WANTED: More Than Half a Million Graduates in Cybersecurity

“More than half a million job openings in cybersecurity are available in this country, but there aren’t enough people to fill them,” says Suzanne Mello-Stark, associate professor of computer science. She’s determined to change that.

Winner of the 2019 Innovations in Cybersecurity Education Award and a member of former U.S. Rep. Jim Langevin’s cybersecurity advisory board, Mello-Stark initiated a new minor in cybersecurity in 2020 and began leading GenCyber summer camps at RIC to inspire high school students to work in the field of cybersecurity.

What kind of cybersecurity threats are we training people to protect against?

They’re too many to list. It could be that an unfriendly nation employed hackers to steal intelligence, sow divisions, disrupt elections. Hackers could also be in it for financial gain. It’s been reported that RIPTA paid $170,000 in ransom money to hackers in 2022 after a cyberattack. Hackers also want to steal our identities so they can take out loans or file for unemployment benefits. Hacktivism (hacking + activism) is a form of hacking to support political or social causes. For example, if a company supports a presidential candidate they don’t like, they may execute a denial-of-service attack to stop customers from using their website. The reasons for hacking are many.

Why is it so difficult to guard against these attacks?

Mostly because we want the Internet to be a free space. The Internet would be a lot safer if we had very strict access, but what fun would that be? If you think about our network at Rhode Island College, we could protect it by not allowing people to access outside websites while on campus and by not permitting access to our network off campus. Although the network would be a lot safer, it would make life a lot more difficult for everyone here. Imagine only being able to access RIC websites from campus.

What were the most serious cases of cyberattacks in recent years?

In May 2021 a ransomware attack took down the largest fuel pipeline in the United States [Colonial Pipeline], which led to shortages across the East Coast. That same year, an attack on SolarWinds, a software developer for businesses, used a routine software update to hack 100 companies and about a dozen government agencies, including the Pentagon, the U.S. Department of the Treasury, the Department of Justice and the Department of Energy. Really, the most serious attack is the one we don’t know about yet. It can take many months to even know that a hacker has breached a system, and the cleanup can take a lot of time and be very expensive.

RIC’s minor in cybersecurity teaches students to hack – ethically, of course. Why?

Because you need to be a hacker to catch a hacker. We also learn about ethics and the law. Students learn how to hack the safe way, so they can know the signs and help prevent attacks. We practice exploits in a closed environment and use simulated systems so it’s totally safe for students to explore in a way that they couldn’t on a live network. Ultimately, every company and government agency is going to need someone on staff to protect their systems. Institutions like RIC will need to ensure that enrollments keep up with the demand.