Cyber
the next frontier

Over 3.5 million cyber positions will need to be filled by 2021. Our graduates will become part of a critical layer of defense for our nation and its citizens.

Watch Video

The National Security Agency designated the University of Arizona’s Cyber Operations program as a Center of Academic Excellence in Cyber Operations (CAE-CO). With this designation, UA joins an extremely exclusive group of only 20 Cyber programs in the nation. The NSA’s CAE-CO designation demonstrates that UA’s Cyber program meets the most demanding academic and technical requirements.
NSA and Excellence Seals

The Bachelor of Applied Science with an emphasis in Cyber Operations prepares graduates for cyber-related occupations in defense, law enforcement, and private industry.

The curriculum includes both offensive and defensive cyber security content delivered within our state-of-the-art Cyber Virtual Learning Environment to ensure our students have extensive hands-on experiences to develop the knowledge, skills, and abilities necessary to succeed after they graduate. The Cyber Operations program offers two degree tracks, both in-person and fully online:

Cyber
Engineering

The Engineering Track is a deeply technical, interdisciplinary, security focused Computer Science program.

Learn More

Defense
& Forensics

The Defense & Forensics Track is an interdisciplinary Cyber education program.

Learn More

Cyber Law
& Policy

The Law & Policy track lays a strong technical foundation, integrated with legal and policy knowledge.

Learn More

Undergraduate
Certificates

 

 

Program News

Southern Arizona Intelligence Summit

Join us for the 2021 Intelligence Summit, where key intelligence community leaders will speak about the latest in intelligence policy, cyber security, and more. Free for students!

DoD Cyber Scholarship Program (CySP)

The DoD CySP is a yearly scholarship program aimed at Juniors and Seniors pursuing a bachelor’s degree in cyber-related academic disciplines. The CySP is a 1-year scholarship, which grants selected Cyber Scholars tuition and mandatory fees (including health care), funding for books, a $25K annual stipend, and guaranteed employment with a DoD agency upon graduation.

Cyber News

Friday, August 7, 2020 - 15:57
Election interference efforts have shifted, NSA and Cyber Command election...

With Election Day less than 100 days away, the National Security Agency and U.S. Cyber Command are carefully monitoring threats to the 2020 U.S. presidential election from Russia, China, Iran, and groups of criminal actors, two officials said Friday.

And while Russian government operatives have probed state IT systems and run hack-and-leak operations to influence U.S. elections in the past, the playbook is not necessarily the same this year, the NSA election threats lead, David Imbordino, and Brig. Gen. William Hartman, the Cyber Command election threats lead, said.

While Russia depended on the Internet Research Agency (IRA) to run influence operations in 2016, they have been outsourcing operations to other actors, Imbordino and Hartman said, confirming that the IRA recently set up an offshoot of its troll farm in Ghana and Nigeria.

“In terms of 2020 [in the IRA] we’ve seen a shift towards more use of proxies…intermediaries…laundering information through other individuals in the media space,” Imbordino said while speaking on a panel at the virtual DEF CON conference. “They had set up something in Africa, in Ghana — in terms of having people there trying to put stuff online about divisive issues, using covert influence websites being able to get their narrative out.”

Beyond Russia’s shifting tactics, the officials said the country is dealing with a whole host of foreign government interests outside of Russia in U.S. politics.

As part of a recognition of the growing threats from nations other than Russia — to include China, Iran, and North Korea — the NSA and Cyber Command formalized its Election Security Group following the 2018 midterm elections to cover threats from all four nations, as CyberScoop first reported. Previously, the NSA and Cyber Command only had a joint taskforce for Russian threats, the Russia Small Group.

The NSA and Cyber Command have been tight-lipped about election threats from abroad. But Friday appeared to mark a pivot point: the two officials delivered their assessment of foreign governments’ efforts to interfere in U.S. politics just minutes after the Office of the Director of National Intelligence released a statement revealing details of Russia’s, China’s, and Iran’s thoughts on President Donald Trump’s and former Vice President Joe Biden’s campaigns.

Bill Evanina, Director of the National Counterintelligence and Security Center, revealed Russia wants to “primarily denigrate … Biden,” while China “prefers that President Trump … does not win reelection.” The intelligence community has assessed “that Iran seeks to undermine … President Trump, and to divide,” Evanina added.

NSA and Cybercom size up ransomware

Threats to U.S. elections don’t stop with nation-state actors’ social media operations.

