Auburn speaks – on cyber and the digital domain new web by The Park at Auburn University

Auburn Speaks

On Cyber and the Digital Domain

Auburn Speaks: On Cyber and the Digital Domain Copyright ÂŠ 2015 by Auburn University All rights reserved. ISBN 978-0-9848658-1-9 Auburn University is a registered trademark. Auburn Speaks: On Cyber and the Digital Domain is a project of Auburn Universityâ&#x20AC;&#x2122;s Office of the Vice President for Research and Economic Development. Vice President for Research and Economic Development: John M. Mason, Jr. Editor: Robert A. Norton Managing Editor: Michelle Sidler Operations Editor: Leslie Parsons Image Editor and Photography: Rebecca S. Long Art Director: Al Eiland Graphic Designer: John McNutt Editorial Assistant: Jake Blocker Student Intern: Catherine Cox

Sponsoring office: Office of External Engagement and Support Executive Director: Larry Fillmer Auburn Speaks: On Cyber and the Digital Domain is produced in cooperation with: The Department of English Department Chair: Jeremy M. Downes The Office of Communications and Marketing Project Manager: Lucy LaMar For additional content and information about Auburn Speaks: On Cyber and the Digital Domain, visit www.auburn.edu/auburnspeaks. Auburn University is an equal opportunity educational institution/employer.

Auburn Speaks

On Cyber and the Digital Domain

Office of the Vice President for Research and Economic Development

Contents Foreword: Jay Gogue, President of Auburn University .....................................................................................................................1 Security in the New Digital World Admiral Michael S. Rogers, USN Commander US Cyber Command Director, National Security Agency, Chief, Central Security Service .................................................................................................................. 2 Prologue: Lt. Gen. Ronald L. Burgess (US Army, ret.), Senior Counsel for National Security Programs, Cyber Programs and Military Affairs..................................................................................................................................................... 6 Preface: John M. Mason, Jr., Vice President for Research and Economic Development at Auburn University.......................... 8 Editorâ&#x20AC;&#x2122;s Note by Robert Norton ........................................................................................................................................................ 10 The Auburn Cyber Research Center by Anthony Skjellum ...................................................................................................... 14 The Alabama Cyber Research Consortium by Leslie Parsons.................................................................................................. 22 Immersive Virtual Reality: A Journey: From Motion Analysis of Golfers to Creation of Characters for The Lord of The Rings to Immersive Virtual Reality Training at the FBI by Nels Madsen ...................................................... 24 Cyber Patients: Simulating a Real Patient Event by Teresa Gore .............................................................................................. 32 Leader, Teacher, Tester, Planner: Kai Chang.............................................................................................................................. 38 Forcasting Cyber Effects: Modeling and Securing Real World Ecosystems by David A. Umphress.................................. 40 Campus Networks: Wired, Wireless, and Secured: Bliss Bailey........................................................................................... 48 The New Scriptorium: Open Access, Libraries, and Cyber by Andrew Wohrley ................................................................... 52

Virtual Chicken, Real Learning: Innovative Education: 3D Modeling of Poultry Reproduction and Digestion by Pat Curtis and Jacque Kochak ......................................................................................................................................................... 60 Auburn’s Radio-Frequency Identification Laboratory by Emma Kinsey and Joeseph Sharp ........................................... 66 Changing Names But Not Appearances: RTVF’s Switch to Media Studies by Joeseph Sharp and Emma Kinsey ................................................................................................................................................... 72 Revolution in Medicine: The Cyber Revolution in Healthcare Services by Mark Burns ................................................... 76 Digital Geography: From Analog Maps to Information Systems: Phil Chaney............................................................... 82 Back to Our Roots: Digital Humanities and the History of the Book by Derek G. Ross and Emily C. Friedman ........................................................................................................................................... 84 The Future of Money: The Rise of Crypto Currency by Mark Thornton ................................................................................ 92 Balancing Act: Cyber Choreography: Finding the Human in Technology in Matrix II by Fereshteh Rostampour, Charles Bringardner, and Catherine Cox .............................................................................................. 98 Building a Safer Cyber Ecosystem: Weikuan Yu..................................................................................................................... 102 Agricultural Analytics: Harnessing Data to Feed a Hungry World by James Lancuster and John Fulton....................... 104 Safeguarding the Wireless World: Security and Auburn’s Wireless Engineering Program by Richard Chapman ...... 108 The Charles D. McCrary Institute: Advancing Innovative Energy, Security, and Conservation Research at Auburn University by Leslie Parsons........................................................................................................................................... 116 Politics of Privacy and Access: Constitutional Challenges and Teaching in the Cyber Age by Steven P. Brown ........ 118 Embedded and Extreme: Building a State-of-the-Art Research Program in Cyber at Auburn: The Exiotics Laboratory by Anthony Skjellum .......................................................................................................................................................................... 128 Finding Needles in Virtual Haystacks: Open Source Intelligence in the Cyber Age by Robert Norton ...................... 134 Air Traffic Control: Algorithms for UAV Operations: From Monitoring the Battlefield to Delivering Packages by Chase Murray ................................................................................................................................................................................. 138

Science of Simulation: Modeling and Simulation in Cyber Research by Levent Yilmaz .................................................. 144 Hacked Off: The Sociology of Cybercrime by Greg S. Weaver................................................................................................. 150 The Most Dangerous Threat: Trusted Insider: The Spy in the Worst Possible Place by Eric M. O’Neill ...................... 158 Digital Technologies and Memory: What Aristotle Can Tell Us about Managing Computer Data by Stewart Whittemore ...................................................................................................................................................................... 168 Help Wanted: Internet Use and Job Searching by Randy Beard with Michelle Sidler .......................................................... 174 Studying Humans and the Interface: Cheryl Seals................................................................................................................. 178 Caring for Caregivers: How Technology-Enhanced Education has Provided Support for Rural Caregivers of the Elderly by Kathy Jo Ellison and Emily Myers ...................................................................................................................... 180 Cyber-Inclusion: The Importance of Creating Accessible Websites by Norman E. Youngblood and Susan A. Youngblood .................................................................................................................... 186 Bridging the Digital Divide: Broadening the Engagement of the Senior Population in the Cyber Age by Veena Chattaraman and Wi-Suk Kwon ...................................................................................................................................... 192 Science for Everyone: Making Research Publications Open and Available through the Internet by Michelle Sidler ................................................................................................................................................................................ 198 Science or Snake Oil: Scholarship and Peer Review in the Digital Age by Ash Bullard ................................................... 202 Leading the Digital Library: Aaron Trehub.............................................................................................................................. 212 Digital Reflections: On Cyber – A Mechanical Engineering Teacher’s Perspective by Roy W. Knight ......................... 216 Facebook Capture the Flag: Cyber Tales from the ARRRG Sea by Ben Denton ............................................................... 222 It Took a Village: Auburn Speaks Collaborates with Master Communications by Michelle Sidler................................... 226 References ......................................................................................................................................................................................... 228 Contributor Biographies .............................................................................................................................................................. 232

O O

N N

C C

Y Y

B B

E E

R R

A A

N N

D D

T T

H H

E E

D D

G G

T T

A A

L L

D D

O O

M M

A A

N N

ack, you know, a few generations ago, people didn’t have a way to share information and express their opinions efficiently to a lot of people. But now they do. Right now, with social networks and other tools on the Internet, all of these 500 million people have a way to say what they’re thinking and have their voice be heard. – Mark Zuckerberg

Foreword

Dr. Jay Gogue President of Auburn University The Third Industrial Revolution. The Information Age. The Digital Revolution. Whatever you call it, however you choose to describe it, we live in an era where digitized information relayed across computer networks around the world is now integral to the human endeavor. Cyber touches all of our lives, directly and indirectly. Digitized information teaches us, entertains us, keeps track of our finances, monitors our health and our food supply, facilitates rapid and open communication, allows us near instantaneous access to information, and resides at the heart of our nationâ&#x20AC;&#x2122;s critical infrastructure. Changes in the technologies that establish, maintain, and secure the digital domain are rapid and sweeping, impacting us all. It is, therefore, not only appropriate, but imperative, that institutions of higher education like Auburn University bring their considerable expertise to bear in providing understanding, analysis, and solutions to the challenges presented by our increasingly networked world. It

is for us to help organize and interpret the unending streams of information that make up the digital domain, to secure it, and to derive useful, practical knowledge from it. In so doing, we improve quality of life and fulfill our land-grant mission. Collected here, in Auburn Speaks: On Cyber and the Digital Domain, are stories of the Auburn men and women who are helping not only to navigate and secure this new frontier but also to explore the promise it offers. I am pleased and proud to introduce them to you.

Prologue

Aim device at this image to view enhanced media.

Lt. Gen. Ronald L. Burgess (US Army, Ret.) Senior Counsel for National Security Programs, Cyber Programs and Military Affairs In 2011, the Pentagon declared cyberspace an operational domain. In the same sense that land, sea, air, and space are theatres for military operation, so too, is the digital realm. In a very real sense, the Internet became a front line in the fight to secure a significant national asset—America’s digital infrastructure—from the full spectrum of threats arising throughout the networked world. Operating successfully in this landscape means developing new technologies and new expertise; it means recruiting a whole new class of personnel. Uniformed cyber warriors and civilian cyber professionals, trained in both security and active defense, are needed in the nation’s workforce. Depending on which source you consider, over the next several years, the Pentagon will need anywhere between 3,000 and 6,000 cyber warriors. If you add industry needs, those numbers increase to somewhere between 20,000 and 50,000 cyber personnel.

Historically and understandably, national security and the US economy are inextricably intertwined. Nowhere is that more evident than in the cyber domain. Both the public and private sectors depend on a networked digital infrastructure that in many ways remains the “Wild West.” It is largely unregulated and uncontrolled. The United States, whether it is at the level of government, business, industry, or the individual, is in a state of constant cyber-attack. The cost estimates associated with these attacks and with protecting our critical infrastructure (utility systems, financial systems, etc.) from threats range from significant to massive. Threats to information security are sophisticated and rapidly evolving. The only way these continuous malicious incursions can be mitigated is by equipping individuals and organizations with the most rigorous and up-to-date techniques, tactics, and protocols with which to defend and do battle. All of this requires research and education in which institutions like Auburn University play a strong and constant role. Partnering with Auburn in these efforts is a consortium of organizations: the seven doctoral

degree granting institutions in the state, known as the Alabama Cyber Research Consortium; federally funded organizations like Oak Ridge National Laboratory; private businesses; and federal intelligence agencies. The National Security Agency and the Department of Homeland Security, recognizing the expertise in institutions of higher education, and in an effort to reduce vulnerabilities in our nationâ&#x20AC;&#x2122;s networks while encouraging high-level research and training in cyber science, have designated key universities as national centers for academic excellence. Auburn University has been identified as a National Center for Excellence in Information Assurance/ Cyber Defense Research, a National Center of Academic Excellence in Information Assurance/ Cyber Defense Education, and a National Center of Academic Excellence in Cyber Operations. Auburnâ&#x20AC;&#x2122;s trifold designations are a significant stamp of approval, recognizing a high level of competency practiced among the faculty and students participating in these programs. These designations allow us to interface at the highest levels with agencies and with industries working

in the cyber domain. Utilizing this interface will further strengthen our curriculum, enabling us to develop the specific skill sets needed not only at the national level but the state level also. There will be new opportunities for student internships and co-ops that provide valuable real-world experience. Our students will leave here better prepared to contribute meaningfully from day one, as opposed to having to deal with a near vertical learning curve. Informed by these interactions, we will continue to develop our research capabilities in terms of looking at practices and products that will benefit private and public sector interests. These designations will serve as mechanisms by which experts can exchange information and can work collaboratively on areas of common interest. Further, we will now be in a position to access funding that has previously been unavailable. Working with the National Security Agency will help us be more effective in training the workforce needed by the military, the Intelligence Community, business, and industry. At the end of the day, itâ&#x20AC;&#x2122;s about equipping the nation to deal with the increasingly

complex and often hostile cyber domain, and Auburn can lead the way. As we move ahead, we look forward to welcoming additional faculty members and students and to fostering a robust, collaborative environment in which business, community, and government have an active presence. In the months and years to come, efforts will continue to be refined, resources secured, funding streams matured, infrastructure put in place, and curriculum developed to 7 insure that Auburn University continues to make significant contributions to individual, corporate, and national security. To learn more, visit: www. auburn.edu/cyber.

Preface

Dr. John M. Mason, Jr. Vice President for Research and Economic Development at Auburn University Welcome to Auburn Speaks: On Cyber and the Digital Domain, the fourth issue in our annual series highlighting a component of Auburn research. More than one scholar has called our contemporary world the “cyber age”. “Cyber” now modifies familiar nouns–cafe, space, culture, and many more–drawing them into the lexicon of the digital domain. In the blink of an eye, the Information Age has exponentially expanded, impacting virtually every aspect of life: communications, security, education, business, health, rhetoric, ethics, and technology among them. Since the early 2000s, Auburn University has played an increasingly important and recognized role in cyber research and related economic development. Exploration of the digital domain is a topic that brings Auburn experts from nearly all disciplines to the table—a testament to the all-encompassing nature of the networked world.

Research is ongoing not only in often-cited areas like security, communications, software, forensics, information assurance, and simulation, but also in ethics, literature, sociology, cultural studies, entertainment, art, and a host of other disciplines. In all these areas of study, it is easy to see the linkages between academic discovery and contribution to the economy. Whether using radio frequency identification to monitor inventory and supply chains or training cyber analysts to contribute meaningfully in the workplace from day one, Auburn experts move ideas and technology into a marketplace that benefits from our skills and our solutions. One such expert is Robert Norton, Professor and Director of the Open Source Intelligence Laboratory, faculty liaison to the Auburn University Cyber Initiative, and the Issue Editor for this year’s Auburn Speaks. Dr. Norton, along with Managing Editor, Michelle Sidler, Associate Professor in the Department of English, have assembled an array of powerful articles and images

that speak to the myriad ways Auburn men and women connect to this topic and to the citizens of our state and region. More than an anthology of information about research taken from the media, Auburn Speaks: On Cyber and the Digital Domain captures the stories behind the headlines and introduces you to Auburn researchers and investigators who add to critical stores of knowledge about our digital lives—developing new processes, practices, and technologies along the way. Their work informs policy and provides solutions. New to Auburn Speaks this year is the inclusion of augmented reality. Periodically, throughout the publication, our editors have embedded multimedia intended to enhance readers’ understanding of the various articles and profiles that follow. To experience augmented reality, download our new TigerView app to your smart phone or tablet, then keep an eye out for the TigerView icon adjacent to images and illustrations in Auburn Speaks. When you see the icon, launch the TigerView app from your smart device, aim your device at the image

and enter a digitally augmented world with Auburn as your guide. Auburn Speaks: On Cyber and the Digital Domain was produced by the Office of the Vice President for Research and Economic Development with assistance from the Office of External Engagement and Support, the Office of Communication and Marketing, and the Department of English. Thank you for your interest in these Auburn men and women and their expertise. To learn more about 9 Auburn University research, visit us online at www.auburn.edu/research or at www.auburn.edu/ auburnspeaks.

Editorâ&#x20AC;&#x2122;s Note by Robert Norton

Photo by Leslie Parsons

Welcome to Auburn Speaks: On Cyber and the Digital Domain When Auburn University was appointed as a land-grant institution, communication was often still as slow as the speed of a horse. The telegraph was state of the art. Knowledge was stored in the printed pages of books, and people in faraway lands had little or no access to the knowledge produced at Auburn University. In those early years, Auburn’s impact was largely limited to the state, but knowledge now being generated at Auburn is being disseminated throughout the world and in missions that are reaching beyond the galaxy. Knowledge is moving faster, farther, and cheaper than it has ever been before. The totality of the knowledge generated worldwide doubles every 13 months, and Auburn research contributes to this growing knowledge base (Schilling, 2013). By these calculations, it stands to reason that the new knowledge produced in less than every two years at Auburn will exceed the previous total

amount produced since its founding as a land-grant institution over 150 years ago. Because of this, Auburn serves as a microcosm of the increased knowledge and innovation that is occurring on a global basis. We are rapidly approaching a time in which every single research paper that has ever been published will be available to the world on the Internet. This distribution of knowledge on a global basis opens up all kinds of new opportunities to use previously generated data in new ways, creating new data, technologies, and processes—perhaps even answering questions that have persisted in mankind for centuries. We can now extract insight and understanding across the totality of the data as never possible before. Technology, particularly that of the cyber realm, has changed the way knowledge is produced and communicated. It is even fair to say that technology is changing the way in which we as humans think. When I began this process as editor, I didn’t have a clear vision of what cyber is. I knew what it wasn’t—a phenomena residing only in engineering and the sciences. And so before agreeing to taking

over the editorship, I had one stipulation: that this issue, as with prior editions, would be inclusive of many perspectives, including many voices from across the campus. Certainly, the College of Engineering and the College of Sciences and Mathematics would have a strong presence, but they would not be the only colleges represented. I was very pleased at the interest and response of faculty from many colleges and disciplines; this year’s edition is full of remarkable pieces about the exciting research happening at Auburn University. And this book only captures a snapshot of the breadth and depth of research happening in disciplines as diverse as nursing, computer science, theater, and engineering. Auburn is truly an amazing place filled with people doing amazing things. Now, after many months working on this volume, I’ve come to realize that what I suspected is actually true: cyber is more than the sum of its hardware and software parts. Cyber touches many aspects of human life. Certainly, it consists, in part, of the hardware, software, and communication

systems needed to provide infrastructure—the back bone, if you will, by which the electrons travel. Cyber has become both a creative tool and the dominant means of disseminating knowledge and storing memory. It is our worldwide library, accessible by an ever-increasing percentage of humanity. Cyber is also the new communications commons, the place we humans speak to each other, helping us think and remember. Most prominent of all, cyber is evolving as we design, innovate, and further develop the “human-machine interface.” The researchers in this volume reflect this wide breadth of applications for cyber. Many researchers 12 at Auburn University study the ways that cyber infrastructure impact the storage, communications, and even security of our telecommunications networks while others are interested in who has access to information and how it is stored and secured. Access to information impacts many areas of academic life, including broadening the possibilities for teaching students and the community through cyber technologies and revolutionizing the way academic publications are read and distributed. The rise of cyber is changing healthcare, too, and Auburn researchers are contributing to new systems wherein patients, nurses, and doctors have more information

than ever before. Auburn’s faculty and alumni have impacted cyber life outside academics as well. Former students have a strong history of supporting the national security interests and federal law enforcement, using cyber as a way to protect the citizenry by countering criminal and enemy threats. Auburn faculty also apply new cyber technologies in the realm of arts and entertainment, bringing innovation to stage and screen, making possible any number of recent blockbuster movies. Researchers in this volume bring the human element back to cyber, exploring the impact of this pervasiveness on our sense of autonomy and humanity. Knowledge production, communication, and storage potential in the digital realm have the potential to impinge on human privacy. Many Auburn faculty are exploring issues of security, privacy, and the law. Reflecting back on the diversity of research happening at Auburn University, I realize now that the broad applications of cyber give it a productive ambiguity, enabling humans to define, adapt, and apply cyber in any realm they choose, leading to innovation and creativity, the bounds of which we can only begin to imagine. As Issue Editor, I am indebted to the many people who made this volume possible. To my faculty colleagues, thank you for your creativity

and imagination. You truly are the cyber innovators. I thank with the greatest sincerity Michelle Sidler, my co-editor and new friend—this was fun. Speaking for both of us, I can say without fear of contradiction, we had the best possible staff helping and truly making all of this possible. Thank you Leslie Parsons, the “Mother Hen” of the Auburn Speaks series—you kept us on schedule and solved a thousand problems along the way, always with a smile! Rebecca Long, thank you for all your hard work as Photo Editor—your artistic vision shines throughout the volume. Jake Blocker—you helped get everything started on a note of success. We wish you the best as you move forward in the next phase of your career. John McNutt, all of us agree—you are the best. I look forward to working with you on future publications. To the readers—I wish you a pleasant journey through these pages. You will likely be amazed at what the Auburn Family has to offer. Then again, you probably already knew that! This volume will just serve as a reaffirmation. War Eagle!

