The global shortage of cybersecurity professionals with the skills necessary to combat the ever-evolving threats facing the United States has left the nation increasingly vulnerable to attack. In response, the Software Assurance Marketplace (SWAMP), a national cybersecurity facility housed at the Morgridge Institute for Research at the University of Wisconsin-Madison, has partnered with Bowie State University in Maryland to address the cyber talent gap.
Despite the increasing number of damaging, high profile cyberattacks, millennials have received little to no exposure to cybersecurity. In the United States, 67 percent of men and 77 percent of women say that no high school or secondary school teacher or counselor mentioned a cybersecurity as a viable career option, according to a study conducted by Raytheon and the National Cyber Security Alliance.
Funded by the Department of Homeland Security’s Science and Technology Directorate, the SWAMP is working to overcome software security problems by providing researchers and developers with a rich and accessible suite of software security tools. Now in its second year, the SWAMP plans to expand its current suite of 19 assurance tools covering five common software languages to 30 tools covering 11 languages by the end of 2016.
Bowie State has been integrating these tools into its undergraduate coding courses, giving students an efficient way to examine and rid their code of security weaknesses.
Dr. Lethia Jackson, a Bowie State associate professor of computer science, has implemented a code review process in four of the school’s sophomore and junior level coding courses. The process enables graduate and undergraduate researchers to submit student-produced code into the SWAMP continuous assurance pipeline.
A team, dubbed the Forensic Technology Information Cyber Squad, works with students to identify where and why code is vulnerable, and determines a path to correction. This process is repeated until the team is reasonably assured the code is free of weaknesses.
“My research students are becoming what I consider to be prolific programmers by using the SWAMP,” Jackson said. “Now they not only write code, but they can read and interpret other people’s code for errors, which will be necessary for any job in this field.”
SWAMP Chief Scientist Barton Miller, a UW-Madison professor of computer science, explained that in the past software bugs were simply a nuisance. In today’s increasingly interconnected world, however, they can put national security at risk.
Miller noted that anything digital can serve as an attack surface. Notably, there is now an underground industry that generates 4,000 cyber attacks daily and produced $18 billion in credit card fraud in 2015 alone, according to estimates by IBM.
“Two decades ago, big software systems for things like payroll and inventory ran on a mainframe that was not connected to anything else,” says Miller. “There was no, what we call in security, ‘attack surface,’ or that part of your software that can be touched by an outsider.”
Without time-consuming downloads and continual updates, SWAMP is well-suited for the classroom environment. Miller envisions that SWAMP will become a part of normal code hygiene in college computer science classes.
“I’d like to see faculty say, ‘Your assignment can be turned in after its run through the SWAMP and gets a clean bill of health,’” Miller said. “This would be fast and efficient, with little time sink for the student.”
Bowie State’s computer science department is documenting the daily activity of code review and error detection process, and compiling it into a comprehensive secure coding book that defines common errors and possible fixes. The goal is to share this book with other universities, beginning with Bowie State’s own network of 12 historically black colleges in the United States.
SWAMP Director Miron Livny, a UW-Madison computer science professor and Chief Technology Officer of the Morgridge Institute, said supporting educational customers is a cornerstone of the project. “We hope the success seen by Bowie State of translating SWAMP capabilities into a powerful classroom tool will soon be followed by others,” he stated.