UI to offer state’s first cybersecurity bachelor’s degree

The University of Idaho has announced it will now offer the state’s first cybersecurity bachelor’s degree program through its College of Engineering.

“The Center for Cyber Safety and Education estimates that there’s going to be about 1.2 million unfilled cybersecurity jobs by 2022,” said Alexiss Turner, communication manager for the college. “We’re definitely trying to fill a need — this is something we’ve kind of been leading on for a couple decades.”

Jim Alves-Foss, distinguished professor in computer science and director of the UI’s Center for Secure and Dependable Systems, said he taught the university’s first cybersecurity class in 1992.

In 1999, Alves-Foss said the National Security Agency designated the UI as one of the first seven Centers of Academic Excellence in “Information Assurance Education” — a sector now known simply as “cybersecurity.”

He said it was only a matter of time before the school developed a degree pathway.

“We’ve been teaching cybersecurity classes for years and slowly adding more and more to our curriculum,” he said. “With money from the state, we’ve hired several new faculty to help expand our offerings and we now have a critical mass where we’re able to offer a full degree.”

Alves-Foss said cybersecurity doesn’t just mean shoring up vulnerabilities in software. He said ideally, students will graduate with an understanding of certain aspects of business including risk management, critical resources and training employees as well as the ability to build and maintain secure systems.

Over the last few decades, he said they have worked with the U.S. Department of Defense but need for cybersecurity isn’t solely the concern of the government.

“We are doing more and more with computer software, pushing out more devices in our everyday life — we even have internet-enabled toasters for goodness’ sake,” he said. “People are putting these things out there not realizing this is opening doorways into our households.”

Not only can a vulnerable personal computer serve as a “launching pad” for attacks on other linked systems, but hackers are not above exploiting individuals and small businesses for profit.

He said cyberattacks also pose a threat to critical infrastructure including the power grid, water purification and transportation systems. He said often these resources deploy redundancies and stopgaps that are formidable defenses against intrusion but this does not make these systems impervious to an attack.

Additionally, he said, it is not uncommon to see these security measures softened for the sake of convenience or frugality. For example, he said an agency may opt to link a piece of critical infrastructure that was previously a closed system to the internet so it can be managed remotely.

“It’s not just government, it’s not just the Department of Defense ... now it’s everyday devices, everyday consumers being hit. Nobody’s immune,” he said. “They’ll hit the small business if they think they can get $50,000 out of them.”

Scott Jackson can be reached at (208) 883-4636, or by email to sjackson@dnews.com.