D O

H CE

G R

omputers themselves, and the software yet to be developed, will revolutionize the way we learn.

â&#x20AC;&#x201C; Steve Jobs

The Auburn Cyber Research Center by Anthony Skjellum

Aim device at this image to view enhanced media.

Someone once described to me years ago how the Internet enhances all aspects of human nature and society—the good as well as the bad. Whether as a useful, positive development, such as new, open repositories of information like Wikipedia or commercial sites to find health tips like WebMD, whether as a tool for promoting democracy movements and human rights, or as a space for not-sosecret gathering places for extremists of all stripes and their deplorable views, the Internet is a growing global technology infrastructure that has transformed society by connecting people, while crossing governmental, societal, regulatory, and inter-cultural boundaries. We as a nascent worldwide society are linked in new and transformative ways for better and for worse, and some of these issues threaten and/or beneficially challenge institutions and practices of long standing. For instance, people seeking democracy in repressive countries have found powerful allies in Twitter and Facebook. With the rapidly accelerating co-evolution of

mobile, social, cloud, and wireless computing, and the arrival of the “Internet of Things,” the Internet has expanded and extended its reach, and it will continue to do so for the foreseeable future. Heavy laptops and primitive flip phones of the late twentieth-century have given way to mobile internet-connected devices of all kinds, sizes, capabilities, and price points, more recently through a world-wide explosion of “smart” mobile devices and the freedom enabled by growing wireless internet access. Through the explosion of social media and ecommerce enabled on these “smart” devices, the people, companies, governments, and organizations of the world are connected as never before. Furthermore, the so-called cloud—which is actually many internet-enabled computing platforms, services, business models, and service offerings— represents democratization of large-scale computing frameworks both for business and for individuals… it’s where your data lives and where an increasing amount of your computing gets done, whether

you’re a business, individual, or governmental entity. This multi-legged revolution has had impressive impacts on everyday life in America, the developed world, and in the developing world as well, with both expected and unexpected consequences. Anyone going online, reading the top fold of a newspaper, or watching the evening news is well aware of those rampant unexpected consequences, including almost daily cyber breaches of ever-growing size and scope. Nonetheless, we enjoy the many upsides of these technologies in everyday life, and there is no sign that our appetite for new and better internet technology is waning. Cyber work everywhere and at Auburn University in particular, addresses the known and emerging downsides of our connected world, such as cyber crime threats to privacy, personal financial and identity theft, and breaches in personal and/or institutional security. We do so in part by discovering new or “zero-day” threats as quickly as possible, by determining how to reduce “leakage” of your personal data online, and by exploring the tradeoffs of privacy and security as societal policy as well as a technical theme for systems. The Auburn Cyber Research Center in particular emphasizes engineering principles and an interdisciplinary approach, such as working to design and re-design better architectures with practical applications for

hrough the explosion of social media and ecommerce enabled on these “smart” devices, the people, companies, governments, and organizations of the world are connected as never before.

mobile devices or creating software that’s systematically more resilient when attacked in a new way. Our Center emphasizes the interdisciplinary nature of cyber, because humans are intimately involved and cause the issues we seek to prevent or mitigate, meaning that at Auburn, social science has a coequal interdisciplinary role in complement to natural science and engineering in our cyber efforts.

However, cyber at Auburn University is not focused just on addressing the negatives of the Internet and mobile computing devices. It’s also about working to educate the next generation of cyber workers, to support community outreach, and to drive technology transition. We’re working to advance the upsides of the Internet/mobile/social/ cloud computing revolution, as well as to explore,

experiment with, and contribute new solutions and new tech that come with “resilience” designed in. Such outcomes include new kinds of system designs and prototypes that enable cool and innovative interactions of people with their environments, within their cars, office spaces, while working to making people safer in their everyday lives (beyond just cyber threats that comes from these devices), enhancing their experiences in brick-and-mortar shopping, improving their usage of energy at home, and in ways we as scientists and engineers at Auburn have yet to discover and reduce to practice for the benefit of society. 16

Selected Cyber Issues of the Day Privacy is a primary concern of American citizens in 2014. Privacy has come under attack in the internet age, not only by widely reported government actions but also by massive data collection and sale by big data companies that seek to know as much about you as possible for actuarial and commercial purposes. Above and beyond the legal collection of data, grey area and illegal amalgamation of data concerning private citizens is a major issue for our society. Cyber R&D has to contribute to returning appropriate degrees of privacy to individuals, recognizing that national security can be at odds with such rights. Our country’s history and foundation

includes freedoms such as privacy, but this right and freedom is being sorely tested in the internet age. Security is also a primary concern of American citizens in 2014. With the challenges, threats, and attacks of the past 20 years, and ongoing turmoil in the world, Americans demand security of a physical nature and expect their critical infrastructures (power, water, banking, roads, hospitals, etc) to function as normal on a routine basis. Individual security, corporate security, governmental agency/entity security, and the nation’s security are all major issues, and each of these comes under routine cyber attack. What is more, social media is used by our opponents as a means to recruit human assets against their our country. Security, as applied to one’s personal cyber space and one’s private information, are a key subset of the global security picture. Where cyber meets security, there are tradeoffs. What is clear is that individuals have insufficient security when their personally identifiable information is routinely stolen, when important national infrastructures are easily penetrated, and when, on an almost daily basis, we learn of massive data breaches of our largest commercial institutions and government-run programs. Privacy-Security Tradeoffs are a major concern to governments, civil-liberty groups, and individual citizens in 2014. Sometimes, the government asks companies, whether a Google, Facebook,

or power company, to share information to help it pursue potential terrorists or large-scale cyber criminals. Security often means denying, delaying, or suspending the kinds of privacy or the expectations of privacy that have been implicitly protected or required specific due process in the past. Since more of our lives, information, and activities are electronic, lines have been blurred. There is no single or easy answer to turning the dial between individual privacy and national security when it comes to suspected terror. And the collateral acquisition of information from innocent third parties is in fact the subject of significant national debate. Cyber research that helps ensure privacy will deliver needed information to ensure security comprises a grand challenge for our field. Trustworthiness is a growing concern in cyber. It may be that systems function and appear to work, but are they misleading or have they been tampered with? In some cases, malicious changes can be made to systems to cause them to fail or to produce wrong answers. Such behavior can lead to serious consequences when the systems being hacked are automobiles, trains, airplanes, or other life-critical systems such as pacemakers. Trusting the automated systems we have come to depend on puts us in a vulnerable state when these systems can be routinely modified from a distance and made to fail at will.

Insider Threats and Lone Wolves are concerns for commercial enterprises, for our national security, and often for our physical security in regard to workplace violence and recurring attacks on vulnerable institutions such as our schools. The role of psycho-social cyber, a combination of psychology, sociology, and engineering, is a nascent area of research and study. Because humans are in the loop in all things cyber, focusing strictly on the digital aspects of security, on the protocols, bugs, attacks, devices, and countermeasures fails to address the most important part of the adversarial enterprise— the rapidly evolving, smart humans whom we face. Large retailers and federal agencies, like the United

States Department of Defense, face insider and lonewolf threats, and these are notoriously reported in the media from time to time. The cyber dimensions of these threats and threat actors doing insider cyber damage from stolen financial information to intellectual property theft has elevated the importance and criticality of such research. A “Cyber 9/11” or a “Cyber Pearl Harbor” are attack predictions made by a number of knowledgeable people in industry and government from time to time. A decade ago, such predictions might have been labeled as alarmist—nowadays, not so much. It is clear that nation-state and terrorist actors could launch a massive cyber attack on the United States in addition to, or instead of, more conventional attacks. 17 With relatively low-cost, both actual losses and morale impacts of certain cyber attacks could be as significant as the most horrific two sneak attacks in our nation’s history. Detecting and preventing such massive attacks is a product of both intelligence analytics and complementary cyber research. The cyber portion of this includes understanding the meaning of classes of cyber attacks, supporting mechanisms to help comprehend the structure of criminal and opponent cyber enterprises, and in some situations, defining cyber countermeasures that amount to offensive cyber. While Auburn University doesn’t engage in offensive cyber work, the fundamental

advancing privacy, improving security, and exploring the privacy-security trade space where appropriate. We explore the psycho-social dimensions of cyber in carrying out our mission as well.

yber at Auburn University is not focused just on addressing the negatives of the Internet and mobile computing devices. It’s also about working to educate the next generation of cyber workers, to support community outreach, and to drive technology transition.

Our Vision

principles we teach help students to understand how attackers work, provide some of our students with the incentive to achieve the standing of “ethical hacker,” and reveal how newer and better system designs are needed.

Our Mission Our mission statement is this: Excel in cyber research, development, education, policy, and practice. Our mission defines the scope and roles of our cyber enterprise. We’ve chosen it broadly, with the goal of making impacts in a number of ways as

research translates into precompetitive products and eventually into the marketplace or as contributions to open and freely available technology. Notably, we care about practice as well as theory, about education and outreach as well as research and advanced development. The wrinkle of policies, which for us means political policies, corporate policies, and best practices and standards, provides a further means for us to influence and serve as change agents besides prototyping, designing, testing, and experimenting with cyber. We implement our mission through the prism of

Our vision statement is this: Auburn University is nationally recognized for cyber research and development with strategic impact on its community, the state, region, and the nation. What this means is that Auburn University excels in cyber work and is recognized by other academics, industry, and government for its contributions. Our vision statement is where we plan to go long-term. We are at a place of individual excellence and have a solid base of strong technical capability. We want to make a big difference through large-scale collaborative teams that work on problems from many perspectives. We foresee a cradle-to-grave role in cyber technology for students and scholars. Ideas prototyped by students and faculty are published in the open literature, patented or copyrighted where appropriate, licensed or shared freely depending on the economics of a given invention, and promulgated in any event for the improvement of society. Auburn scientists and engineers will keep their hands on the tiller of this complex and long-term process and help

ensure that economic growth occurs when creative success leads to results with commercial value. We intend to transplant our values as well as our technologies into startups and growing concerns over time and then bring back the lessons of industry to renew our next generation of early stage research and development. We intend to work outside our comfort zone and be students of our industry… cyber is rapidly evolving and so must we to gain an edge on our competition and opponents.

Action Plan In order to make a real impact on the cyber issues of today, the Auburn Cyber Research Center embarked on a comprehensive “reboot” on July 1, 2014. We undertook the following steps: • Restate our mission and vision, which we’ve shared with you here • Renew our commitments internally to interdisciplinary work in the Samuel Ginn College of Engineering • Expand our membership to professors and students outside engineering as soon as possible • Engage with industry and government • Explore and expand collaborations with cyber researchers nationwide and with

our statewide Alabama Cyber Research Consortium (alcrc.org), a group founded in 2013 between our seven PhD granting institutions in the state • Develop new and better intellectual property and research outcomes to support sustained funding and working with industry and government In the past few months, we’ve engaged with industry in a number of ways: • We’ve joined the new Industrial Internet Consortium, a group that includes the thought leaders of the so-called “Internet of Things” revolution. • We’ve joined the Object Management Group (OMG), a respected standards body that focuses on software engineering and communication standards with a direct nexus to government systems and to open systems. • One of us now participates in the National Institutes of Science and Technology (NIST) working group on Cloud Forensics. • We’ve joined the “Antiphishing Working Group,” (APWG) a leading international organization focused on email-borne malware and “ecrime ware.”

• We’ve created a new “Internet of Things” and “Malware analysis” program within our Center. • We’ve begun meeting with cyber-focused companies and organizations, leveraging, in particular, the huge focus on cyber in the Huntsville defense complex. • By the time this article is published, we will also have joined and started active participation in a number of other industrial consortia keyed to cyber. Our roadmap is to define and grow cross-linkages between our individual investigator research over the next year, explore and fund pilot grants that cross dis19 ciplinary lines, and build up the needed intellectual property to engage certain types of federal funding, while engaging immediately on applied research in the defense sector and with large-scale commercial regional and national enterprise. We expect to publish, present, experiment, and refine our intellectual property and build internal cohesion as a large-scale research center. We expect to engage with early steps in technology transition and company formation as early as 2016. We already have experience and success in “Small Business Innovation Research” type contracts, and we expect to grow this space of activity with small businesses in Alabama and the region.

A Call to Action for the Entire Auburn Family Our approach to cyber is that cyber safety is everyone’s responsibility, even though cyber research, development, and teaching are specialized areas of pedagogy. Active participation in one’s safety is a normal part of a life well-lived. Here are some safe principles for the Auburn Family (and everyone for that matter) to live by:

• Understand cyber safety and how not to get phished • Maintain up-to-date patches and malware scanners • Use common sense and don’t surf to strange or high-risk web sites • Learn how to make safe passwords—long is best—24 characters or more • Don’t share your passwords and accounts • Understand that if data about you can be found online, you should avoid using that information as part of your “security questions” dossier in an online account • Check your bank and credit card statements for anomalies frequently • Prefer credit cards over debit cards—debit cards aren’t nearly as safe • Don’t give out personalized information

in response to phone calls, emails, or other communications where you can’t be absolutely certain that you trust the other party, and then err on the side of caution anyway • Report losses and suspicions • Be aware that even though cyber attacks are growing rapidly, identity theft still happens more frequently through stolen physical garbage • Hold others accountable (such as businesses and individuals) to cyber safety too Here are ways some of you and others you know can help Auburn Cyber Center: • Encourage young people to choose Auburn University and select the Bachelor of Science degree in Computer Science and Software Engineering, or another cyberactive discipline, and then pursue cyberrelated topics in their undergraduate research, internships, and electives • Mentor our undergraduate and graduate students if your industry is cyber sensitive • Hire our cyber-ready graduates where appropriate • Engage with and collaborate with our faculty if that fits your job description

Alabama and nationwide • Accelerate faculty research of your choice through direct grants and gifts • Suggest other ideas of your own We’re open to your ideas. We welcome them.

Follow-Up with Our Center

Cyber at Auburn University is educating the next generation of cyber workers to drive technology transition.

• Donate your used mobile phone equipment, embedded systems, and other cyber-critical gear to Auburn; it helps us to get better at our work • Share the message with industry and

government that Auburn is a focal point for advancing cyber—solutions to problems and technology for the future • Advocate and support funding of cyber research, development, and education in

Our Center’s home is 2117 Shelby Center, which is currently being remodeled to become our Center’s focal point, including about a 1,200 square foot high tech “collaboratorium.” We’re part of the Samuel Ginn College of Engineering, with our administrative home located in the Department of Computer Science and Software Engineering. The member21 ship is currently made up of nearly two-dozen graduate students and approximately fifteen faculty members from across campus at Auburn and is growing in number and diversity of specialties and departments. We’re presently growing our Cyber Center along the interdisciplinary lines described in this article, but we have a long history and a longterm commitment to the cyber issues described here. You can follow our Center’s progress and activities by visiting us from time to time at our web site: http://cyber.auburn.edu.

The Alabama Cyber Research Consortium: A Dream Team of Cyber Researchers by Leslie Parsons

General Burgess addresses the ALCRC at Auburn University Montgomery.

In early 2013, seven Alabama universities with both depth and breadth of experience in the cyber domain joined forces to form a team of highly skilled and agile experts, equipped with leadingedge technology and resources. That team is the Alabama Cyber Research Consortium or ALCRC. Members include the seven PhD granting institutions in the state: Alabama A&M University, Auburn University, Tuskegee University, The University of Alabama, the University of Alabama at Birmingham, the University of Alabama in Huntsville, and the University of South Alabama. After years of informal and formal collaborations between smaller groups of the partner universities, the ALCRC is the culmination of individual and collective commitments to research, advanced development, education, and outreach in all areas of the cyber domain. The ALCRC is an active group of scientists, engineers, and affiliates committed to creating solutions with practical impact on the state, local, regional, and national economy.

