At UConn’s New $1M Cybersecurity Lab, Students Learn to Hack

Kazem Kazerounian, dean of the University of Connecticut’s School of Engineering, says the school’s recent addition of a cybersecurity lab isn’t just another computer lab — it’s the future.

“This is a lot more than an undergraduate lab for us, a lot more than a science experiment. It is [teaching] the skill sets our engineers need to be successful in this war against the bad guys,” Kazerounian tells the Hartford Courant.

At UConn, students this fall began taking classes in the $1 million lab, funded by alumni (and brothers) Stephen Altschuler and Samuel Altschuler. Cybersecurity courses will be mandatory for freshman majoring in computer science. By 2021, the university expects 100 students to be enrolled in cybersecurity courses each semester.

Right out of the gate, students are learning how to steal wireless network users’ login information using a fake banking website.

As scary as that sounds, the students’ mission is actually to learn how to prevent or deal with cyberattack threats rather than to carry them out. UConn students are learning these and other hacking techniques — like password cracking, wired network sifting and wireless hijacking.

“We are in an age where the threat of cyberattacks has gotten more pervasive. As an institution, we need to be training the next generation of engineers to combat this threat, which is why this gift from the Altschuler brothers is so important for the School of Engineering and the University,” said Kazerounian to UConn Today. 

MORE FROM EDTECH: How Schools and Universities Can Thwart Cyberattackers

A Hands-On Approach to Cybersecurity Education

UConn’s cybersecurity courses are fully hands-on and will be entirely practice-based rather than lecture oriented, says Ben Fuller, an assistant professor who designed the course material. If the idea of hacking in the wild sounds unsafe, have no fear. Students don’t learn by hacking into actual operational networks. They learn over a monitored system and on an isolated network separate from that of the school.

The course’s first-year curriculum covers such areas as cyber hygiene in software and hardware, website security, the secure configuration of networks and networked systems, security in network routing, and vulnerabilities in commercial, off-the-shelf devices and IoT devices.

A Steep Rise in Cyberattacks on Businesses and Consumers

Why the push for a more comprehensive cybersecurity curriculum? 

Hacking is only becoming more and more pervasive. In July, a data breach at Capital One bank affected more than 100 million people in the U.S. and put at risk about 140,000 Social Security numbers, as well as about 80,000 linked bank account numbers. Several higher education institutions, including UConn itself, have also already been victims of data breaches by cyberattackers.

A Zogby Analytics survey reveals 58 percent of more than 400 business executives reported an increase in suspicious phishing emails — messages claiming to be from a senior manager or a vendor seeking payments — in the last year. About 47 percent of employees who received those fake emails were duped and transferred company funds. About 37 percent of those losses ranged between $50,000 to $100,000, according to the survey. Meanwhile, data breaches are also threatening the security of more U.S. consumers. An April survey by HSB found that 21 percent of consumers said they had been the victim of identity theft, compared with 18 percent two years earlier.

It’s no wonder that the National Academy of Engineering has declared the security of cyberspace to be one of 14 major engineering challenges of the 21st century. 

“[Hackers] affect everything from Fortune 500 companies to local governments —and, yes, research universities,” says UConn President Thomas Katsouleas.