Information Technology and Management Loopback

The U.S. Department of Defense is offering Cyber Scholarships to U.S. citizens who will be Juniors, Seniors, or graduate students in the fall of 2019 This is a one-year scholarship covering full books, tuition, and a $25,000 stipend for undergraduates or a $30,000 stipend for graduate students. The scholarships are renewable but require a new application each year. After graduation, scholarship recipients will work one year of federal service in a cyber security or digital forensics role for each year of scholarship support, or four years of military service. Applicants must be eligible for a security clearance. Applicants are not limited to students in the Department of Information Technology and Management but may also be students in Computer Science, Computer Engineering, Electrical Engineering, and Business, but because of the nature of the application, knowledge of and a clear understanding of cyber security is a necessity. Please read the scholarship details document carefully and completely before filling out the application. A printed and signed physical application must be delivered to the ITM Department office, Perlstein Hall suite 223 no later than 8:30am Monday February 18th so we can evaluate and include your scholarship in our funding request, which is due February 28th. The application and full details of the scholarship are included below. 

• Scholarship details: DoD Cyber Scholarship Program 2019 Application Background
• Scholarship Application: DoD Cyber Scholarship NEW Student Application 2019-2020

Contact Professor Ray Trygstad for questions: trygstad@iit.edu. Please include “DOD Cyber Scholarship” as the first thing in the subject line of your email.

Many of us travel regularly for business or pleasure, and even though most of us probably haul along our own computer or tablet, occasionally we have to print something. Gee, right there off the hotel lobby is the business center, which today is often equipped with a nice color laser printer. How convenient! And how dangerous.

How do we get the document from our device to the printer? Most if us would probably think, oh, that’s easy. I’ll just pop it into Google Drive, or One Drive, or Apple Cloud. Then I’ll log in with the browser on the office center machine, print my stuff, and I’m done! I just did this at the hotel I’m staying at in Florida. Logged into the system, running Windows 10, and brought up Google Chrome. I looked at the photo icon on the upper right corner of the browser, and I see a picture of one of my colleagues…he never logged off from using it the day before! It turns out that closing Chrome does not log you out, even though logic says it should. I logged him off, logged in to Google, did my printing from content on Google Drive, and logged off.

Because neither Google nor Microsoft requires two-factor authentication, leaving an account logged in will allow the next system user to change your password. Once that’s done, everything in that account is theirs and not yours. Wow. Scary. Rebooting might fix it, but in normal operation, these systems hardly ever get rebooted.

Once logged off, I clicked the login icon on the upper right corner of the default Google Search screen. This took me to a list of the users that had previously logged into Google using this browser listing their name, their email address, and even their photo if their account had one linked to it. And there I was, as well as my colleague. At the bottom of the screen was a “remove login” selection. Clicking it placed an X next to each user on the list, and clicking the X removed that user from the list. Does it remove it from the system as well, or just from this list? I don’t know, and haven’t yet had time to research it.

I then moved to the machine next to this which I had used the day before. I looked at the list of Google users in Chrome, and there I was! I removed my entry and the other 10 on the screen—one at a time, of course—then I closed Chrome and logged out of the system.

I know it seems like a bit much expecting hotels to control this serious vulnerability on their office center system, but frankly most users will never even be aware of the danger, and if the hotels don’t take positive steps to control this it will never happen. I did some quick research to try to find a Chrome plugin to automatically log users out when the browser is closed, and to prevent the user list from being retained, but if there is such a beast, I didn’t find it. Clearly this is a need, and to be perfectly honest, one that the hotels and anyone else providing public access to Google logins on Chrome should expect to pay for. Free business plan: write it. Then write about it. Frankly, people are crazy not to protect their users like this.

—Ray Trygstad

The Department of Information Technology and Management and the Center for Cyber Security and Forensics Education are pleased to announce that we will host the Fifth Annual Women in Cyber Security (WiCyS) Conference. This National Science Foundation funded event will be held March 23 through March 24, 2018 at the Hilton Chicago. It is the mission of WiCyS to bring together women in cybersecurity from academia, research and industry from across the United States. The event is exclusively designed as the forum for speakers and guests to exchange knowledge, experience, networking, and mentoring to raise interest in the field of cybersecurity. We will be seeking volunteers to assist with the conference and to meet arriving delegates at the airports later this fall.

ITM Associate Chair Ray Trygstad will serve as conference co-chair, while Amber Chatellier and Angela Jarka of the ITM Department comprise the conference logistics staff.

New regulations on cybersecurity have been published by the New York State Department of Financial Services. 23 NYCRR Part 500 will have a major impact on American business as it has serious requirements and mandates for all financial services companies doing business in New York state–which of course are almost all of them. A good article on the topic is is at https://digitalguardian.com/blog/what-nydfs-cybersecurity-regulation-new-cybersecurity-compliance-requirement-financial. Significant requirements include:

• Policy & Program: Covered entities must instate and maintain a documented cybersecurity policy, and adopt a robust cybersecurity program, by August 28, 2017.
• CISO: Designate a qualified Chief Information Security Officer (CISO) to oversee and implement the cybersecurity program and enforce policy.
  • The CISO must submit a written report annually to the Board of Directors and an annual compliance certification to the Department of Financial Services.
• Data encryption: Organizations must enact controls, including encryption of sensitive data, depending on the outcome of a risk assessment.
• Continuous monitoring: Covered entities must continuously monitor cybersecurity functionality OR conduct annual penetration testing and bi-annual assessments.
• Enhanced multi-factor authentication: Covered institutions must employ multi-factor authentication for all inbound connections to the entity’s network.
• Incident reporting: Covered entities must document and report all cybersecurity events.

