How to block a thief from accessing your iPhone? How to shield cloud storage from hackers?
How to defend the Facebook network?
Naval Academy professors and midshipmen are working to answer these questions with a three-year, $2 million research partnership with the University of Maryland, Baltimore County.
The research on five federally fundedcyber security projects is underway as investigators continue to reveal the extent of data breaches beginning last year at the U.S. Office of Personnel Management.
The office on Wednesday raised its estimate of government employees whose fingerprints were stolen to 5.6 million — about five times more than estimated when the hacking was disclosed this summer.
Some 21.5 million federal employees — including civilians at the Naval Academy — are believed to have been affected by the theft of background investigation records, according to the Office of Personnel Management. Social Security numbers, birth dates and addresses were stolen. More than 900 civilians work at the academy.
The Office of Personnel Management continues to mail notices to those affected. And the government is offering free identity-theft and fraud-protection service to them.
The first breach happened in December but wasn't detected for four months — until April, officials said.
In one of their five research projects, the Naval Academy and UMBC professors are developing methods to more quickly detect a cyber security breach. They aim to build a check-engine light for networks.
"How do we put controllers and sensors in place to enhance systems to monitor themselves and detect when there is an anomaly?" said Karl Steiner, vice president for research at UMBC.
The research partnership was announced in spring with the signing of a legal agreement by Naval Academy Superintendent Vice Adm. Walter "Ted" Carter Jr. and UMBC President Freeman Hrabowski.
The agreement took about six months to craft and sets guidelines for rights to inventions during the three-year partnership, Steiner said.
The five projects are funded with about $2 million from the Office of Naval Research, Steiner said. The money runs out in three years.
The agreement was announced in April, but officials declined to discuss the research projects until the grant money was secured and work began.
Steiner at UMBC and Naval Academy Academic Dean Andrew Phillips agreed last week to discuss the projects.
A handful of students and professors from both schools will work on each. And the partnership is the latest move by the Naval Academy to expand programs in cyber security, academy officials have said.
About 30 midshipmen are expected to graduate this spring with a major in cyber operations, Phillips said. That major was introduced two years ago, and midshipmen in the Class of 2016 will be the first to graduate with it.
Civilian colleges may offer cyber security majors, but the academy's program addresses the ethics of cyber warfare, Phillips said.
"What would it take for such an action to be an act of war? Could it simply be a denial of service? Could it be infiltrating the system? At what point do you cross the boundary?" Phillips said. "That's where policy lags the technology."
The academy is also building a $120 million cyber security center with about 10,000 square feet of secure classrooms, labs and a small lecture hall. It's expected to be completed by late 2018. It will include the academy's first room for the discussion of classified operations — a Sensitive Compartmented Information Facility, or SCIF.
Windows may be omitted from the room for security. And it may be designed with thicker walls, alarm systems, surveillance cameras and a safe for storing classified documents.
A routine visit by the Naval Inspector General last year found lapses in how computer data are stored and accessed at the academy. Additional details, however, were redacted from an investigation report released to The Capital under a Freedom of Information Act request.
To accommodate the SCIF, the academy plans to establish internal measures to grant select midshipmen clearance to top-secret information. Previously, the academy had no means to grant the clearance. Between 100 and 200 midshipmen are expected to receive clearance each year.
Cyber skills are increasingly in demand in the private sector, too.
Last year, Maryland ranked sixth in the country for cyber security jobs, with 11,406 postings, according to Boston-based Burning Glass Technologies, which analyzes job markets. California was first with 28,744, according to the report released in July.
"Maryland has the potential and is really well positioned to be a Silicon Valley in cyber security," Steiner said.
Among the five projects included in the Naval Academy-UMBC partnership is research to detect hacks, and also to protect cellphones without burdening users.
"You don't want to spend five minutes getting into your phone," Steiner said.
A third project aims to strengthen the security of cloud-storage systems. A fourth includes building hardware to detect anomalies and signal a breach.
A fifth project seeks to fortify defenses of social-media systems, so one hacker can't access millions of accounts.
Students and professors participating in the projects will travel between campuses.
"I hope it turns into something bigger with UMBC," Phillips said. "Sometimes projects wrap up and sometimes they discover new avenues. The whole point of this will be that UMBC and the Naval Academy continue to partner."