������ý

There are approximately 3.5 billion devices in the U.S. today connected through the Internet—smartphones, laptops, tablets, servers—and by 2020 there will be 45 billion, predicts William Nisen, associate director of the Institute for Security, Technology, and Society () at Dartmouth.

“We are going to have machines talking to machines without human intervention, and unless we get the security right we are going to wind up with a huge problem,” he says.

“Today there are about 2 million correctly certified web servers on the Internet, but we don’t have a fully effective way to tell it’s really ‘Amazon’ on the other end,” says ISTS Director Sean Smith. “What will happen when the number of these things increases a thousand-fold?“

Smith, Nisen, and their colleagues are keenly aware of the dangers inherent in the growing dependence on the Internet, its increasing ubiquity, and the doors this opens to mischievous misuse and criminal enterprise. Ensuring the security of our activities in cyberspace is the challenge ISTS is rising to meet through research and education.

Vice Provost Anthony Receives NSF Grant

Before Denise Anthony became vice provost for academic initiatives, she had been director of the Institute for Security, Technology, and Society (ISTS) at Dartmouth. While Anthony is now responsible for a broad portfolio of faculty-oriented activities, she is still a sociology professor involved in research pursuits.

“In a society with ubiquitous cameras, unlimited memory, and powerful data-mining tools, the context for social interaction is changing, sometimes dramatically,” says Anthony. “New technologies often affect cultural expectations about privacy, not to mention individual perceptions of what is and is not, or what should and should not, be private.”

In collaboration with two Indiana University professors, she secured $1.2 million in National Science Foundation funding to study the balance between privacy and public use of wearable cameras.

“We seek to understand not only how life-logging technologies affect social interaction and perceptions of privacy—for good or ill—but also how expectations about privacy can inform technology and application design to enhance not only privacy but also the usability of new visual-sensing technologies,” she says.

The National Security Agency (NSA) has taken note of the institute’s efforts, designating Dartmouth as a Center of Academic Excellence for Information Assurance Research (CAE) for a second seven-year term.

“This lauds and validates what we have done and facilitates what we can do going forward,” says Smith. “This is a testament to the things we have been doing for the last seven years and it is a welcome acknowledgement by an external body.”

“We were one of the original designees and now to be redesignated is an honor for us,” says Nisen. The redesignation will help enable ISTS to develop collaborative relationships with other CAE institutions, “knowing that there is a certain level of expertise within that institution,” he says.

“Participating in a CAE network makes us aware of all kinds of opportunities,” says Karen Page, the ISTS program coordinator. “We are always getting emails telling us about cyber competitions for students, or granting programs and job opportunities.”

The ISTS website proclaims that the institute “is dedicated to pursuing research and education to advance information security and privacy throughout society.”The longstanding educational and outreach missions of ISTS with respect to cybersecurity and its awareness figured prominently in the NSA’s decision to redesignate.

An important ISTS educational initiative is the High School Summer Security Workshop, a free weeklong day program. The program includes lectures by the College’s computing services staff and guests, hands-on interactive activities, and field trips. The students also complete an outreach project of their own design to spread the word about cybersecurity. While the program targets local high schools, attendees have also come from schools as far away as Philadelphia.

One successful initiative, which Page describes as “a cybersecurity boot camp,” is the Secure Information Systems Mentoring and Training (SISMAT) program. “We offered a two-week-long program for undergraduates from smaller liberal arts colleges that may have computer science, but did not necessarily offer training in cybersecurity,” she says. “The students spent two weeks in the classroom and then went off and did internships in cybersecurity for the rest of the summer.”

“SISMAT was conceived to bring some of our Dartmouth magic to people who didn’t have cybersecurity resources at their home institutions,” says Smith.

Smith’s latest educational endeavor is a sophomore summer living-learning course on the “Internet of Things” planned to begin this summer. “We will be looking for ways to get students involved in thinking about cybersecurity issues,” he says. “It will be a multidisciplinary course, and not limited to computer science students.”

There are still challenges in implementing these programs. “How do we actually make cybersecurity interesting, important, and attractive for students?” Nisen asks. “In doing so, we have to make sure that we are providing these students with the tools, techniques, and the continual learning environment that will make them successful.

“Another challenge that will come to a head soon is the recognition on the part of society that personal data are extremely important. Right now we don’t put too much value on it.” To counteract this, ISTS is reaching out to all parts of the college to try and make people much more aware of the importance of private data and how it is being infringed upon.

These programs are evidence of Dartmouth’s multifaceted approach to computer science education—a strategy that has met with success. “The NSA hires an abnormally high number of students from Dartmouth, given the size of our graduating class,” Nisen says. “NSA looks to Dartmouth for people who are going to be able to handle the cybersecurity issues of the future as opposed to just having a mastery of cybersecurity technique.”