Take the Cybersecurity Knowledge Quiz from Pew Research! Then see how you did in comparison with a nationally representative group of 1,055 randomly selected adult internet users surveyed online between June 17 and June 27, 2016.
https://www.pewinternet.org/quiz/cybersecurity-knowledge/

The U.S. Department of Defense is offering Cyber Information Assurance Scholarships to U.S. citizens who will be Juniors, Seniors, or graduate students in the fall of 2017. This is a one-year scholarship covering full books, tuition, and a $22,500 stipend for undergraduates or a $30,000 stipend for graduate students. The scholarships are renewable but will require a new application each year. Payback is one year of federal service in a cyber security or digital forensics role for each year of scholarship, or four years of military service. Applicants must be eligible for a security clearance. Applicants are not limited to students in the Department of Information Technology and Management but may also be students in Computer Science, Computer Engineering, Electrical Engineering, and Business, but because of the nature of the application, knowledge of and a clear understanding of cyber security is a necessity. A printed and signed physical application must be delivered to the ITM Department office, Perlstein Hall suite 223 later than 8:30am Monday May 22nd so we can evaluate and include your scholarship in our funding request, which is due May 31st. The application and details of the scholarship are included below. (Note: if you downloaded the announcement or application prior to 11:00am on Wednesday, April 19th, please download them again as the DOD provided us with updated copies.)
ATTACHMENT C IA Scholarship and Vacancy Announcement 2017
ATTACHMENT D NEW Student Application 2017-2018 (site 1)
ATTACHMENT D NEW Student Application 2017-2018 (site 2)

Contact Professor Ray Trygstad for questions: trygstad@iit.edu. Please include “DOD Cyber Scholarship” as the first thing in the subject line of your email.

Graduate, undergraduate, and women’s scholarships are offered by the Center for Cyber Safety and Education of the International Information System Security Certification Consortium (ISC)². They will begin accepting applications on February 28, 2017 for graduate and undergraduate scholarships of up to $5,000, and are currently accepting applications for women’s scholarships of $8,000 or more. One undergraduate student may also be selected for the Harold F. Tipton Memorial Scholarship; the most recent award recipient for this scholarship is Kyle Dean Murbach from Wheaton, IL. Please see the (ISC)² scholarship page at https://www.isc2cares.org/Scholarships/ for full details.

ITM is happy to be in Boston! In the photo at right, Master of Cyber Forensics and Security alumnus Anthony Ramirez receives the Best Paper Award for the 2016 ACM Research in Information Technology (RIIT) conference in Boston. Anthony and Alfedo Fernandez earned this award for their paper MP3 Stegonography: Analyzing and Detecting TCSteg. This is the third time in five years that Illinois Tech Information Technology and Management researchers have received this award. The School of Applied Technology and the ITM Department are Silver Sponsors for the RIIT conference and the concurrent ACM Special Interest Group in Information Technology Education (SIGITE) conference. ITM Associate Chair Ray Trygstad serves on the SIGITE Executive Committee.

The Women in CyberSecurity (WiCyS) 2017 conference will be held in Tucson, AZ on March 31st-April 1st. Scholarships are available for both faculty and students to attend the conference (details at ; in the past these scholarships, funded by NSF, have covered airfare and lodging. Student and faculty scholarship applications are now open through November 21st. Notifications will go out December 5th. Conference registration costs are nominal–$30 for students, $150 for faculty.

The Call for Participation for Presentations, Workshops, Birds-of-a-Feather (BOF) Sessions, Lightning Talks, Panels, and Posters is open, and submissions will be accepted until November 6  (details at https://www.csc.tntech.edu/wicys/participate/)

All ITM women enrolled in Cyber Forensics and Security, and all third- and fourth-year undergraduate women, are strongly encouraged to participate—lightning talks and posters are easy and can be drawn from work already done—and to apply for these scholarships.

The U.S. Department of Homeland Security and the National Security Agency have designated Illinois Institute of Technology as a  National Center of Academic Excellence in Cyber Defense Education, effective until 2020. Our ability to meet the increasing demands of the program criteria will serve the nation well in contributing to the protection of the National Information Infrastructure. The Presidents’ National Strategy to Secure Cyberspace, February 2003, and the International Strategy for Cyberspace, May 2011, addresses the critical shortage of professionals with these skills and highlights the importance of higher education as a solution to defending America’s cyberspace: “Like all nations, the United States has a compelling interest in defending its vital national assets, as well as our core principles and values, and we are committed to defending against those who would attempt to impede our ability to do so.” Education is the key to promoting these ideals.

This designation recognizes the accomplishments of IIT in the areas of cyber security and digital forensics education, spearheaded by the Department of Information Technology and Management (ITM) and the IIT Center for Cyber Security and Forensics Education (C²SAFE). The ITM Department’s key offering in this area is the Master of Cyber Forensics and Security degree, designed to help students, and experienced information technology professionals become cyber security and forensics practitioners, investigators, managers, and leaders. This degree is intended for students who are interested in cyber security, digital forensics, risk control, and information assurance, and draws on the extensive professional experience of our ITM faculty.

The Center of Academic Excellence (CAE) in Cyber Defense (CD) designation is a new designation based on updated academic criteria for Cybersecurity education and affords each CAE institution the opportunity to distinguish its strengths in specific focus areas. The updated criteria benefit not only the institution, but also students, employers and hiring managers throughout the Nation.

Official letters of notification of IIT’s designation were sent to the university, the Governor of Illinois, Members of Congress, and appropriate Congressional Committees. The official CAE Certificate will be awarded during a ceremony at the CAE Community Meeting being held in conjunction with the NICE (National Initiative for Cybersecurity Education) Conference in San Diego, California, November 3-4, 2015.