Their analyses and solutions help consumers, corporations, and the public sector solve real problems as well as avoid significant harm involving cybercrime and related national security issues. Strengthened by partnerships with government and industry, the consortium is able to adapt to provide expertise and capability wherever and whenever required. “Auburn University is proud to be recognized as one of the founding members of the Alabama Cyber Research Consortium for our focus on, and role in, addressing topics of such vital importance to our state and nation. It reflects our commitment to the primary mission of serving the people of Alabama,” said Lieutenant General (USA, retired) Ronald Burgess, Senior Counsel for National Security Programs, Cyber Programs, and Military Affairs at Auburn University. In the fall of 2014, the ALCRC, along with The University of Alabama’s Cyber Institute and the University of Alabama at Birmingham’s Center for Information Assurance and Joint Forensics

Research, received a significant grant from the National Science Foundation to design a national conference on digital forensics in the spring of 2015. Held in Bethesda, Maryland, the event provided opportunities for members of the cyber community to address critical issues in digital forensics, including a lack of unifying ethical standards, procedures and guidelines for routine activities such as forensic analysis, cyber-crime case processing, and data mining/surveillance. “This award represents the first funding opportunity and significant national recognition for the ALCRC. It powerfully demonstrates the validity of the consortium and how closely tied together we are as members. It also speaks to the new ways in which higher education can organize to advance research in critical areas like cyber,” said Anthony Skjellum, COLSA Cyber Security and Information Assurance Professor in the Department of Computer Science and Software Engineering and Director of the Auburn Cyber Research Center in the Samuel Ginn College of Engineering at Auburn University. “This is the first time that the topic of ethical guidelines for digital forensic examiners has been openly discussed at such a high-level forum,” said John Sloan, Director of UAB’s Center

The ALCRC is an active group of scientists, engineers, and affiliates committed to creating solutions with practical impact on the state, local, regional, and national economy.

for Information Assurance and Joint Forensics Research and Principal Investigator of the grant. “We hope to develop policies and ‘best practices’ as a result of this conference that will assist forensic examiners and reduce potential lawsuits and mishandled criminal cases.” ALCRC members continue to seek further funding for their activities and are poised to provide support to the state of Alabama and the US through timely, innovative, and meaningful solutions to the cyber challenges faced today and in decades to come. To learn more about the ALCRC and its members, visit: www.ALCRC.org.

Kai Chang

Leader, Teacher, Tester, Planner

The field of computer science has changed dramatically in the last 30 years, and Dr. Kai Chang has experienced these changes firsthand. Chang has been teaching and researching in the computer science field since before he arrived at Auburn University in 1986. He currently chairs the Department of Computer Science and Software Engineering (CSSE), formed only two years before he was hired. A native of Taiwan, Chang came to the United States in 1981 and received his doctoral degree in electrical and computer engineering from the University of Cincinnati. At that time, the field of computer science was still in development, so CSSE was highly interdisciplinary, housing faculty from fields as diverse as mathematics, industrial engineering, electrical engineering, and chemistry. Now, the department focuses specifically on computer software, including computer and wireless networks, information security, human-computer interactions, modeling and simulation, software

engineering, operating systems, and programming languages.

The Dual Roles of Software and Hardware CSSE is distinct from, but related to, another department at Auburn, the Department of Electrical and Computer Engineering (ECE), which focuses on computer hardware—the parts of a computer that we can see and feel. CSSE focuses on the other end of the spectrum, software, which performs the applications we use every day, as well as the operating system, which mediates between hardware and software applications. To help us understand these applications, Chang compares computers to humans: “Hardware is like a human body. The training is the software. So it depends on the training you have; your body could perform very different things. You could play basketball, you can play football, or you can play soccer, or you can be a swimmer, right? It is the software that tells how and what the hardware should perform.”

Testing and Planning for the Future Chang began his career working on computer applications and studying artificial intelligence. Now, he focuses on software testing—methods for

resolving potential defects in a piece of software throughout the development process. Chang explains this research using an example of ATM software: “You may require that your ATM machine should be reliable, but what do you mean by ‘being reliable’? We like reliability to be expressed in some numbers. So, it is a mindset from day one that you think about preventing faults and error from sneaking into your software.

We also like to execute or test the system in a carefully designed way. When you say reliability, you may say, ‘Ok, I want this system to have mean time to failure of 1000 hours.’ Then we will be able to test with a goal in mind. Otherwise, [you might say that] the system has to be ‘highly reliable.’ Nobody will be able to test for that.” Whereas software testing often happens once software is created, Chang’s research suggests that testing should be taken into account throughout the entire development process, from inception to completion. In Chang’s opinion, the greatest advancement in computing has been “the dramatic increase in the computation power and storage capacity of hardware, which brings along the almost unlimited software applications.” Chang believes that, as a result, the future of computer science and software engineering will include an even greater variety of applications than we have today. Technology users benefit directly from this increase because software is the element that makes performing tasks possible: “It is the software that makes things happen. You could have your iPhone, but if you don’t have the software or if you don’t have the right apps, it’s a piece of metal. It is the software that will do the work for you.” Chang, along with his colleagues in CSSE, are developing new technologies that will make our devices better, faster, and more powerful.

RESEARCH IN CSSE Chang’s work in computer science complements the wide range of research by faculty in CSSE, from distributed computing networks to unmanned aerial vehicles (UAVs). Alvin Lim, for example, develops software for wireless sensors that can be used in the battlefield. Weikuan Yu develops better processing methods for large datasets across distributed data stores and computers. Related to Yu’s work is Xiao Qin’s research involving energy conservation for large data warehouses, particularly those that support cloud computing. Saad Biaz develops software for UAVs using GPS to plan their flight paths and prevent collisions, and Cheryl Seals’ research helps public school teachers prepare for classroom management through interactive game technology.

Bliss Bailey

Campus Networks: Wired, Wireless, and Secured

Often, the most important technologies are the most invisible, and no one knows this better than Bliss Bailey, Executive Director of Auburn University’s Office of Information Technology (OIT). In his 25 years working for OIT, Bailey witnessed the rise of the Internet from the ground up. After receiving a Master of Information Science degree at Auburn, he was hired as an entry-level user services specialist, performing rudimentary tasks such as cleaning the 5 ¼ inch floppy drives in campus computer labs. Now, he runs the entire OIT operation—from hardware to software and networking to security. In many ways, he is the technical steward of Auburn’s mission.

Witnessing the Internet’s Rise at Auburn When Bailey started back in 1989, there was no Internet, so he spent many years witnessing its rise, including the inconsistency of networking before the web. Faculty used Bitnet and VAX, systems

that allowed for email services and some other information sharing. Another system that allowed messaging on campus was Toss, in which faculty could “toss” each other two-line messages, in much the same way as Twitter today. Bailey laughs about this now: “The more things change, the more things stay the same.” Soon after Bailey started, the evolution of network technologies began. Jim Stone, who was the Director of Telecommunications at the time, made the decision to install fiber-optic cabling around campus, which created the backbone of Auburn’s network today. As Bailey notes, “That network has become the base infrastructure that allows everything to happen. Without all that physical infrastructure, there’s no campus network and then there’s no connection to the outside world.” Bailey watched as fiber-optic cables were laid in the ground, but students and faculty tend to forget they exist. Bailey contends that everyone is more concerned with wireless connectivity today: “Ironically, as much as we’ve invested in the fiber optics that are underground and the cabling we’ve put in the buildings, we’re trying to untether ourselves as fast as we can. Everybody’s got a mobile device now. We’re making huge investments in the wireless network.” OIT has been working with

wireless technologies for about 13 years. Bailey’s office has already replaced the wireless network a couple of times and plans to do so again soon. “It never ends,” he says. Like other utilities, such as electricity and phone service, networking has become an expectation, like turning on a light, for those around campus. “The analog to that expectation regarding that electrical utility is wireless networking,” Bailey argues. “You pull out your portable device, whether it’s a phone or a tablet or a laptop computer, you open it up and you expect that wireless signal to be there. And the students need it. The faculty are increasingly beginning to distribute content that way. Everybody’s got an app. Every textbook has some sort of multimedia component that comes with it or internet-dependent component that comes with it. It’s just got to be there.” Keeping this system running is a never-ending responsibility, another aspect of Bailey’s job that has changed over the years. “It used to be that, well, at 4:45, everybody went home. And so you could do what you needed to do,” Bailey notes. But now, “We’ve gone from pretty much a 5 by 8 business week to 7 by 24. Nothing ever shuts down.” Students, faculty, and staff need access to email, files, servers, and instructional systems

at any hour of the day. Many network systems, including the major campus firewall, have backup systems because the network can not stop, even for maintenance.

Faculty Research in the Cyber Age One area of significant change is faculty research; faculty are storing, accessing, and processing their research data in the cloud, so OIT has less responsibility to help them build and maintain servers of their own. Bailey has seen technology change the way research is done. Increasingly, faculty collaborate with peers across multiple institutions and share information across networks. 49 They use Skype and other video conferencing tools to communicate in real time. Funders of research encourage such collaboration, and technology allows it to happen. The future, according to Bailey, will feature an even greater dependence on networks. More and more information will be stored in the cloud—on servers that are often not even owned by Auburn University. Student email is stored elsewhere, as are files and data. Students, faculty, and staff use Auburn’s networks and portals to access outside servers and websites, so part of Bailey’s mission is to maintain these gateways to the world.

ike other utilities, such as electricity and phone service, networking has become an expectation, like turning on a light, for those around campus.

The convenience of wireless technologies and cloud storage also brings the risk of hackers, computer viruses, and identity theft. Bailey’s office must provide internet security while maintaining flexibility in the network so that faculty and students can virtually collaborate with ease and access important information without significant barriers. “We’re constantly trying to find the right

balance there,” notes Bailey. “It’s becoming more difficult. The barbarians are at the gates. They really do want to get in, and they want your personal data. They want institutional data. They want intellectual property. It’s organized crime. It’s industrial espionage… It is real, and it does exist. At the same time, if we throw up an impenetrable wall, that stops collaborative research from taking place. So,

it’s a tough balance.” And so, Bailey’s job is changing again, from cleaning floppy drives to laying cable to installing a wireless network to insuring the safety and privacy of the Auburn community.

tâ&#x20AC;&#x2122;s becoming more difficult. The barbarians are at the gates. They really do want to get in, and they want your personal data. They want institutional data. They want intellectual property. Itâ&#x20AC;&#x2122;s organized crime.

Auburnâ&#x20AC;&#x2122;s Radio-Frequency Identification (RFID) Laboratory by Emma Kinsey and Joseph Sharp

What Is RFID?

Product distribution has become increasingly important for businesses in a capitalist and consumer-based society, where the ability to assess customer buying trends makes the possibility for future exponential growth a more tangible reality. Although there are a number of ways to go about inventorying a businessâ&#x20AC;&#x2122;s stock, the most common method is through barcode tracking. However, over a decade ago, the retail world introduced a game-changing technology that few people understand today. RFID is shorthand for Radio Frequency Identification technology and refers to small electronic devices capable of carrying up to 2,000 bytes of data, primarily used for identification and tracking. Since RFID Laboratory founder, Bill Hardgrave began developing the technology at the University of Arkansas in 2005, RFID devices have become

instrumental in changing the nature of retail marketing and sales. This represents a paradigm shift for retailers similar to that which handheld mobile phones first presented. Although the technology was initially clunky and inconvenient, cell phones have become lightweight lifelines, dictating nearly every method of current communication and normal functioning—a prime example of “disruptive technology,” which Hardgrave, now the Dean and Wells Fargo Professor for the College of Business at Auburn University, describes as a “solution in search of a problem” in the same way that RFID devices threaten change. “It changes the basis of competition,” Hardgrave said. “It enables us to do things we were really unable to do before.” RFID essentially serves the same purpose as the magnetic strip on the back of an ATM card. Transponders, or “tags,” consist of a chip, an antenna, and memory storage. By using radio waves, information can be sent and interpreted from two different types of tags: “active,” which contain their own power source, and “passive,” which do not. The former also possesses more memory capacity and can be read at greater ranges, while the latter is activated briefly by a radio frequency scan from a reading device. Both offer a unique identifier for particular objects, such as clothing or canned foods. Several other common applications for

RFID are in dog tags, credit cards, prescription medications, and iPhones. After meeting with Senthilkumar CP, Auburn RFID Lab Director of Technology, the technical usage of RFID became much more understandable. “With an RFID tag, which also has a serial number, you can distinguish between two individual packages of the same item,” CP said, showing us a modified clothing inventory scanner. “You can take a scanner, read the barcode, and tell what the item is.” He explained that traditional barcodes are accurate only about 70% of the time, which hinders businesses from making profitable returns on their investments. “Think of RFID as the next generation barcode. The information on the tag tells which product it is, and then the radio antenna can

RFID “tags” can be either active (powered) or passive (non-powered) and consist of a chip, an antenna, and memory storage.

transmit that information,” he iterated to explain how RFID offers product-level identification. Hardgrave, in turn, argues that RFID technology has been underutilized and mischaracterized as a “barcode on steroids” since its introduction to the retail world. It has moved well beyond its initial application in tracking quantities as a supply chain tool for pallet and case level. Since 2006, retailers like Dillard’s, Macy’s, Walmart, and J.C. Penny have found item-level uses for RFID. Simply by having antennas in the ceilings of their stores, businesses can become more efficient and strategic in their use of personnel. While progressive, RFID does not spur either incremental or transformational change by 67 bringing improvements to existing processes or driving the development of new methods. Rather, Hardgrave argues, RFID stands out as having disruptive potential. In addition to replacing the less efficient barcode method of tracking and reducing the need for human involvement in inventorying stock, RFID works to prevent the loss of goods and price changes, enabling “Omni-channel retail,” which is the ability to provide consumers with a consistent experience, whether shopping in the store or via a remote technological method. Because the technology has proven so easily implemented and unarguably beneficial, RFID is

forcing most businesses to get on board with this new wave of technology if they haven’t already. The result, hopefully, will be a better tailored and more efficient shopping and buying experience for the consumer.

What Exactly is an RFID Lab? The RFID Lab’s physical location at 1530 East Glenn Avenue does not look like a typical university building. In fact, the lab is a repurposed grocery store that the university is refurbishing into a state-of-the-art research facility. The lab, still currently under construction, is set to have its grand opening on May 15, 2015. The lab is composed of five discrete research 68 areas: shipping and receiving, warehouse storage, distribution, manufacturing, and retail. The back of the lab is dominated by a shipping and receiving platform where trucks can be loaded and unloaded and the applications of various RFID technologies can be tested to increase the efficiency of the process. In addition to shipping and receiving, separate areas exist to test RFID applications as they pertain to distribution systems and product manufacturing. Once a “product” has been unloaded, it is then transferred to a simulated warehouse where it is held until later brought to the front of the lab,

Trucks can be loaded and unloaded, and various RFID technologies can be tested to increase the efficiency of the process.

which serves as a replica of a retail storefront. The storefront is set up like a traditional retail department store, complete with cash registers, student workers, and “consumers.” The retail displays are set up on casters so the storefront can be easily rearranged. The lab is designed to parallel the supply chains of the large retailers that serve as primary consumers of RFID technology. Theoretically, the RFID lab can follow a product from its manufacture to its eventual purchase by a consumer and can test

RFID applications at each step of the supply chain. It is this comprehensive scope that sets Auburn’s RFID Lab apart. “With the space provided, we have the opportunity to look at how RFID works in a number of different settings,” lab director Justin Patton said. “That’s one of the great things about moving to Auburn. When Hardgrave started the lab at the University of Arkansas in 2005, RFID applications were very retail-focused. Now, the applications are a little broader, and we can test those new, broader applications here.” When Patton received a call in 2010 asking if he wanted to move the RFID Lab from the University of Arkansas to Auburn, there was no hesitation. “What made Auburn so attractive to us was that it

was presented as being a joint venture between the College of Business, the College of Engineering, and the College of Human Sciences,” Patton said. “Here, we are in an actual university building that’s on the bus route, so it’s easier for students to visit. There is more faculty access and more resources. The whole situation is a lot nicer.” The collaboration between the colleges of Business, Engineering, and Human Sciences has allowed the lab to explore RFID applications beyond its traditional retail focus. While each college has different areas of research interests, the collaborative effort is what makes the RFID Lab special. “The College of Engineering is very interested in the development of new types of technologies and the movement into new spaces like manufacturing and industrial engineering,” Patton said. “The College of Human Sciences, especially in their Apparel Studies program, is very interested in how RFID is going to affect retail. The College of Business is interested from a business space perspective.” The RFID Lab consists of more than just a space to test emergent RFID technologies. Eventually, classrooms and a consumer behavior lab will be housed in the lab. The confluence of the public and private sectors place Auburn at the forefront of RFID research—both technologically and commercially.

Education, Research, and Outreach Patton and CP really became passionate when they talked about their students. “For us, what we really care about is the education of our students,” Patton said. “Everyone who works at the lab now started as a student worker at the lab. We always say that the lab has three purposes: education, outreach, and research. There’s a reason education is listed first.” CP sees the value education can provide to both faculty and students with concrete examples of concepts covered in class. “They talk about a lot of concepts in class, whether it be consumer behavior or new technology, but they only talk about concepts,” CP said. “When they come to the lab, they can actually see these behaviors or technologies in action. Now they have the real world facilities where they can show concepts in action.” Both Patton and CP imagine the RFID Lab primarily as a tool for students to learn about realworld applications of the technologies and theories they study in class. Eventually, classrooms will be housed in the RFID Lab and classes, such as Survey of RFID Technology and Database Systems, will be taught from the lab’s physical location. The RIFD Lab is not only an educational tool for students, however. It also serves as an educa-

Justin Patton (center) and his team at the RFID Lab.

tional tool for industry leaders in RFID technology. CP stressed the role of the lab as a “neutral” research facility. Essentially, when a new technology emerges in the RFID sphere, companies bring the technology to Auburn in order to have it tested. As a neutral party, the RIFD Lab is able to review technology without recommending particular products. “When there is an emerging technology, there is always a lot of excitement, and people want to know how that technology works,” CP said. “When a new technology emerges, the technology companies come and usually have a

demo set up. When we play with it, they get feedback on how well the technology is working and how the technology can be improved to make the product work better.” Retailers can tour the lab and test products to see how they could apply new technologies to their own stores. The lab also produces white papers that explain how the new technology works and what sort of applications it could have for consumers of RFID technology. This is the focus of the RFID Lab’s industry outreach. The lab’s goal is to help consumers of RFID

technology make the most educated decision they can for their businesses. The lab also holds quarterly meetings between members of Auburn’s faculty and industry leaders in order to discuss the emerging areas and applications of RFID technology. This merging of the academic with the commercial makes Auburn’s RFID Lab unique among academic outreach programs. Research forms the third pillar of the RFID Lab’s organization. The collaboration between the colleges of Business, Engineering, and Human Sciences, makes the RFID lab extremely effective as a platform for research. Though each college has its own unique research interests, these interests complement and, oftentimes, illuminate each other. “The collaborative nature of the lab has definitely helped with research,” Patton said. “We get different faculty members from different colleges working together. They tackle the same problems from different perspectives, and that has brought forth a lot of fruitful research.” Auburn has particularly been on the forefront of RFID research in the area of food safety. “The FDA has mandated traceability back to the farm for a lot of food items,” Patton said. “But, they’ve had to push back that mandate a few times because they haven’t had a good way from the technology perspective to implement that mandate. Every year

we’ll see something in the news, like jalapeños two years ago, or Peter Pan peanut butter 10 years ago becoming contaminated with E. coli. We’re looking for a better way to trace back your food to their raw materials and ingredients, whether it’s livestock animals or crop farms.” CP explained the thought behind applying RFID technology to food safety. “If you want to make your food safer, one of the things you want to know is the pedigree—where it was grown, where it was processed, where it was stored, how long it was stored. Doing that right now is really challenging.” Since RFID communicates through radio waves, it often has difficulty functioning properly around large metal containers, in which food is generally shipped. Patton and CP both believe RFID technology will advance, and once this happens, it can be used to make our food safer by giving us more knowledge about where it came from and, thus, improve quality control.