Ransomware threats to U.S. elections are so great, for instance, that the Election Security Group in recent months has expanded their focus to include those types of attacks, a U.S. government official told CyberScoop.

Imbordino noted Friday he is concerned about ransomware, indicating that ransomware actors could — wittingly or unwittingly — contribute to possible election interference operations.

“I think ransomware is one of those wild cards out there that could be wielded by anyone, criminal actors, etc.,” Imbordino said.

In the case that a ransomware attack does target any election infrastructure or networks, Imbordino expressed concern that malicious actors could seize the moment to make people distrust the election results. Imbordino said he is worried bad actors might spread disinformation suggesting that a ransomware attack could impact the tally of people’s votes, even if that’s not the case.

“You can have a ransomware in a local network that actually doesn’t even impact the election’s counting,” Imbordino said. “But someone could then spin an influence campaign from that and report it to make you think there has been an impact and then not trust the results.”

Moving forward, the NSA is continuing to monitor China’s threats to the election, primarily due to both the scope and depth of their capability, Imbordino said.

“[For] China, I think scale is something that is a bit unmatched in terms of them as a threat both from a cyber standpoint and from an influence standpoint. Certainly on influence they’ve been very active in that region — Taiwan [and] Hong Kong,” Imbordino said. “Them potentially becoming more aggressive in the U.S. space is something that we’ve been monitoring.”

The Election Security Group is also continuing to monitor Iran’s social media influence efforts, Imbordino indicated. The U.S. intelligence community assesses Iran’s efforts will “probably will focus on online influence, such as spreading disinformation on social media and recirculating anti-U.S. content,” according to the ODNI.

Chinese- and Iranian-linked hackers have also been sending spearphishing emails to Biden and Trump campaign staff, respectively, according to Google’s Threat Analysis Group.

The post Election interference efforts have shifted, NSA and Cyber Command election threats leads say appeared first on CyberScoop.

Friday, August 7, 2020 - 15:11
Qualcomm Bugs Open 40 Percent of Android Handsets to Attack
Researchers identified serious flaws in Qualcomm’s Snapdragon SoC and the Hexagon architecture that impacts nearly half of Android handsets.
Friday, August 7, 2020 - 14:42
Ohio becomes first state to release vulnerability policy for election-related...

Ohio’s secretary of state has established guidelines for security experts to find and help fix software flaws in the state’s election-related websites, the first such move by a state as the 2020 election approaches.

The vulnerability disclosure policy (VDP) covers registration websites for Ohio residents and overseas and military voters, among other sites, and provides legal liability protections for researchers. The program will bolster the efforts of Ohio Secretary of State Frank LaRose’s security team at a time when threats to election infrastructure “have never been greater,” the policy states. Under the policy, researchers are required to wait four months after reporting a vulnerability to Ohio officials before going public with it.

“We believe that public disclosure of vulnerabilities is an essential part of the vulnerability disclosure process, and that one of the best ways to make software better is to enable everyone to learn from each other’s mistakes,” the policy says.

The VDP does not cover voting equipment, such as voting machines and electronic pollbooks.

Security experts said Ohio is the first known state to establish a VDP that covers election-related websites. Delaware previously published a general VDP, but it’s unclear how often it is used.

The new policy is another incremental step by election administrators and vendors to work with independent security researchers. It comes the week that Election Systems & Software, the biggest vendor of U.S. voting equipment, released its own VDP. The Department of Homeland Security’s cybersecurity division has tried to encourage states to set up VDPs by releasing a best practices guide for doing so.

“Ohio’s vulnerability disclosure policy is a terrific sign that transparency is increasing across the board for election security,” said Jack Cable, an elections-focused security researcher.

The post Ohio becomes first state to release vulnerability policy for election-related websites appeared first on CyberScoop.

Friday, August 7, 2020 - 14:08
Friday Squid Blogging: New SQUID
There's a new SQUID: A new device that relies on flowing clouds of ultracold atoms promises potential tests of the intersection between the weirdness of the quantum world and the familiarity of the macroscopic world we experience every day. The atomtronic Superconducting QUantum Interference Device (SQUID) is also potentially useful for ultrasensitive rotation measurements and as a component in quantum... Bruce Schneier
Friday, August 7, 2020 - 13:24
Attackers Horn in on MFA Bypass Options for Account Takeovers
Legacy applications don't support modern authentication -- and cybercriminals know this.