE) in Information Assurance/Cyber Defense (CAE IA/CD) designation, earned earlier this year.
The University of Texas at San Antonio (UTSA) is an emerging Tier One research institution specializing in health, energy, security, sustainability, and human and social development. With nearly 29,000 students, it is the largest university in the San Antonio metropolitan region. UTSA advances knowledge through research and discovery, teaching and learning, community engagement and public service. The university embraces multicultural traditions and serves as a center for intellectual and creative resources as well as a catalyst for socioeconomic development and the commercialization of intellectual property--for Texas, the nation and the world.