How Does Auburn’s RFID Lab Help University Students? The lab will both cater to and serve as a resource for the university’s student population. One of its main focuses is centered on outreach, “an industry and academic consortium,” lab director Justin Patton explains. “We meet quarterly with faculty,

and we have what is called an advisory board. So we get industry folks sitting right next to academics.” The goal is to provide students with resources they can utilize in direct relation to their field of study, in terms of supply line management or technological implementation, especially. Patton and CP enthusiastically shared with us the story of one student named Logan who worked in a retail store. “He studies supply chains here at the College of Business, and when he started working here was able to apply the concepts that he learned here and how to use RFID with things he had seen at the store.” When a team from Logan’s retailer came to the lab in September to explore the idea of beginning to use RFID, Logan was a valuable and trusted source for information because he understood and had experience with both sides of the equation: retail operations and technology implementation. “He went from working in the store to doing consulting work for the corporate office while in the process of graduating college, after spending just two months working at the lab,” Patton told us. “That’s awesome. The student impact is the most important thing, and everybody says that, but we really believe it—every one of us was a student once.” The lab is structured so that students, ideally, work about twenty hours a week. The goal is to

train a cohort of individuals from a young age to learn the ropes of the lab and to understand the technology so they move on to train the following batch of younger students. “It’s really attractive to industry folks because they get good quality people who know the technology. It helps the university when you can get a sophomore or a junior in college to sit down and talk to the CEO of a major retailer and explain it all,” Patton pointed out to us. Perhaps above all else, working at the RFID Lab helps to create multidisciplinary students—a valuable trait to have in a world where the need for specialized work is, largely, dwindling. It helps to have students who can do it all, in terms of understanding a technology and having the skills with 71 which to implement that knowledge. “We are thrilled to have the RFID Lab at Auburn University,” said Hardgrave. “For almost 10 years, it has proven to be the go-to place for RFID research. The opportunity to continue the great work while expanding its scope at Auburn is exciting.”

Changing Names but Not Appearances: RTVF’s Switch to Media Studies by Joseph Sharp and Emma Kinsey

The fall of 2014 marked the first semester for the Media Studies program in Auburn’s curriculum since its recent name change from the Radio, Television, and Film program. The switch is substantial, but does more to reflect the changing times than a change in course curriculum. Dr. George Plasketes, Professor and Associate Director for Media Studies, was instrumental in guiding the process for change and also highlighting the various reasons for and impacts of the switch in names. On a basic level, Plasketes explains that Media Studies feels “more contemporary and probably more comprehensive in terms of what direction we’re going.” Undergoing a similar identity switch, the Department of Communication and Journalism recently became known, rather, as the School of Communication and Journalism—a minor detail, perhaps, but one that likewise reflects an attempt to modernize and broaden the avenues of study over which the school presides. The change within

the department preceded that of the change in the program, but both occurred nearly in tandem—a fact that only further emphasizes the school’s desire to revive and update the image of its program. According to Plasketes, “We [the department] felt that Media Studies would best represent where we’re headed and what we do as a program. Both on a creative and practical level as well as a theoretical, historical, cultural level—we thought it was comprehensive for all those things.” The name change, in significant part, does reflect a change within the program itself; as technology becomes more advanced, the prevalence of certain communication mediums decreases—that of both radio and television, for example. However, Plasketes emphasized that nothing within the program has been negated but, rather, changed to reflect contemporary times when it comes to modes of communication and technology: “there’s so much terminology out there, digital, emerging, new media, platforms, multimedia, and I think they’re all sort

The fall of 2014 marks the first semester for the Media Studies program in Auburn’s curriculum since its recent name change from the Radio, Television, and Film program.

of talking about the same thing. We felt that Media Studies would best represent where we’re headed and what we do as a program.” Plasketes noted that the challenge facing current journalism students is finding a way to adapt journalistic practices and ethics to the emerging technology of the twenty-first century. News and media are now consumed in ways that would have been unimaginable even thirty years ago. The fall of traditional print news has opened the door for webbased news sources. News anchors now appear on television with their Twitter handles directly under their names. Aim device at the image above to view enhanced media.

It’s not only change that students of journalism have to adapt to; it is also the pace of change. “I think we’re at a point in society where no change surprises us anymore,” Plasketes said. “We expect change. Is there an app that really blows you away anymore? No, you just kind of expect it now.” This constant pace of change has had larger impacts and implications on culture. “We’re just now starting to figure out the ramifications of some of the changes in the field,” Plasketes said. “How it changes our sense of time and space and place and connectivity. We’re more connected than ever—more immediate, for better or worse.”

In a time when there are multiple 24-hour cable news channels on air and when breaking news is only a click away, consumers expect news to be both immediate and accurate. Plasketes said part of the mission of the School of Journalism and Communication is to teach students how to adapt to this new focus on immediacy. “The form of everything has changed a lot,” Plasketes said. “Journalistically, in particular, stories break on Twitter. It’s not like, here’s all this column space for tomorrow’s paper. There’s that emphasis on immediacy.” So, how does the School of Journalism and Communication handle all these changes in the field of journalism? By adapting: “I think the name 73 change to Media Studies reflects our adapting to change and our trying to educate the current generations and the forthcoming generations—all the millennials—to make sense of these things,” Plasketes said. “And of course that includes things like having courses that are going to teach students about writing for blogs and even Twitter.” The challenge, then, becomes structuring a program which adapts to the times in both outward presentation and internal teaching method. This seems to have been accomplished, in fact, by changing the program’s name from RTVF to Media Studies. When probed about the impact of the change in a

Students whose transcripts reflect their Media Studies course work will have completed a degree that best represents contemporary times.

larger sense, Plasketes admitted that, importantly, some of these things “are about identity and branding—labeling, things like that” but also made a point to clarify that with the move “from department to school, there wasn’t overhauling of the courses or the programs. We still have the same four programs. I think they are very positive changes, and they aren’t really change for the sake of change.” Despite this fact, interestingly, many students weren’t pleased with the name being changed to Media Studies. Plasketes described the reaction as “like an angry mob” when he brought it up in class. His prediction is that those students unsettled by the change are concerned that their transcripts would in some way be negatively impacted by the change. To his concerned students, Plasketes explained that the change was “like that of the artist formerly known as Prince now currently known as Prince, when he changed his name” or like “James Brown singing Papa’s got a brand new bag —that, RTVF has a new bag, and it ain’t no drag, and it’s going to be okay.” In reality, students aren’t negatively impacted but in a potentially positive way instead. Importantly, in terms of labeling, students whose transcripts reflect their Media Studies course work will rightfully appear to have completed a degree that best represents contemporary times.

Plasketes assures us as well as his students, “We wouldn’t have made any changes if we felt it was going to be detrimental to the program or the school, especially to students both now in the program and down the road when they graduate and are trying to get internships and jobs and things like that. I think it’s a positive thing.”

eâ&#x20AC;&#x2122;re at a point in society where no change surprises us anymore. We expect change. â&#x20AC;&#x201C; George Plasketes

Philip Chaney

Digital Geography: From Analog Maps to Information Systems

When a tornado strikes, are there enough storm shelters? If so, are they in the right places? After a hurricane, how do we know where supplies are most needed? What neighborhoods are the least likely to complete the census? These are the kinds of questions geographers are asking these days, thanks to mapping technologies known as Geographic Information Systems (GIS). GIS are computer applications that store, aggregate, and compare data to create maps that offer new types of information. These maps can be used to help solve social and environmental problems because researchers can layer different types of information on top of them and create visual representations of complex data. Examples of some of these layers are populations, terrain, municipal infrastructures, and even crime statistics. Phil Chaney, an Associate Professor of geography, has watched his field adapt to these new technologies, growing into a discipline that uses

digitized data and virtual 3D modeling to learn about both land and the people who inhabit it. Most of Chaney’s research has focused on the impacts of extreme weather on human populations. He has studied the hazards of tornadoes, hurricanes, and even earthquakes. Currently, Chaney’s work focuses on tornado preparedness in north Alabama, plotting storm shelters and interviewing residents to find out if, and where, they sought public shelters.

From Compasses to Computers Chaney began his geography career before the proliferation of computers and is proud of his ability to both draw and use a traditional print map. Thanks to his hands-on training, he does not worry about getting lost in the woods: “I know the old school way. I could pull out the paper map. I could use the compass [and say] ‘All right, we’re going this way, and here’s how long it is. We’ll be out of here in five hours.’”

Moving beyond his traditional training, Chaney has adapted well to new methods of map-making and has even used GIS applications to help Lee County better prepare for tornadoes. Working for the Lee County Emergency Management Agency (Lee County EMA), he used the Internet to compile data about where each tornado siren is located throughout the county. He then overlaid data about the sound range of each siren. Next, he created a map that combined this information with population density data for Lee County, making circles where the sirens could be heard. He concluded that citizens living outside of the circles, including one significant area of downtown Opelika, were probably not receiving tornado siren warnings. The Lee County Commission saw the map and immediately began to improve and expand the siren system.

The Many Uses of GIS Chaney’s tornado siren map is just one of a multitude of uses for GIS. Maps can predict the impact of hurricane storm surges on coastal cities, including the places where cell towers, fire stations, and heavily populated buildings will be located. They can plot land use in a farming community, displaying the impact that various crops have on the local soil. And, they can be used to show the

locations of 911 responders and their proximity to heavy crime areas. Chaney believes that this data has the potential to bring great change, but only if government and industry leaders know how to use it: “Technology only takes you so far, and then at that point, it’s still down to people making decisions. You’ve got to understand the data and understand what it’s telling you. And then you’ve got to figure out what to do next, how to manage the situation. People think [technology] will do everything for you. It’ll do a lot, but still you need people to understand what it’s saying and to make those decisions.” Likewise, GIS software is only as good as the data it analyzes, so researchers need access to quality information. The US Census Bureau, for example, supplies large amounts of data about US populations, demographics, and geographies. This information—available in a form usable by GIS programs—is vital to the work of many social scientists. Over the last twenty years, the US Census Bureau and other government municipalities have made the data freely available via the Internet. This instant access to large amounts of data changed the speed, complexity, and volume of research happening in the social sciences. Citizens have become involved as well through movements such as public participation GIS, wherein individuals

can use their own GPS systems to help gather local geographic and demographic information. However, instant access to so much data has potential dangers. This access exposes information about our national infrastructure and other potential targets for groups like terrorists. “All kinds of things are out there,” Chaney said, “and if somebody’s got a devious mind, they can find some way to use that.” Determining whether information is valid or false is a challenge as well. Everyone, including government officials and other leaders, should scrutinize all data, especially when it is found online. Some data may be incorrect, or it may even be old. A fifty-year-old map, for example, may have a shoreline that is now in a different location. 83 But Chaney is optimistic both about the future of his field and the usefulness of GIS applications in society. The technology exists to learn many things about our land and our society, but people have to catch up. “All kinds of businesses and agencies and so on are using this data,” notes Chaney, “but they’re not thinking of the location as being part of what they do.” However, GIS will become a more pervasive tool, leading others to realize the usefulness of studying our place on land and in society.

Finding Needles in Virtual Haystacks by Robert Norton

Open Source Intelligence in the Cyber Age

hen people hear the word “intelligence,” they naturally think of the mysterious world of cloak and dagger adventures and “double naught” spies. Spies are certainly a part of the game but are an overestimated element. Far more numerous are the analysts who make up the true brain trust of the United States Intelligence Community (IC). That community depends in part on Open Source Intelligence (OSINT), the collection of publicly available information and the aggregation of it into useful forms. By applying various analytical processes (statistical, temporal, socio-cultural, or technical analyses, etc.) to extract meaning from data, end users or “customers” receive products or “reports” that offer answers to their questions. Viewed from the broadest perspective, the work of the IC can be categorized into investigating secrets and mysteries. Though the two are related, they remain distinctly different. A secret is something hidden from others and only known by a few. It has to be discovered. A mystery, on the

other hand, is something that can only be known by being revealed and is usually never totally understood. Where my stash of cookies is stored is a secret from you, my potential adversary, who also wants to find them. Whether I ever intend to eat them is a mystery, although perhaps not a very profound one, since pattern analysis on me assures the probability is high that I actually will. The IC deals

in many cases with deep secrets and profound mysteries. The “virtualization” of information in the ever-expanding cyber realm has perhaps made both discovery and revelation more likely and yet, paradoxically, more difficult, if for no other reason than the sheer volume of data that has become available. Intelligence professionals often refer to the problem as a “signal to noise ratio.” Imagine try- 135 ing to hear and understand a conversation between two people sitting somewhere (you don’t know where) in Jordan-Hare Stadium during the final 10 minutes of the Iron Bowl, with Auburn having just scored a touchdown. The “signal,” or target conversation, is very small compared to the noise of the crowd. Information residing somewhere in the cyber realm (again, you may not know where) suffers from high noise and a low signal. The trick today remains in how to find what is needed in the most expeditious and economical way.

Auburn Answers the Challenge The Auburn Open Source Intelligence Laboratory (AU-OSINT) began taking on that challenge in 2006, when several “out of the box” thinking faculty members and a small number of very bright students decided that needed information could be found more quickly and insight achieved more economically by applying new analytical techniques, many of which had not yet been developed. The beginnings were humble to say the least, with as many as 15 students crammed into what can only be politely described as a very small laboratory or, more accurately, a large closet. But magic started to happen immediately, to the point 136 that potential business and government customers began visiting the Plains to seek assistance in solving problems facing their constituencies in the wake of 9/11. Ways of spotting the signal through the ever expanding cyber noise were developed and perfected, and valuable insight started to become the norm. Students began to develop products worthy of intelligence professionals representing business, military, IC, and governmental interests. Student capabilities accelerated in even more pronounced ways as military intelligence professionals returned to the classroom and veteran numbers increased at Auburn. Analytical

magic began to happen with the development of new ways of thinking and the application of business analytical tools.

Auburn’s Growing Reputation Information sharing before the attacks on the World Trade Center and the Pentagon was not a common practice. The 9/11 Commission Report made clear that the tragedy was in part due to deficiencies of data sharing. After the dual tragedies, followed quickly by the anthrax attacks, information sharing became a necessity, if not an organized one. In the midst of the resulting confusion, the web expanded, and the sheer volume of information increased by magnitudes. Faculty and student research projects proliferated and AU-OSINT’s reputation grew as a place where cutting edge OSINT analysis was being conducted. With the expansion of the projects came the need to expand into newer and much more commodious facilities. The laboratory now resides in a new location, giving us access to space far more conducive to business practice. AU-OSINT’s areas of interest vary widely, influenced in large part by the research interests of collaborating faculty and diverse needs of the student associates. The laboratory currently specializes in the areas of science and technology assessment,

medical intelligence, cyber intelligence, and food, agriculture, and water intelligence. Students working in the laboratory answer the needs of government, military, and industry clients for short-, mediumor long-term projects. Students are assigned to project teams in order to expose them to peers from other degree programs and to develop a diversity of perspective and thought. Lab operations marry

the needs of the students with the needs of the customer. Over time, students develop analytical prowess and subject matter expertise, while customers have an opportunity to pre-screen potential future employees. The laboratory strives to place knowledgeable and proficient employees who can achieve productivity at a faster rate than most entry-level employees. Customers have consistently reported

that new employees coming from Auburnâ&#x20AC;&#x2122;s OSINT Laboratory achieve productivity 6 to 12 months faster than their cohorts.

Forecasting the Future What is the future for Auburnâ&#x20AC;&#x2122;s OSINT Laboratory? Those developments will be difficult to predict, but will no doubt be interesting. State and federal government funding has been dwindling. Like the government, businesses must deal with an overabundance of information and a scarcity of expertise. Big Data, which describes the proliferation and potentially overwhelming availability of information, will likely heighten the need for the sort of resources the OSINT Laboratory 137 offers. Layering different types of information (e.g. informational, imagery, audio, etc.) is increasingly practiced in the laboratory. Demands for threedimensional modeling and exploration of 3-D printing are also increasing. Innovation in a highly competitive business environment and increasingly dangerous world can only be achieved by turning bright and well-educated minds onto new and emerging problems. Ten years from now, the laboratory will likely be doing things that canâ&#x20AC;&#x2122;t even yet be imagined. Its real legacy will be the people who will emerge from it ready and eager to work OSINT magic, wherever they land.

The Most Dangerous Threat by Eric M. Oâ&#x20AC;&#x2122;Neill

The Trusted Insider: The Spy in the Worst Possible Place

n recent years technology has made a major impact on the way we think, how we work, and the manner in which we share information, both professionally and privately. The immense ability to instantly transfer information, thoughts, and ideas across a world stage has led to an unprecedented boon in information availability, research sharing, and both social and industrial development. But in promoting a golden age of information sharing, we have left the door open to predators who seek to steal confidential and private information to gain an industrial or economic advantage, usurp the careful safeguards we erect around our privacy, and even steal our identities. The knee-jerk reaction in security focuses on cyber. We have sought to protect the Internet, a system never designed for defense and woefully vulnerable to malicious attack and exploit. Terminology such as “firewall” and “incident response,” “access control” and “malware analysis” have become the new lexicon for the information war. We are Aim device at image to the left to view enhanced media.

national agencies, and preserving the technology development that has established the United States as the dominant world power. However, as we strengthen our firewalls and rolebased access to prevent hackers from sneaking in, security too often fails to address the most invasive and damaging security threat: the trusted insider.

A Walk in the Park

Robert Hanssen

concerned (and rightfully so) about protecting aged systems key to defending our critical infrastructure, preventing data theft from external exploits of

On the morning of February 18, 2001, senior FBI Agent Robert Hanssen carefully walked into Foxstone Park in Vienna, Va., only about eight miles from the CIA Headquarters and less than a mile from his home. Taking care to make sure no one followed him, he approached a well-used footbridge and paused a moment before slipping quickly off the path and ducking underneath. He reached into his loose sport coat and produced a package of hidden secrets, tightly wound with black plastic and duct tape. Carefully, Hanssen slipped the rectangular package under the bridge’s support strut, completely hiding it from view.

159

160

His actions must have weighed on him as he climbed to the footpath and started out of the park. One cannot imagine what ran through his head as he reached his silver Ford Taurus only to find himself surrounded by FBI counterintelligence agents and ordered to the ground. He surrendered immediately, remarking that “the guns are not necessary.” The secrets he had “dropped” under the bridge (also called drop site “ELLIS”) were never recovered by Hanssen’s Russian intelligence agent handler. But this was not the first time Hanssen had taken this particular walk in the park. Hanssen pled guilty to espionage after approximately twenty years of spying for the Soviet Union and Russia. For most of his FBI career, Hanssen worked in the FBI’s National Security Division and had access to classified information relating to the foreign intelligence and counterintelligence activities of the FBI and other United States Intelligence Community agencies, including the CIA, NSA, and the Defense Intelligence Agency. This substantial ability to access secrets across the intelligence community led to an unprecedented buffet of secrets for Hanssen to steal. On over twenty separate occasions, Hanssen clandestinely left packages for the KGB and its successor agency, the SVR, at dead drop sites in the Washington, DC, area. He also provided over two dozen computer diskettes contain-

ing additional disclosures of information. Overall, Hanssen gave the KGB/SVR more than 6,000 pages of highly classified information. In his lengthy career as Russia’s top spy, Hanssen stole secrets that systematically compromised the United States’ ability to conduct counterintelligence. He provided the Russians “ways and means” information on how the US performs national counterintelligence operations, information related to foreign assets, and information that compromised undercover operations. Hanssen also revealed information related to the US nuclear arsenal, provided contingency of government plans for a nuclear attack, and dropped information that led to the deaths of United States intelligence assets. The FBI investigation lured Hanssen back to FBI Headquarters with the promise of a promotion to the newly minted Information Assurance Section, the FBI’s first attempt to create an office dedicated to cyber security. The FBI took great risks in devising the undercover operation to build the case against Hanssen, largely to ensure an espionage conviction. Only by catching Hanssen in the act of espionage (placing national security information in a known Russian drop site) could the FBI pressure Hanssen to reveal the information and programs he had compromised. The risk came in providing unparalleled information access to a known traitor. The

The Naîve Spy

The bridge where Robert Hanssen hid the package of secrets for a Russian intelligence agent handler.

undercover operation had to succeed. Otherwise the FBI’s own sting operation could have written the next chapter in Hanssen’s very successful spy career. Hanssen has been called the most damaging spy in United States history, and his actions highlight a key example of the extensive damage a trusted insider can cause to an organization, even one as security-focused as the FBI. The investigation that led to Hanssen’s capture and arrest outline the significant steps an organization must take to identify, build a case against, and ultimately catch a spy that operates from within the security perimeter.

Recently Edward Snowden, a contract analyst for the NSA, admitted to stealing hundreds of thousands of highly classified files detailing US intelligence collection programs by the NSA. The NSA estimates that Snowden may have stolen up to 1.7 million classified files, and the Director of National Intelligence characterized Snowden’s theft as one of the most damaging in history because it has compromised critical foreign intelligence collection sources. After stealing the documents, Snowden fled to Hong Kong in the People’s Republic of China (PRC) and then Russia, where he has since remained under an asylum plea. Operationally, the US Intelligence Community must now assume that the Chinese and Russians have collected all information stolen by Snowden, not just the information that Snowden provided to various media outlets. Snowden is currently wanted by the US on charges of theft of US government property and espionage. His few media appearances have demonstrated significant arrogance and naiveté regarding the damage Snowden has caused. Snowden’s security breaches parallel the destructive damage Hanssen caused to the intelligence community in at least one respect. Both trusted insiders revealed information that compromised

the ability of their respective agencies to function, costing significant time and money in review of procedures and requiring years of diligence to assess and correct the damage. The alleged motivations for spying differ between Snowden and Hanssen, and their reasons for doing so continue to be debated by the Intelligence Community. Ultimately, however, the “why” does not matter in light of the profound damage each caused to their respective agencies, the larger Intelligence Community, and to United States counterintelligence goals.

The Double Recruitment In February 2007, around the same time the movie Breach, which chronicles the investiga161 tion and arrest of Robert Hannsen, was released, Motorola software engineer Hanjuan Jin walked onto the jet bridge to board a flight to Beijing, China from O’Hare International Airport in Chicago. A US Customs officer stopped her as part of a random check of passengers, noting that she had a oneway ticket. A search revealed that Jin was carrying $30,000 in cash in her laptop bag. Her carry-on bags contained Motorola documents marked “confidential and proprietary information.” The documents described Motorola’s dated iDEN mobile communications system, which was used by law enforcement, emergency responders, taxicab dispatchers, and the

162

Israeli and South Korean armed forces. The subsequent investigation concluded that Motorola competitor Lemko Corporation and Chinese firm Sun Kaisens, which develops products for the Chinese military, had hired Jin to spy on her employer. Sun Kaisens gave Jin classified Chinese military documents to review in China as part of her work for them. She also retained her access to the Motorola servers while on vacation in China, enabling her to continue to download proprietary documents directly for her Chinese handlers. On February 26, 2007, six days after Jin became a naturalized citizen of the United States, she accessed approximately 200 Motorola technical documents

from the company’s secure internal computer network. She returned later that night (at 9:00 PM) and downloaded additional documents. The building’s security recorded Jin leaving after midnight on two separate occasions with hard copy documents and other materials. All told, Motorola estimates Jin stole roughly $600 million in corporate intellectual property. US District Court Judge Ruben Castillo convicted Jin in February 2012, five years after she was minutes away from fleeing to China. Judge Castillo stressed the critical nature of innovation in handing down Jin’s sentence. “In today’s world, the most valuable thing that anyone has is technology. The most important thing this country can do is protect its trade secrets.” The Hanjuan Jin case highlights the persistent problem of economic espionage and how foreign governments and corporate competitors can recruit a trusted insider to steal critical information. The most critical asset of any organization is intellectual property. As stated by the former Commander of the United States Cyber Command and Director of the National Security Agency, General (retired) Keith Alexander, the ongoing theft of IP is “the greatest transfer of wealth in history.” The greatest threat to robust security measures that protect this information is often the trusted insider—the Robert

Hanssen or Edward Snowden—that is able to exploit information from within the company firewall.

The Honey Trap In 2011, Benjamin Pierce Bishop, a married 57-year-old US defense contractor with Top Secret security clearance, met a 25-year-old Chinese woman on a student visa. The two met in Hawaii during a conference on international military defense issues and began a romantic affair that lasted some eighteen months. During that time, Bishop allegedly passed national defense secrets, including classified information about nuclear weapons and defense strategies for the entire Pacific region, to his much younger girlfriend on multiple occasions. On March 15, 2013, Bishop was arrested and charged with willfully communicating national defense information to a person not entitled to receive such information and unlawfully retaining documents related to the national defense. In March of this year, Bishop pled guilty to willfully passing secrets, but argued in his defense that he did so to help his girlfriend with her graduate studies. While the FBI has not revealed the name or any details regarding the Chinese national (called “Person 1” in the affidavit), the odds are that the romantic relationship was a “honey trap”, a false relationship set to romantically entwine Bishop in return for secrets.

Above: Robert Hanssen’s package of hidden secrets, tightly wound with black plastic and duct tape. Left: Hanssen slipped the rectangular package under a bridge’s support strut, completely hiding it from view.

One of the more prolific ways to recruit an insider is also one of the oldest: foreign intelligence agencies routinely enlist beautiful women and men to trap unsuspecting spies. In the last few years, a number of breaches of security in Western countries have occurred through the honey trap—a long standing spy method where an attractive woman or man targets a “mark” who has insider access to desired information, and then seduces them to either trick them into providing the information voluntarily

or blackmail them into handing it over. In recent years, the Chinese have used this espionage method to compromise security information in the United States, the United Kingdom, France, and Canada, just to name a few. A typical honey trap scenario often begins very subtly. An attractive person will cultivate a personal relationship with the target, often using flattery and flirtation. The honey trap will often have researched the mark and will use social engineering (trickery)

to spin a cover story that reels the target in. Take, for example, a younger beautiful woman who approaches an older man sitting alone at a bar during a technology conference. She learns his name and his employer from the name badge most conferences require personnel to wear, and perhaps she attended a breakout lecture he gave on a technology that her company or foreign intelligence service is targeting. She seduces the target that night and then continues the relationship using flirtation, sex, and further meetings. If he is married, she will record the sexual interactions. At some point, she will ask the target for a favor, seeking to use the emotional connection and trust she has fostered to convince him that she will not use the information to harm him or his 163 business. She will say that she needs the information only to help her get a promotion or some other story. At first, the requests will be for small things that are not significant security breaches but would cause the target trouble if it became known that he was passing the information. As the relationship progresses, the spy will request more critical and sensitive information from the enamored target. If the target has a moment of conscience, the honey trap can then turn to blackmail—using both the affair and the threat of criminal prosecution—to hook the target as a source for further information. Numerous business executives have fallen prey

to the honey trap, often at the cost of professional reputations and loss of critical intellectual property. Unfortunately, training to identify a potential honey trap and resist the urge to bed a spy is rarely part of Western business counterintelligence training.

The Worst Possible Place

164

Eric O’Neill

While working undercover on the Robert Hanssen investigation, Hanssen lectured me on what he called the central precept to any informed counterintelligence operation: “the Spy is in the Worst Possible Place.” Hanssen explained that the spy is in the place where he is able to access those secrets that will create the most damage based on the spy’s knowledge of who to provide those secrets to in order to make the most money for them. This cost benefit analysis of spying, straight from the mouth of America’s top spy, suggests that an insider relies on three critical points in order to spy successfully: (1) knowledge of relevant secrets that others want; (2) ability to access those secrets; and (3) understanding of where to sell the secrets for the maximum gain. Robert Hanssen most likely began his twodecade espionage career for financial gain. Indeed, when Hanssen explained what he called “Hanssen’s Law”—that the spy is in the worst possible place— he had sketched his entire career as a spy. As a

senior member of a counterintelligence unit focused on the USSR, Hanssen had access to a wide variety of confidential internal information of significant value to his Soviet handlers. As a trusted insider, he was able to access that information without creating suspicion. Finally, Hanssen’s detailed knowledge of the Russian opposition’s intelligence gathering practices provided Hanssen the perfect understanding of

whom he should approach with the stolen information in order to put the most money in his pocket. Snowden, on the other hand, appears to have acted because of an ideological stance that NSA’s collection practices went above and beyond what was required to protect the interests of United States citizens (although this is subject to speculation). As a trained systems administrator with access to the NSA’s systems, Snowden knew the release of the NSA information would create a massive media stir and draw intense attention on a world stage. As a trusted insider, Snowden had the capability to both collect information with his own access and to use social engineering (or trickery) to convince others to provide him their access. Finally, Snowden knew that providing the information to The Guardian newspaper—and potentially to intelligence agencies in China and Russia—would enable maximum exposure of the NSA’s activities in order to damage the ability of the NSA to continue those practices into the future. Hanjuan Jin appears to have spied for a combination of financial gain, ideology, and divided loyalties—the trifecta of spying. While she was paid some $30,000 in cash for her spying (and potentially more that may be waiting for her in China), she also chose to flee to China only days after becoming a naturalized citizen of the United States. The timing

Above: Eric O’Neill was featured in Auburn Magazine in the spring 2007 edition.

suggests that her spying had the double benefit of both a return to China and significant financial gain.

Why Spy? Financial gain and ideology are only two of the many reasons that an insider will spy. Generally, the basic motivations for committing espionage include

money, ego, ideology, coercion, or blackmail—and in more recent years, divided loyalties. These motivations are not mutually exclusive and most spies are motivated by more than one. However, what induces an otherwise loyal employee to turn is more art than science. The exact qualities that are “flags” to security professionals can also be indicators of a top performer and someone worthy of promotion. The key to detecting the insider threat is having a real-time collaborative program where all members of the community recognize their role in protecting the security. Someone who engages in espionage, whether for a state or a commercial competitor, must have more than just a motivation to spy. Espionage 165 requires an opportunity to betray, motivation to commit the crime, underlying character weaknesses, and finally, a stressful trigger event to set things in motion. Common weaknesses include, but are not limited to, greed, impulsivity, narcissism, feelings of entitlement, an arrogant attitude that the rules only apply to others, vindictiveness, alienation, paranoia, naiveté, and thrill-seeking. People who have these types of weaknesses are not guaranteed to spy. However, individuals with these behavioral traits are at increased risk for maladaptive or counterproductive behavior in response to significantly stressful life events. Likewise, serious personal problems are not

necessarily indicators of misconduct. It is the combination of these factors that can lead to an individual’s decision to commit espionage. For any company or national agency, the trusted insider represents the most dangerous threat. This is a person who, by virtue of their position, has the authorized access to authorized systems as a part of their daily duties but is using it to do unauthorized things. They know inside information and the secrets of the organization and are granted access to both physical locations and networks. They have access to and relationships with personnel at all levels of the organizations and know exactly how to cripple the organization as well as what keeps it 166 afloat. They are the “spy in the worst possible place.”

Spy Hunting Exact costs associated with insider threats or loss of intellectual property and trade secrets are difficult to determine because many companies choose not to report breaches. However, according to the Commission on the Theft of American Intellectual Property, annual losses of US intellectual property are estimated at over $300 billion. China accounts for 50-80% of the problem, depending on the industry (CERT Software Engineering Institute, 2013). And according to the CERT Division of the Software Engineering Institute (2013), 53% of sur-

veyed companies experienced an insider incident, with the most common incidents being unintentional exposure of private or sensitive data; theft of intellectual property; unauthorized access to or use of information, systems, or networks; and theft of other proprietary information, including customer records and financial records. The companies surveyed also articulated that although external actors committed the majority of electronic crime events, those perpetrated by insiders were more costly or damaging to the organization. According to a Cisco (2008) study, 11% of employees reported that they or fellow employees accessed unauthorized information and sold it for profit or stole computers. And in the last four years, the FBI has doubled the number of trade secret arrests, with the vast majority of those prosecutions involving insiders. An insider threat program is a critical component of the broader security strategy that every responsible company must establish. There are ten key ways an organization can address the trusted insider dilemma (Houhoulis, & O’Neill, 2014):

2. Create and maintain a culture of accountability and security where IP protection is seen as everyone’s responsibility. Set up an anonymous “hotline” for employees to report suspicious behaviors or concerns.

1. Identify and compartmentalize your key information and technology so you know who has access to critical information. Don’t put all your eggs in one basket!

5. Conduct training for managers on at-risk behavioral traits that indicate an increased likelihood of insider spying, including unreported foreign trips, seeking proprietary or classified

3. Ensure coordination and collaboration between HR, security, IT, and the GC. Employee activities should be viewed holistically and every department (and employee) should see their role in protecting the company. The best asset in an organization is the employee that has the training, awareness, and dedication to spot an issue and the courage to raise it to management. 4. Know your employees. According to CSO Magazine’s 2012 CyberSecurity Watch Survey, organizations that experienced cybercrime perpetrated by an insider in the previous 12 months reported that 51% of the insiders violated IT security policies and 19% were flagged for behavior and/or performance issues.

information unrelated to work duties, paranoia about being investigated, and disproportionate anger over career disappointments. 6. Review user accounts and remote access needs. Disable user accounts when necessary upon departure (or before) or while on longterm leave. The CERT Insider Threat Center (2013) determined that in more than 70% of IP theft cases, insiders stole the information within 30 days of announcing their resignation. 7. Implement and monitor audit technology. Hanjuan Jin was using her remote access from China and while away from the company on medical leave. Additionally, she was downloading massive volumes of data from the internal network. With an auditing program, these activities could have been detected earlier or possibly prevented. 8. Develop a training program for employees that addresses subtle spy tradecraft such as social engineering and the honey trap. 9. Develop and maintain a business continuity program to maintain operations in the event a crisis strikes. Internal penetrations may be malicious and destructive, crashing servers and

167 In March 2014, former FBI investigative specialist, Eric Oâ&#x20AC;&#x2122;Neill, addressed Auburn University students as part of the New Horizons Lecture series.

compromising the ability to carry out operations. A plan to keep the wheels turning at the same time the crisis is managed is critical to minimizing the damage. 10. Remember Hanssenâ&#x20AC;&#x2122;s Law: the spy is in the worst possible place. Acting shortsighted or complacent about security will make you a target for spies.

Digital Technologies and Memory

B y S t e wa rt W h i t t e m o r e

What Aristotle Can Tell Us about Managing Computer Data

e live and work in an age in which information bombards us 24 hours a day, seven days a week, and 365 days a year. We are literally awash in a sea of data, and we must dedicate an increasing percentage of our working lives attempting to stay on top of it and manage it for our various projects. But how often do we actually take the time to step back and consider broader implications and applications of our information managing practices not just within individual projects but across all of our projects and across all of our relationships? For most of us, moments of deeper introspection tend to occur only after something goes wrong—when our hard drive crashes, when we lose our smartphone, or when we realize that we can’t locate that crucial bit of information that the boss needs right now. We recover from these moments with vague resolutions to do better in the future, but most of us rarely follow through on our resolutions—or, worse, we draw the wrong conclu-

Aristotle

sions from them and start, for instance, attempting to save everything, which leads us to that great pitfall of the information age: information overload. What we need, both collectively and individually, are better approaches to managing our information, approaches that compel us to mindfully connect our efforts to preserve and store our information with our subsequent efforts to retrieve and use it in a timely and appropriate manner. What we

need, in other words, are strategic approaches to memory work that will enable us to recognize and discriminate potentially useful information from the mass of incoming data that will help us save this information so that it remains meaningful and accessible in the future and so that it will help us transform it into genuine knowledge that we can use to communicate in our endeavors. 169 My research takes up this task of achieving a strategic perspective to memory work by exploring that of individuals within their work teams and organizations in an attempt to better understand current approaches and to inform the design of tools and procedures used to accomplish these goals in the future. I became interested in this subject after serving on a multi-year, multimilliondollar project to implement a content management system (CMS) at a Fortune 100 company. The ostensible purpose of a CMS is to place all of an organization’s knowledge at workers’—in my case, at technical writers’—fingertips: ideally, the writer

170

would be able to locate and repurpose any piece of information for incorporation into any sort of document or deliverable with speed, ease, and minimal effort in reworking. In practice, however, the CMS that we implemented proved to be very difficult to use: the sheer volume of information made it difficult to locate what you wanted, and a cumbersome user interface made it difficult to use information in writing. The information was there, but no one could use it. From this experience, I became convinced that we were approaching information manipulating memory work in the wrong way. We were looking at storage disconnected from its conditions of use, approaching them as separate problems because we were operating from a false model of human memory, a model that viewed human memory as analogous to the function of a computer, where input, storage, and output function as discrete processes. However, human memory is not analogous to a computer hard drive. Merely retaining information is not our ultimate goal; as human beings, we also want to communicate and manipulate information in new and creative ways in our tasks. This is where my academic training in the field of rhetoric and my professional training as a technical writer came together to offer insights. The study of rhetoric has

always asserted that memory work, the manipulation of stored information, plays a central role in the creative processes of communication. Like technical writing, rhetoric is a productive art, an art concerned with making or creating meaning through words and other forms of communication. In rhetoric’s original formulation in the law courts and public assemblies of ancient Greece and Rome, memory was given pride of place as one of the five interconnected divisions or “canons” of rhetoric that describe the creative process. As one of these essential divisions, memory was honored as “not an alternative to creativity … but the route to it” (Carruthers, 1990, p. 192). Ancient rhetorical theory, therefore, held that the process of retrieving and adapting existing information to the needs of variable “real world” situations was essential to the creative process by which communicators determine what to say and how to say it to meet the needs of their audiences. In other words, rhetorical theory makes explicit the connection between memory storage and use that contemporary computational approaches overlook. My explorations in the rhetorical memory tradition ultimately led me to Aristotle, whose theories of cognition and memory underlay the practice of rhetoric in ancient Greece and Rome. Critically,

Aristotle emphasized knowledge as human activity—as something you are or do rather than something you possess—and emphasized the role of bodily senses—sight, hearing, taste, touch, and smell—in helping us remember and think. Unlike computers, people have bodies, which serve as our interface with the world. Our bodily senses determine both what we retain in memory and what we are subsequently able to do with these memories. Based largely in Aristotelian ideas about memory and the senses, Roman rhetoricians like Cicero perfected techniques that we might think of as the first “software” for memory: the mnemonics of the ars memoria, the art of memory. These mnemonics entailed formulating vivid mental images associated with pieces of information we want to remember and then imaginatively “placing” these mental images in some real or imagined architectural space—memory theaters, palaces. Then, when the stored information is needed, when, say, we are called upon to give a speech, we are able to flexibly and adaptively retrieve or recall the information just by imagining ourselves walking through the memory palace and observing the images that decorate it. The key to the whole system, however, was habit: in order to be effortlessly recalled, the images and spaces had to be “walked” through in our imaginations repeat-

edly until the memory palace became as familiar to us as the experience of strolling through our own homes. So, the mnemonic functioned in three stages: first, a piece of information must be noticed and attended to; then, it must be associated via an act of the imagination with a familiar image and place; and, finally, the process of retrieving must be practiced until it becomes habitual. This three-part schema was also expressed in the theory of learning that underlied Roman education, which asserted that learning proceeds via precept, imitation, and habit. The learner must first pay attention to the matter at hand (precept), the learner next attempts to preserve or store this matter by putting it into forms that are meaningful and accessible (imitation); and, finally, the learner transforms the information into knowledge via repetition (habit). In short, the ancient rhetoricians, beginning with Aristotle, maintained that information becomes knowledge when it is personalized and transformed for the individual via the senses and imagination. This connection between the embodied senses and imagination described the connection between storage and retrieval, between information and knowledge that computational models lack. Now, all of this may seem rather esoteric and far removed from twenty-first-century concerns.

Contemporary work and life are, of course, far more complex, and the amount of information that we must manage appears far greater than anything someone in a toga might have experienced, but my research shows that Aristotelian approaches to memory work and learning remain relevant and may offer insights to the designers of the next generation of CMSs and other memory-aiding software. I will offer a particular bit of data from one of my research studies as an example. This study focused on the information-managing memory work of a team of technical writers at a software company. One of the research methods employed in the study compared the technical writers’ descriptions of their information manag171 ing work processes (collected via videotape during interviews) with their actual performance of these processes as part of their routine job duties (again, collected via videotape and screen recordings during work sessions). The data below was collected during an interview and subsequent observation session with a technical writer whom we will call Rose. Below is a transcript of Rose describing the contents of the file folder in which she stores information related to each of her company’s software product releases (termed Sprints) that she maintains on her hard drive:

172

Figure 1.

Figure 2.

Figure 3.

“I have a Sprint folder [running the fingers of her right hand along the table. See Figure 1] and then in there I have different things. But I have one folder called ‘Features’ [moving her gesticulating hand toward herself and to her right. See Figure 2] and in the folder ‘Features’ I have a different folder for each of the things that we are working on [continuing the direction of the gesture. See Figure 3]: ‘Power . . .’ [interrupting self] ‘PPT,’ um ‘Undo,’ um [looking off into distance for several seconds. See Figure 4] ‘Camera Recording.’ Just everything that we are working on, and then I have

in a nearly perfect example of a movement that language and gesture researchers refer to as a “speech failure gesture,” Rose pauses and looks off into the distance while trying to recall the name of another subfolder, which she ends up calling “Camera Recording.” Rose is right-handed and uses her right hand exclusively to control her computer mouse when working. The form of her gestures, therefore, indicates that the memory that fuels Rose’s description of her product information folder is contained not just in her mental recreation of the visual image of her folder structure on her hard drive but also in the kinesthetic memory of her right hand. That is, the motion of Rose’s hand as she describes the folder structure in the interview mirrors the

motion of her hand as she guides her mouse cursor to navigate the folder and subfolders in Windows Explorer during the work session; Rose’s hand follows the same path. In short, Rose’s gestures reflect her memory image point of view of one of her typical activities, but they also demonstrate that this memory image is composed of both visual and kinesthetic components: Rose’s hand remembers just as much as her brain. Most importantly though, by comparing Rose’s gestures with the momentary lapses noted in her description of the contents of her folder—her mid-word self-correction from “Power-” to “PPT” and her pause to remember another subfolder—it becomes apparent that Rose’s gestures do not merely help her display her memory image of

those documents in there.” Notice that, during this description, Rose experiences two memory “lapses.” First, Rose begins to describe one feature folder as “PowerPoint” but interrupts herself and instead says “PPT.” Second,

Figure 4.

Figure 5.

the folder structure but that the act of gesturing actually helps her to remember the information, to actively reconstruct it from memory. That is, if her attention was focused primarily on describing the folder’s contents with maximum clarity, Rose would likely have finished the word “PowerPoint” and left it at that, but, as her pauses and frequent “ums” indicate, she instead appeared to be focusing a great deal of her attention on just remembering those contents. So, as she scanned her mental image with the eyes of her mind and touched it with the memory of her hand, she was able to list the contents as she saw them—“PPT” instead of “PowerPoint,” as Figure 5 reveals. Rose’s picturable and touchable folder spaces, then, serve a multisensory mnemonic function for her as she attempts

to remember and articulate their contents. This incident illustrates one function that browsing serves for Rose: it is a practice that translates product knowledge into a form that she can see and interact with. By repeatedly browsing this structure as she accesses and uses her working files on a daily basis, Rose memorizes the product’s history and trajectory, thereby completing a learning process initiated each morning when she arrives at work. For Rose, the information-managing memory work entailed in habitually navigating the folder structure on her hard drive becomes a key mechanism through which she learns about her company’s products. In short, I am arguing that Rose’s browsing is a form of learning: the activity of repeatedly navigating up and down her hierarchi-

cally organized archive of product information (i.e., the files and folders) enables her to learn and master the history and evolution of the company’s products. To sum up—and to relate my contention that ancient insights about the importance of embodied senses making information memorable and usable remain relevant today—I suggest that this analysis reveals that finding activities like browsing a folder structure on a hard drive are not solely means to other ends but are themselves part of the learning process in which information passes into memory and becomes knowledge.

173

Aaron Trehub

Leading the Digital Library

212

Perhaps nowhere on campuses is the rise of cyber more evident than in university libraries. The traditional view of a library is a building that houses rows and stacks of print books and bound journals where faculty and students can browse titles and pull resources off shelves. But this image is fading, being replaced by virtual collections of digital books and journals where faculty and students use cyber interfaces to access information. Bookshelves are receding and making way for open spaces with technology-friendly furniture and electric outlets that charge computers, tablets, and cell phones. Aaron Trehub has helped the Auburn University Libraries through this transition. As the Assistant Dean for Technology and Technical Services, he oversees Auburn Universityâ&#x20AC;&#x2122;s large collection of digital holdings, helps researchers utilize those resources most effectively, and works with faculty and students to develop even more virtual collections. Like the careers of many people who work with information technology, Trehubâ&#x20AC;&#x2122;s career took a

circuitous route. He began as a specialist in Slavic studies, working as a Soviet affairs analyst for Radio Free Europe/Radio Liberty (RFE/RL) in Munich, Germany during the 1980s. During the Cold War, RFE/RL served as a surrogate domestic news and information service to the Soviet Union and the Eastern bloc countries. To support this effort, these radio outlets collected large amounts of information about Soviet politics and culture. Trehub worked in a research office that received this information managing stacks of news articles from Soviet and Western publications, wire services, and radio and television broadcasts. He spent his days sorting, cataloging, and analyzing disparate information to help RFE/RL stay on top of developments in the USSR and Eastern Europe and to address those developments through its own radio broadcasts. He also wrote articles for RFE/RL’s weekly research bulletin, a subscriptionbased publication that was used by specialists in academia and government. In many ways, RFE/RL’s system was an analog version of what many databases do now, and it led Trehub to an interest in information processing. “Different ways of [sorting and classifying information] were glimmering on the horizon, and that’s how I got interested in information processing. Through that experience of trying to organize this

fire hose stream of information I had to deal with every day and isolating the relevant things—classifying them, describing them, filing them, making them retrievable—I thought, ‘This is really interesting work in its own right. So, what if I want to do this for a living?’ And the natural answer was: get a degree in library science or information science. So that’s what I did.”

From Radio Research to Faculty Research As the head of IT for the library, Trehub now helps others find ways to store, process, and analyze digital collections of information. Two of his major projects involve helping Auburn researchers

make their work more accessible using digital technologies. The first is through AUrora, an institutional repository of published articles, conference presentations, and other digital research artifacts produced by Auburn faculty and students. AUrora is an online database, much like the library’s card catalog, but unlike many of Auburn’s licensed databases, the content in AUrora is free and open to the public. As Andrew Wohrley details in his article, “Open Access, Libraries, and Cyber,” librarians not only make this service available, but they also educate Auburn’s faculty and students about the copyright issues surrounding open access of published works. Trehub spearheaded the AUrora project, which went online in 2013, and since 213 then, he and colleagues in the library have spent considerable time and effort promoting its use. Trehub sees AUrora as a part of Auburn’s service to the citizenry: “As a land-grant university, one of the three pillars of Auburn’s mission is outreach or extension. We have an obligation to share the fruits of our work with the public. In the first instance, Alabama residents, but really, the world at large. This is a way to do that.” More recently, Trehub has helped scientists around campus with another project that makes their research more visible and accessible to the public, but this project focuses on large research

214

data sets rather than published articles and books. Major funding agencies like the National Science Foundation and the National Institutes of Health are requiring their grantees to submit plans for managing data generated by their research. But a lot of research, particularly in the sciences, produces large amounts of data, so data management can seem daunting. Trehub helps Auburn researchers find efficient and accessible ways to comply through projects like the SPIRIT Storage Array, a collaborative effort by the College of Sciences and Mathematics, the Harrison School of Pharmacy, and the College of Human Sciences aimed at helping Auburn researchers comply with federal data-management requirements. Systems like the SPIRIT Storage Array will help support “Big Data” projects—research that compiles and analyzes large datasets to discover new knowledge. Trehub views data management as both a resource for researchers and as a way to build Auburn’s reputation for research, and the library plays a vital role in this process: “We are always thinking about ways that we can help raise the profile or encourage funded research at Auburn.”

Witnessing Technological Change Since his time in graduate school, Trehub has watched the rise of digital technologies and observed the changing ways people read, write, and think. He obtained his Masters of Library and Information Science in 1992 from the University of Illinois at Urbana-Champaign, which has one of the largest academic libraries in the country. The 1990s were an exciting time to be at the University of Illinois because it was also a major hub of innovation for the Internet. In fact, Trehub even witnessed an early demonstration of NCSA Mosaic, one of the first graphical web browsers that helped popularize the web. Graduate school experiences like this early glimpse of the digital future led him to a great enthusiasm for the possibilities of networked communication. But Trehub does not consider himself an uncritical champion of new technology. Even though he promotes digital technologies on behalf of the library, Trehub grew up in an analog world and is aware of technology’s limitations: “As somebody who was educated in the paper world and who has made his career essentially in the digital world, I understand the virtues of the old system. I think that it has certain advantages over the digital world when it comes to cognitively assimilating informa-

215

tion. I think that there is a kind of brain work that you do when you are reading a book or processing a traditional linear text, without the distractions and embellishments that you get online, that is very valuable and may even be superior to the experience of working online.” This critical approach to technology is evident in Trehub’s own research. Although he writes and speaks about digital libraries, he continues to study the intersection of history and literature in the analog age. Like many of his generation, Trehub also prefers to read scholarly work in print and prints out most research materials.

Trehub’s unique background—combining the publishing traditions of twentieth-century communication with the fast-paced networked technologies of the new millennium—prepares him well to help Auburn University move into a new era of scholarly research. When working with faculty and students, he contributes a knowledgeable, reflective perspective on technology and its impact. At the same time, he welcomes the opportunity to open Auburn University’s research and discovery to the world.

By Ben Denton

226

Facebook Capture the Flag

Cyber Tales from the ARRRG Sea

veryone enjoys playing games. The challenges and victories drive thrilling competitions. In cyber security, Capture The Flag (CTF) is a game consisting of a series of puzzles, hacking challenges, or other security “obstacles” that when solved will produce a “flag.” This flag is usually a string of characters that when turned in to the scoring system will award the team with points. As with most games, the team with the most points wins. Playing cyber security CTFs is a great way to gain experience with the challenging aspects of cyber security. Developing technical skills within cyber security can be difficult for a student who can’t afford expensive training. I faced this challenge as a graduate student in Computer Science at Auburn University. Practicing many of the techniques or tools taught in the different cyber security courses at Auburn could have landed me in some hot water if I used them on computer systems that were not mine, but breaking into a computer network that I built would not be much fun or educational. I would

already know all the passwords and any potential holes in that system’s security. Playing CTFs in a team sharpens cyber security skills in a safe, fun, and educational environment. In the breaks between procrastination and brilliance while working on my dissertation, I was able to participate with other Auburn students in a few CTFs. One of these CTFs was hosted by Facebook at the University of Alabama in Birmingham’s

“Edge of Chaos” facility. This CTF was designed and run by Facebook Security. Teams from Auburn University, University of Alabama in Birmingham, University of Alabama in Huntsville, University of South Alabama, and Tuskegee University—as well as a computer club from Hoover High School in Birmingham—all competed for cash prizes in a CTF focused on education, not just on competi223 tion. Some of the team names included “Will Work for Bitcoins,” “Terrorform” (an all female team), and “//TODO.” The Auburn University team consisted of four graduate students all researching topics in cyber security within the Auburn Cyber Research Center in Auburn’s Samuel Ginn College of Engineering. None of us had much CTF experience, but we were eager to learn and ready to win! We named our team “Pirates of the Arrrg Sea”—bonus points to you if you get the programming joke. Let me describe the game itself. In general, a cyber security CTF is made up of many challenges

224

and puzzles, with more difficult challenges awarding more points than easier ones. These challenges are usually accessible through a local website and organized in levels according to difficulty or points. A “Jeopardy” game board is a common way to display challenges, where each column of challenges falls under the same category and the easier or lower value challenges have to be answered before the more difficult or valuable ones are available. More advanced CTFs take an attack/defend model, where a team can only score points while maintaining access to a computer system or service while preventing another team from taking control. An example of an easy challenge might be a

website with a simple “Password:” field and a submit button. This challenge is looking for a correct password before it will give you a flag. The correct password is hidden in the source code for the webpage, requiring a few clicks to discover by viewing the page source. Another simple, yet deceptively easy, solution could be that the correct password is no password. An overly eager hacker might ignore a blank password when beginning manual-brute force attempts. More difficult challenges might ask the hacker to exploit a common bug in a small piece of sample software such as a stack overflow, extract some specific data from recorded network traffic, or

reverse engineer a cryptographic algorithm. Many of these challenges are inspired by problems faced by cyber security engineers in their day jobs, so solving these challenges can be great opportunities for relevant experience in cyber security. The Facebook CTF featured four categories: Reverse Engineering, Web Application Security, Network Forensics, and Systems Engineering. Each category had three challenges each. A final challenge was introduced later in the game that incorporated aspects of all the categories. The CTF was loosely based on the game, “Risk,” with the challenges associated with countries. Capturing a flag from a challenge conquers that country for

your team. Points awarded for conquering a country decrease a small amount for each change of control until a base amount is reached. A winning strategy for the Facebook CTF required teams to be able to solve challenges quickly. Reverse engineering in cyber security is the difficult task of taking a piece of software apart and understanding what it does. This can be much easier if you have the source code for the software, but often source code is not available so you must rely on disassembling the software to determine its functionality. Reverse engineering challenges require the hacker to extract data and code from software and then use that data and code to manipulate the behavior of the software to reveal the flag. The web has proliferated in nearly all aspects of life, so securing applications that run on the web is a major challenge. CTF challenges in the Web Application Security category mimic common mistakes made by software developers in designing and building web applications. Solving these challenges requires in-depth understanding of how a website interacts with a web browser including the various programming languages used by websites and some common mistakes made in those programming languages. Unencrypted communications between

computer systems can be captured and analyzed. The challenges in the Network Forensics category require the hacker to dissect captured network traffic and extract details about what was occurring on the computer systems. The final category of challenges in the Facebook CTF, systems engineering, tested one’s knowledge of computer systems security. Out of the box, most computers have poor security, so these challenges focused on identifying and exploiting common systems engineering mistakes such as weak passwords or poorly configured security settings. The game itself turned out to be a lot of fun. Each team connected over a wireless network to the game network and the rules forbid any malicious activity outside of the game itself. Most CTFs enforce this rule to keep the game civil and will ban players that attempt to attack other players or the game servers. We were able to play for about four hours with a break given for lunch, although most of us kept working on challenges. About half the teams were able to score points consistently with two teams swapping between first and second place. After the lunch break, the Facebook team announced they would allow players to give hints to other teams that were struggling. Most of the challenges had been solved at this point and the top teams were

scoring points much more slowly. Players were not allowed to directly give another team an answer but could help guide the other team towards the solution. This turned out to be a great opportunity to help another team learn something new and earn half the points for both teams. By this point the Auburn team had exhausted all the challenges we were able to solve, leaving only a couple remaining unsolved. So we took to the streets to help the other teams with challenges they had not solved yet. After all the dust settled, the “Pirates of the Arrrg Sea” sailed into second place. One of the UAB teams captured more of the flags first, scoring bonus points. Although we solved all the same challenges, they were able to outscore us 225 by a few points. Much like our 2013 football team, the Auburn “Pirates of the Arrrg Sea” CTF team settled for second place with only seconds separating us from the trophy. But we learned a lot from both the CTF and the practice sessions we held prior to the game. Facebook’s Security Team put on an excellent CTF, and thanks to UAB for hosting the event! The views expressed in this paper are those of the author and do not reflect the official policy or position of the US Government, the Department of Defense, or any of its components.

Editing Class

It Took a Village: Auburn Speaks Collaborates with Master Communicators by Michelle Sidler

226

In the same way that money doesn’t grow on trees, books don’t appear out of nowhere with clean editing and formatting. Publications with lots of authors like Auburn Speaks take hours of different types of editorial work, including corresponding with authors, reformatting text and images, revising prose, and of course correcting grammar. As Managing Editor, I knew that editing all of Auburn Speaks is a big task, one that would be difficult for me to accomplish alone. So, I enlisted the help of Susan Youngblood, an Associate Professor who teaches ENGL 7000, a graduate-level course at Auburn in Technical and Professional Editing for the Master of Technical and Professional Communication (MTPC) program, located in Auburn’s Department of English. She assigned each of her graduate students two chapter manuscripts from this year’s Auburn Speaks to edit.

able, exciting, and even frustrating—as are most editing situations. The staff at Auburn Speaks wishes to express their gratitude for the hard work of these students and for Youngblood, who graciously opened her classroom for this experience. Their diligence and hard work helped insure that this year’s Auburn Speaks has a professional and clean finish.

ENGL 7000 CLASS

Students were required to edit for prose clarity and correspond with authors to gain approval of the revisions. They also performed line-by-line editing using track changes to keep a record of their editing changes. Finally, students were asked to reformat the manuscripts to comply with past issues of Auburn Speaks as well as proper citation practices.

In all, ENGL 7000 students edited over half of the feature and profile pieces in this year’s issue. They also revised and updated the Auburn Speaks Style Guide, our handbook of proper editing and formatting. In exchange, the students gained first-hand experience with many stages of the editing process in a real world context, one that was often unpredict-

Susan Youngblood, Associate Professor Meredith Baumann Keith Beard Bethany Broderick Jessica Caceres Blaine Ely Myra Girard Jill Glover Troy Johnson Emily Lacey Jessie Lambert Jada Rowlett Virginia Spears

227

References Editor’s Note by Robert Norton, pages 10-13

Back to Our Roots: Digital Humanities and the

Schilling, C. R. (2013). Knowledge doubling every 12 months, soon to be every 12 hours. Industry Tap. Retrieved from http:// www.industrytap.com/knowledge-doubling-every-12-monthssoon-to-be-every-12-hours/3950

History of the Book by Derek G. Ross and Emily

Forecasting Cyber Effects: Modeling and Securing Real World Ecosystems by David Umphress, pages 40-47

228

American Dialect Society. (1996, December). Cyber extra! New York Magazine, 23. Retrieved from http://www.americandialect. org/woty Department of Defense. (2014). Instruction 8500.01. Retrieved from http://www.dtic.mil/whs/directives/corres/ pdf/850001_2014.pdf Gibson, W. (1984). Neuromancer. New York, NY: Ace Books. Pew Research Internet Project. (2013). How Americans Go Online. Retrieved from http://www.pewinternet. org/2013/09/25/how-americans-go-online/ Wiener, N. (1948). Cybernetics: Control and communication in the animal and the machine. Paris: Technology Press.

C. Friedman, pages 84-90 Basbanes, N. (2014, July 28). [Presentation] Lecture presented at Summer 2014 session of Rare Book School at the University of Virginia. Charlottesville, VA. Belanger, T. (2014). Descriptive Bibliography. In J. Peters (Ed.), Bookcollecting: a modern guide (pp. 97-101). New York: R. R. Bowker. Retrieved from http://bibsocamer.org/publications/ bibliography-defined/ Goldfarb, C. (1981). A generalized approach to document markup. Proceedings of the ACM SIGPLAN SIGOA symposium on text manipulation. (pp. 68-73). New York, NY: ACM.

Dewey, C. (2014, August). Yes, the Facebook messenger app requests creepy invasive permissions. But so does every other app. All Things Now. Retrieved from http://www.allthingsnow.com/ week/news/shared/47860438/Yes-the-Facebook-Messengerapp-requests-creepy-invasive-permissions-But-so-does-everyother-app Greenberg, A. (2014, September). The police tool that pervs use to steal nude pics from Apple’s iCloud. Data Security & Compliance. Retrieved from http://datasecuritycompliance.blogspot. com/2014/09/the-police-tool-that-pervs-use-to-steal.html Green Revolution Cooling. (2015). Retrieved from http://www. grcooling.com

and John Fulton, pages 104-107

Keizer, G. (2013, August). Researchers outwit Apple, plant malware in the App Store. Bloomberg Business. Retrieved from http://www.computerworld.com/article/2483867/malwarevulnerabilities/researchers-outwit-apple--plant-malware-in-theapp-store.html

Mayer-Schonberger, V., & Cukier, K. (2013). Big Data: A revolution that will transform how we live, work and think. London: John Murray.

Koomey, J. (2013, September). Growth in data center electricity use 2005 to 2010. Retrieved from http://www.mediafire.com/ view/8ema554a2ho9ifj/Stanford_eBay_Case_Study-_FINAL-130926.pdf

Agricultural Analytics: Harnessing Data to Feed a Hungry World by James Langcuster

Healthcare by Mark Burns, pages 76-81

Auburn’s Wireless Engineering Program by

Bergrath, S., Czaplik, M., Rossaint, R., Hirsch, F., Beckers, S. K., Valentin, B., . . . & Brokmann, J. C. (2013). Implementation phase of a multicentre prehospital telemedicine system. Scandinavian Journal of Trauma, Resuscitation and Emergency Medicine, 21 (54) doi:10.1186/1757-7241-21-54

Richard Chapman, pages 108-115

Lawrence, D. (2014, July). Google’s Android has a fake-ID problem. Bloomberg Business. Retrieved from http://www. businessweek.com/articles/2014-07-29/googles-android-has-afake-id-problem

Constantin, L. (2014, August). Android vulnerability still a threat to many devices nearly two years later. PC World. Retrieved from http://www.pcworld.com/article/2460760/android-vulnerability-still-a-threat-to-many-devices-nearly-two-years-later.html

Rosenblum, A. (2014, August). Mysterious phony cell towers could be intercepting your calls. Popular Science. Retrieved from http://www.popsci.com/article/technology/mysterious-phonycell-towers-could-be-intercepting-your-calls

Revolution in Medicine: The Cyber Revolution in

Safeguarding the Wireless World: Security and

Science of Simulation: Virtual Systems, Real

rence, part I. Computer Fraud & Security, 4, 16-19.

Answers by Levent Yilmaz, pages 144-149

Holt, T. J., & Bossler, A. M. (2014). An assessment of the current state of cybercrime scholarship. Deviant Behavior, 35, 20-40.

National Science Foundation. (2006). Simulation-based engineering science. Retrieved from http://www.nsf.gov/pubs/reports/ sbes_final_report.pdf

Hacked Off: The Sociology of Cybercrime by Greg Weaver, pages 150-157 Ablon, L., & Libicki, M. C. (2014). Wild wild web: For now, cybercrime has the upper hand in its duel with the law. RAND Review 38(2). Retrieved from http://www.rand.org/pubs/periodicals/rand-review/issues/2014/summer.html. Auray, N., & Kaminsky, D. (2007). The professionalization paths of hackers in IT security: The sociology of a divided identity. Annales Des Télécommunications, 62, 1312-1326. Chandler, A. (1996). The changing definition and image of hackers in popular discourse. International Journal of the Sociology of Law, 24, 229-251. Collins, R. (1985). Three sociological traditions. New York, NY: Oxford University Press. Duff, L., & Gardiner, S. (1996). Computer crime in the global village: strategies for control and regulation – in defense of the hacker. International Journal of the Sociology of Law, 26, 211-228. Heinsbroek, T.L.P. (2012). Hacking Revealed. Maasland, Netherlands: SeKuRiGo. Retrieved from http://www.sekurigo.nl/ uploads/1/3/7/9/13790882/hacking_revealed_versie_2.1_uk.pdf Hoath, P., & Mulhall, T. (1998). Hacking: Motivation and deter-

Holt, T. J., & Kilger, M. (2012). Know your enemy: The social dynamics of hacking. Honeynet Project KYE Paper. Holt, T. J., Strumsky, D., Smirnova, O., & Kilger, M. (2012). Examining the social networks of malware writers and hackers. International Journal of Cyber Criminology, 6(1), 891-903. Hunton, P. (2012). Data attack of the cybercriminal: Investigating the digital currency of cybercrime. Computer Law and Security Review, 28, 201-207. Kraemer-Mbula, E., Tang, P., & Rush, H. (2013). The cybercrime ecosystem: Online innovation in the shadows? Technological Forecasting and Social Change, 80, 541-555. Rid, T. (2013). Cyber war will not take place. London: Oxford University Press. Turgemon-Goldschmidt, O. (2005). Hackers’ accounts: Hacking as a social entertainment. Social Science Computer Review, 23(1), 8-23. Vanio, N. & Vadén, T. (2007). Free software philosophy and open source. In St. Amand, K., & Still, B. (Eds.), Handbook of research on open source software: Technological, economic, and social perspectives, (pp. 1-11). Hershey, NY: Information Science Reference. Yar, M. (2013). Cybercrime and society (2nd ed.). Thousand Oaks, CA: Sage. Young, R., Zhang, L., & Prybutok, V. R. (2007). Hacking into the minds of hackers. Information Systems Management, 24, 281-7.

Xu, Z., Hu, Q., & Zhang, C. (2013). Why computer talents become computer hackers. Communications of the ACM, 56(4), 64-74.

The Most Dangerous Threat: The Trusted Insider: The Spy in the Worst Possible Place by Eric O’Neill, pages 158-167 CERT Software Engineering Institute. (2012). 2012 cyber security watch survey: How bad is the insider threat? Retrieved from https://resources.sei.cmu.edu/asset_files/ Presentation/2013_017_101_57766.pdf CERT Software Engineering Institute. (2013). Spotlight on: Insider theft of intellectual property inside the United States involving foreign government or organizations. Retrieved from http://www.sei.cmu.edu/reports/13tn009.pdf Cisco. (2008). Data leakage worldwide whitepaper: The high cost of insider threats. Retrieved from http://www.cisco.com/c/en/ us/solutions/collateral/enterprise-networks/data-loss-prevention/white_paper_c11-506224.pdf The Commission of the Theft of American Intellectual Property. (2013). The IP commission report. Retrieved from http://www. ipcommission.org Houhoulis, R. M. & O’Neill, E. (2014). The trusted insider: How espionage feeds the Chinese economy. The Georgetown Group. Retrieved from http://media.wix.com/ugd/f377ea_61c0f788ed3 845108b4612cfd1a1f006.pdf

229

Caring for Caregivers: How Technology Enhanced Education has Provided Support for Rural Caregivers of the Elderly by Kathy Jo Ellison and Emily Myers, pages 180-185 Alabama State Data Center (2010). Retrieved from http://cber. cba.ua.edu/asdc/ Aneshensel, C.S., et al. (1995). Profiles in caregiving: The unexpected career. San Diego, CA: Academic Press.

230

Gross, J. (2011). A bittersweet season, caring for our aging parents – and ourselves. New York, NY: Vintage Press. Hale, K., & McNeal, R. (2011). Technology, politics, and e-commerce: Internet sales tax and interstate cooperation. Government Information Quarterly, 28(2), 262-270. Kaiser Family Foundation. (2012). Retrieved from http://kff.org/ statedata/

Wegerer, J. (2013). 7 ways technology helps family caregivers. A place for mom. Retrieved from http://www.aplaceformom.com/ blog/2013-7-21-technology-family Zarit, S. (2008). Behavioral and psychosocial interventions for family caregivers. Journal of Social Work Education Supplement, 44, (3).

Laguna, L. (2008). Enhancing the attitudes and self-efficacy of older adults toward computers and Internet: Results of a pilot study. Educational Gerontology, 34, 834-843.

Cyber-Inclusion: The Importance of Creating

National Alliance for Caregiving. (2009). Caregiving in the US 2009. Retrieved from http://www.caregiving.org/data/ Caregiving_in_the_US_2009_full_report.pdf.

Theofanos, M. F., & Redish, J. (2003). Bridging the gap: Between accessibility and usability. Interactions 10(6), 36–51. doi: 10.1145/947226.947227.

Pearlin, L. I., et al. (1990). Caregiving and the stress process: An overview of concepts and their measures. Gerontologist, 30(5), 583-594.

Youngblood, N. E., & Mackiewicz, J. (2012). A usability analysis of municipal government website home pages in Alabama. Government Information Quarterly, 29(4), 582-588.

Gallagher-Thompson, D., & Coon, D. W. (2007). Evidence-based psychological treatments for distress in family caregivers of older adults. Psychology of Aging 22(1), 37-51.

Pinquart, M., & Sorensen, S. (2006). Helping caregivers of persons with dementia: Which interventions work and how large are their effects? International Psychogeriatrics, 18(4), 577-595.

Bridging the Digital Divide: Broadening the

Gatto, S. L., & Tak, S. H. (2008). Computer, Internet, and email use among older adults: Benefits and barriers. Educational Gerontology, 34(9), 800-811. doi: 10.1080/03601270802243697

Pruchno, R. (2012). Not your mother’s old age: Baby boomers at age 65. The Gerontologist 52, (2), 149-152.

Cyber Age by Veena Chattaraman and Wi-Suk

Bevan, J. L., & Pecchioni, L. L. (2008). Understanding the impact of family caregiver cancer literacy on patient health outcomes. Patient Education and Counseling, 71, 356-364. doi: 10.1016/j. pec/2008.02.022 Brown, M., & Hale, K. (2011). State-wide assessment of Alabama women 65+: Organizations, practices and participant perspectives, final report to the Alabama women’s commission. Alabama Women’s Commission.

Gitlin, L. N., et al. (2006). Enhancing quality of life of families who use adult day services: Short- and long-term effects of the Adult Day Services Plus program. Gerontologist, 46(5), 630-639. Gopalan, N., & Brannon, L. (2006). Increasing family members’ appreciation of family caregiving stress. The Journal of Psychology, 140(2), 85-94.

Rosenthal, R. (2008). Older computer-literate women: Their motivations, obstacles, and paths to success. Educational Gerontology, 34, 573-585. Teri, L., et al. (2003). Exercise plus behavioral management in patients with Alzheimer disease: A randomized controlled trial. Journal of the American Medical Association, 290(15), 2015-2022.

Accessible Websites by Norman E.Youngblood and Susan A.Youngblood, pages 186-191

Engagement of the Senior Population in the Kwon, pages 192-197 Pew Internet Research Project. Retrieved from http://www. pewinternet.org

Science for Everyone: Making Research Publications Open and Available through the Internet by Michelle Sidler , pages 198-201

Digital Reflections: On Cyber – A Mechanical Engineering Teacher’s Perspective by Roy W. Knight, pages 216-221

Kennedy, J.V. (2012). The sources and uses of US science funding. The New Atlantis, 36, 3-22.

Glanz, J. (2012, September). Data barns in a farm town, gobbling power and flexing muscle. New York Times. Retrieved from http:// www.nytimes.com/2012/09/24/technology/data-centers-in-ruralwashington-state-gobble-power.html?pagewanted=all&_r=0.

Science or Snake Oil: Scholarship and Peer Review in the Digital Age by Ash Bullard with Dennis DeVries, Alan Wilson, Henry Kinnucan, Prabhakar Clement, Graeme Lockaby, and Chris Newland, pages 202-211 Beall, J. (2014). Beall’s list: Potential, possible, or probable predatory scholarly open-access publishers. Beall’s List. Retrieved from http://scholarlyoa.com/other-pages/misleading-metrics/ Bohannon, J. (2013). Who’s afraid of peer review? Science 342, 60-65. Sokal, A. D. (1996). Transgressing the boundaries: Toward a transformative hermeneutics of quantum gravity. Social Text, 46 & 47, 217-252. Thomson, R. (2014). Journal Citation Reports. Retrieved from http://thomsonreuters.com/journal-citation-reports/

231

Contributor Biographies T. Randolph ‘Randy’ Beard teaches courses in microeconomics, industrial organization, and publicpolicy in the Economics Department and in the Political Science Department, where he served as Professor of Public Policy during the 2008-2009 academic year. His research has appeared in multiple journals, and he is an author of three books: Initial Public Offerings: Findings and Theories; Economics, Entropy and the Environment: The Extraordinary 232 Economics of Nicholas Georgescu-Roegen; and most recently, The Global Organ Shortage: Economic Causes, Human Consequences, and Policy Responses, written with the German Health Economist Rigmar Osterkamp and the late Auburn Economics Professor David Kaserman. Beard has appeared as an expert in numerous regulatory and judicial proceedings in the areas of regulatory pricing, competition policy, and antitrust economics. He serves as an Adjunct Scholar at the Phoenix Center for Advanced Legal and Economic Public Policy Analysis in Washington, D. C., where he is the author of numerous reports and policy papers in telecommunications regulation and economic development.

Chase Bringardner is an Associate Professor in the Department of Theatre who specializes in the study of popular entertainments such as medicine shows and musical theatre, regional identity construction, and intersections of race, gender, and class in popular performance forms. He graduated from the University of Texas at Austin in 2007 with a PhD after defending his dissertation entitled “Popular Entertainments and Constructions of Southern Identity: How Burlesques, Medicine Shows, and Musical Theatre Made Meaning and Money in the South, 1854-1980.” He has directed and acted in many musicals including Cabaret, Hair, and Jesus Christ Superstar. His current book length project details the socio-cultural history of the Fabulous Fox Theatre in Atlanta and both its complicated relationship with the city and its role in larger narratives of regional and national theatrical/performance histories. He is also an active member of the Association of Theatre in Higher Education (ATHE) (where he has served as both conference planner and focus group representative) and the American Society of Theatre Research (ASTR).

Steven P. Brown is a Professor of political science at Auburn University. He received his bachelor’s degree from Brigham Young University and his master’s degree and doctorate from the University of Virginia. He teaches courses in constitutional law, American government, and religion and politics. In 2006, Dr. Brown was the national winner of the National Society of Collegiate Scholars’ faculty of the year award. His first book, Trumping Religion: The New Christian Right, The Free Speech Clause, and the Courts received the National Communication Association’s Franklyn S. Haiman Award for Distinguished Scholarship in Freedom of Expression. His recently published second book is entitled, John McKinley and the Antebellum Supreme Court: Circuit Riding in the Old Southwest. Ash Bullard is originally from Signal Mountain, Tennessee and spent occasional summers on the shores of the Chesapeake Bay. He earned his BS in Marine Biological Sciences from the University of South Carolina in 1997 and was advised by Robin M. Overstreet at Gulf Coast Research Laboratory

(GCRL) for his MS (2002) and PhD (2007). After a short post-doc at GCRL, in August 2008, he was hired as an Assistant Professor in the Department of Fisheries and Allied Aquacultures at Auburn University. Lt. Gen. Ronald L. Burgess, Jr. (US Army, ret.) was commissioned in Military Intelligence through the Auburn University ROTC Program in 1974. He earned a Master of Science in Education from the University of Southern California in 1980 and a Master of Military Arts and Science from the US Army Command and General Staff College in 1986. His military education includes the Armor Officer Basic Course, the Military Intelligence Officers Advanced Course, the Command and General Staff College, the Advanced Military Studies Program, and the Air War College. Lieutenant General Burgess held a variety of key staff and command positions throughout his 38-year military career. General officer assignments include Director of Intelligence, J2, US Southern Command; Director of Intelligence, J2, Office of the Joint Chiefs of Staff; and Deputy Director of National Intelligence for Customer Outcomes transitioning to Director of the Intelligence Staff in the Office of the Director of National Intelligence. He was dual-hatted twice as the Acting Principal

Deputy Director of National Intelligence. His final military assignment was as the 17th Director of the Defense Intelligence Agency. He joined Auburn University on December 1, 2012 as Senior Counsel for National Security Programs, Cyber Programs, and Military Affairs. In this capacity, he works across the university to interface and coordinate with federal, state, and commercial entities on all matters related to these areas. His personal awards and decorations include the Defense Distinguished Service Medal (Two Oak Leaf Clusters); Defense Superior Service Medal (Two Oak Leaf Clusters); Legion of Merit, Meritorious Service Medal (Four Oak Leaf Clusters); Joint Service Commendation Medal; Army Commendation Medal; Army Achievement Medal; NATO Medalâ&#x20AC;&#x201D; former Republic of Yugoslavia; Parachutist Badge; Joint Chiefs of Staff Identification Badge; and Army Staff Identification Badge. Mark Burns is Associate Professor in the Department of Political Science at Auburn University and former Director of its Health Administration Program. His interests include health policy/administration, technology issues, and organization theory.

Richard Chapman is an Associate Professor in the Department of Computer Science and Software Engineering. He received his PhD and MS in computer science at Cornell University and is a former Rhodes Scholar. He has published numerous articles in journals and proceedings including IEEE Pervasive and the Journal of Computing Science in Colleges. His research and teaching interests include ubiquitous computing, wireless and mobile networks, information assurance, human-computer interaction, and system software. Veena Chattaraman is an Associate Professor in the Department of Consumer and Design Sciences at Auburn University. She received her 233 PhD in consumer sciences at The Ohio State University in 2006 with minor areas in social psychology and cultural anthropology. Her research program is multifaceted and addresses socialpsychological aspects of consumer decision-making. Funded by the National Science Foundation, her current research projects examine the use of virtual agent technologies to simulate social interactions and extend human decision-making in eservices. Her publications have appeared in various journals including Journal of Business Research, Psychology & Marketing, Journal of Consumer Behaviour, and Computers in Human Behavior.

Catherine Cox is a senior at Auburn University majoring in Professional and Public Writing. She will be graduating in the spring of 2015 and is currently serving as an editing intern at Auburn Speaks. Patricia (Pat) Curtis received her PhD at Texas A&M and comes from North Carolina State University (NCSU). Since beginning at Auburn, Pat has received the Poultry Science Association’s Poultry Products Research Award and the Helene Cecil Leadership award for her scientific contributions in the field of poultry science and for her leadership role in the promotional and developmental opportunities for women in the area of poultry science. While at 234 NCSU, Pat received the North Carolina Cooperative Extension Service Leadership Award. She is a Professor and the Director of the Food Systems Initiative. Pat has focused her research on quality and safety attributes of poultry and egg products. Ben Denton graduated from Auburn University with a PhD in Computer Science and now works as a cyber security engineer for the United States Department of Defense. While at Auburn, Ben was a part of the Auburn Cyber Research Center and focused his research on software security and reverse engineering. Ben enjoys coffee, spy novels, and cracking passwords.

Kathy Jo Ellison, an Associate Professor in the School of Nursing, received her BSN from the University of Tennessee and her MSN and DSN from the University of Alabama at Birmingham. She has taught at Auburn since 2000 where her primary teaching areas are Nursing Research, Adult and Community Health, and Management. Her research interests include chronic illness and caregiver education and support. Emily C. Friedman (PhD, University of Missouri) is Assistant Professor in the English Department at Auburn University. An award-winning teacher for her work with technology and with undergraduate research, she writes and lectures on contexts of reader experience, primarily in the eighteenth century. Her work has appeared in Studies in English Literature 1500-1900, Eighteenth-Century Fiction, and Women’s Writing, among other journals and books. She is completing a book entitled, Reading Smell in Eighteenth-Century Fiction, and is beginning research on the survival of manuscript circulation in the age of print. John Fulton is an Associate Professor in the Department of Food, Agricultural, and Biological Engineering at The Ohio State University where he is a Machine and Precision Systems Specialist.

Before joining the faculty at The Ohio State University, Fulton was an Associate Professor and Extension Specialist at Auburn University. Fulton’s research and teaching interests include precision agriculture and forestry as well as harvesting, processing, and transporting agricultural and forestry cellulosic biomass. Teresa Gore is an Associate Professor of Nursing and the Simulation Learning Coordinator at Auburn University where she teaches simulation across the curriculum and advanced medical-surgical nursing. She holds a PhD in adult education from Auburn University. She also holds a Doctor of Nursing Practice degree and is a Certified Family Nurse Practitioner. She completed a Certificate in Simulation Education Program and is a Certified Healthcare Simulation Educator-Advanced. She has published numerous articles in journals and several book chapters on simulation. She has presented on simulation topics and research locally, nationally, and internationally. Her research interests include the development of simulations to prepare nursing students for human patient care, a multiple patient leadership simulation, incorporation of simulation across the curriculum, and comparing simulation and traditional clinical experiences. Gore is the President-Elect of the International Nursing

Association for Clinical Simulation and Learning (INACSL). Roy W. Knight was born near Baltimore and attended the University of Maryland. He received his Bachelor of Science in Mechanical Engineering from there in 1979 and his MSME in 1981 from the same institution. He earned his PhD in Mechanical Engineering from The University of Texas at Austin in 1986. That same year he joined the Mechanical Engineering faculty at Auburn University. Dr. Knight has taught classes and performed research in the general fields of thermal science and fluid mechanics. His specific research interests are thermal issues in electronics with a focus on modeling and simulation. He has been chosen by the students as the “Outstanding Professor” in the Mechanical Engineering Department several times, and won the Walker Superior Teaching Award for the Samuel Ginn College of Engineering in 2011. Wi-Suk Kwon is Human Sciences Associate Professor of Retailing at the Department of Consumer and Design Sciences, Auburn University. Dr. Kwon received her PhD in Consumer Sciences with minors in Quantitative Psychology and Marketing from The Ohio State University. Her research interests revolve around human-computer

interaction, focusing on how to manipulate consumer computing interfaces to help overcome users’ physical and cognitive limitations and enhance their information processing and decision making abilities. Her research has been funded by the National Science Foundation, the National Textile Center, and the Alabama Agricultural Experiment Statement, among many others, and published in various academic journals. James Langcuster is an Alabama native who holds two BAs in both political science and RadioTelevision-Film and Sociology from the University of Northern Alabama. He completed his MA in telecommunications at The University of Alabama following his undergraduate education. Currently, Langcuster is a news and public affairs specialist with the Alabama Cooperative Extension System. He writes for Extension as a blogger and also writes columns, op-ed pieces, press releases, and feature stories. Nels Madsen is a Professor of Mechanical Engineering in the Samuel Ginn College of Engineering. After receiving his BA, MS, and PhD from the University of Iowa, he joined Auburn in 1978. Since 1987, he has served as the Vice President for Research and Development for Motion Reality Incorporated. His motion capture

software has won him numerous awards, including an Academy Award for Technical Achievement in 2004 for his work on the Lord of the Rings movies. Chase Murray received BS and ME degrees in Industrial Engineering from Texas A&M University. This was followed by a five-year stint in the semiconductor industry, where he worked for Intel and Dallas Semiconductor. His PhD is in Industrial & Systems Engineering from the University at Buffalo (SUNY). Dr. Murray joined Auburn University in 2010 as an Assistant Professor in the Department of Industrial & Systems Engineering. His research involves the application of operations research (OR) techniques to solve problems encountered by indus- 235 try and the military. In particular, he is interested in leveraging the capabilities of autonomous vehicles for logistics and surveillance. This includes routing and scheduling of unmanned aerial vehicles (UAVs, also known as drones) and in the coordination of truck platoons. He has also used OR tools to solve facility layout problems and to optimize shelf-space allocation in the retail industry. Emily Myers is the Director and Clinical Professor of the Social Work Program in the Department of Sociology, Anthropology, and Social Work. She received her BSW from the University

of Southern Maine and her MSW from Louisiana State University. She has been associated with Auburn since 1991 and has served as the Chair of the Auburn University Multicultural Diversity Commission and the Chair of the Women’s Resource Center. Her research interests include aging, addictions, adoptions, AIDS, community organization, and women’s issues. Robert Norton is a Professor at Auburn University. He was educated at Southern Illinois University, where he received his BS and MS and the University of Arkansas, where he received his PhD. Dr. Norton currently serves as the Director of 236 the Auburn University Open Source Intelligence Laboratory. A long-time consultant to multiple federal agencies and the Department of Defense, Dr. Norton’s research interests include Chemical and Biological Weapons Defense, Medical and Technical Intelligence, Biosecurity, and Veterinary Infectious Diseases. Eric O’Neill is the founder of The Georgetown Group LLC (www.georgetowngroup.com), an investigative and security services firm. Mr. O’Neill is a practicing attorney who specializes in cyber security vulnerability assessments, counterintelligence operations, investigations into economic espionage, internal investigations, and security risk assessment consulting.

Mr. O’Neill served as an operative for the FBI, where he conducted national security field operations against terrorists and foreign intelligence agents. His undercover role in the investigation and capture of the most notorious spy in United States history, Robert Phillip Hanssen, became the subject of Universal Studio’s movie Breach, released to critical acclaim in 2007. Mr. O’Neill has broad legal experience in the areas of homeland security, border protection, risk and liability mitigation for anti-terrorism technologies, national security related matters, and federal investigations of United States citizens and foreign nationals. Admiral Michael Rogers is a native of Chicago and attended Auburn University, graduating in 1981 and receiving his commission via the Naval Reserve Officers Training Corps. Originally a surface warfare officer (SWO), he was selected for re-designation to cryptology (now Information Warfare) in 1986. He assumed his present duties as Commander, US Cyber Command / Director, National Security Agency / Chief, Central Security Service in March 2014. Since becoming a flag officer in 2007, Rogers has also served as the Director for Intelligence for both the Joint Chiefs of Staff and US Pacific Command and most recently as commander, US Fleet Cyber Command/US 10th Fleet.

Rogers is a distinguished graduate of the National War College and a graduate of highest distinction from the Naval War College. He is a Massachusetts Institute of Technology Seminar XXI fellow and Harvard Senior Executive in National Security alum; he also holds a Master of Science in National Security Strategy. Derek G. Ross (PhD, Texas Tech University) is Associate Professor in the English Department at Auburn University. His research interests include perceptions of environment-related rhetoric, ethics, document design, and audience analysis. His work has appeared in Written Communication, Technical Communication, Social Epistemology, Present Tense, and The Journal of Technical Writing and Communication, among others. He is the Ethics Editor/Columnist for Intercom: The Magazine of the Society for Technical Communication, Co-Director for the LUCIA lab for usability, communication interaction, and accessibility, and recipient of a 2012 Auburn University College of Liberal Arts Excellence in Teaching Award. Born in Iran, Fereshteh Rostampour is an Associate Professor of set & lighting design in the department of theatre at Auburn University. She studied Marionette, Painting, Ballet, Architecture, and Scenography. She has been teaching set & lighting

design, interior design, architecture, and computer 3D lighting & rendering for the past seventeen years. She holds an MFA degree in set and lighting design from The Ohio State University. Rostampour worked as a Free-lance Scenographer for numerous plays, dance, opera, and film internationally. Her work has been chosen as one of the six primary performance designs for the National Exhibit at Prague Quadrennial 2015 where she will represent Team USA in Prague, Czech Republic. Rostampour was one of the top three finalists in the World Stage Design (WSD) 2013 competition in Cardiff, Wales and top five in WSD 2009 in Seoul, Korea. Her lighting design for Jesus Christ Superstar in 2006 won the outstanding lighting design at the twentieth Annual Charlotte Theatre Awards. Michelle Sidler is an Associate Professor of rhetoric and composition in the Department of English at Auburn University and Managing Editor of Auburn Speaks. She received her PhD and MA from Purdue University in rhetoric and composition and teaches classes in composition, technical communication, and rhetoric. Her research interests include the rhetoric of science, intellectual property, and open access publishing. Sidler has published numerous articles and book chapters and is the co-editor of Computers in the Composition Classroom: A Critical Sourcebook.

Tony Skjellum serves as the COLSA Cyber Security and Information Assurance Professor in the Department of Computer Science and Software Engineering and Director of the Auburn Cyber Research Center. He earned a BS in Physics and an MS and PhD in Chemical Engineering from the California Institute of Technology. Skjellum is a founding member of the Alabama Cyber Research Consortium. Mark Thornton is Senior Fellow at the Ludwig von Mises Institute. He is the Book Review Editor of the Quarterly Journal of Austrian Economics. He served as the editor of the Austrian Economics Newsletter and as a member of the Editorial Board of the Journal of Libertarian Studies. He has been a member of the graduate faculties of Auburn University and Columbus State University and has also taught economics at Auburn University at Montgomery and Trinity University in Texas. Mark served as Assistant Superintendent of Banking and economic adviser to Governor Fob James of Alabama and was awarded the University Research Award at Columbus State University in 2002. His publications include The Economics of Prohibition; Tariffs, Blockades, and Inflation: The Economics of the Civil War; The Quotable Mises; The Bastiat Collection; and An Essay on Economic Theory. He is a graduate of

St. Bonaventure University and received his PhD in economics from Auburn University. David Umphress is an Associate Professor in the Department of Computer Science and Software Engineering. He earned his BS in Computer Science from Angelo State University and his MCS and PhD in Computer Science from Texas A&M University. He joined Auburn in 1999 and has conducted research on software engineering, software process, cybersecurity, mobile device software development, Java, Google Android, and data mining. Greg S. Weaver is an Associate Professor in the Department of Sociology, Anthropology, and 237 Social Work at Auburn University. A 1988 graduate of Auburn (BS, Criminology), he attended graduate school at the University of Central Florida (MA, Applied Sociology, 1993) and the University of Nebraska (PhD, Sociology, 1997). From 199093, he was a probation officer with the Florida Department of Corrections and since 2009, he has been in the Reserve Unit of the Lee County Sheriffâ&#x20AC;&#x2122;s Office. He is the current President of the Homicide Research Working Group. Research and teaching interests include lethal violence, substance use, and research methods.

Stewart Whittemore is an Assistant Professor of English at Auburn University. He teaches undergraduate courses in the professional and public writing track of the English Major and graduate courses in the Master of Technical and Professional Communication (MTPC) Program. His research employs the tools of institutional ethnography to study the memory practices of writers in workplaces. His monograph Rhetorical Memory: A Study of Technical Communication and Information Management is being released by the University of Chicago Press in the first half of 2015. Andrew Wohrley is the Engineering and Physics 238 Librarian at Auburn University Libraries. He earned his BA from Valparaiso University and his MLS from Indiana University. His particular interests include technology and intellectual property. Levent Yilmaz is an Associate Professor in the Department of Computer Science and Software Engineering. He received his PhD and MS in computer science at Virginia Polytechnic Institute and State University. He has published numerous articles in journals and proceedings including the 31st IEEE International Performance Computing and Communications Conference and the 2012 IEEE Conference on Cognitive Methods in Situation

Awareness and Decision Support. His research and teaching interests include modeling and computer simulation, agent-directed simulation, and complex adaptive systems as well as modeling and design for software engineering. Norman E.Youngblood is an Associate Professor of Media Studies in the School of Communication & Journalism at Auburn University, where he teaches courses in web design, podcasting, communication technology history, and media and society. He serves as the Co-Director of the Laboratory for Usability, Communication, Interaction, and Accessibility. His research focuses on electronic media usability and accessibility, particularly in the areas of e-government and e-health. His work has been published in journals such as Government Information Quarterly, Universal Access in the Information Society, the Journal of Media and Religion, the Journal of Usability Studies, and the International Journal of Sports Communication. Susan A.Youngblood is an Associate Professor of Technical and Professional Communication in the English Department at Auburn University, where she serves as the Coordinator of the Master of Technical and Professional Communication Graduate Area. Among other courses, she teaches web development,

technical writing, editing, and grant writing. She co-founded the Service Learning Opportunities in Technical Communication (SLOT-C) Database and co-directs it with Jo Mackiewicz; the database has a nationwide audience and serves to connect nonprofits that have technical communication projects with students and faculty seeking such projects. Her research addresses vulnerability, accessibility, and competing needs in communication, particularly in online environments. Her work has been published in journals such as the Journal of Usability Studies, the Journal of Business and Technical Communication, and Technical Communication Quarterly.

esearch is creating new knowledge.

â&#x20AC;&#x201C; Neil Armstrong

239