Interview With Dr. Tirthankar Ghosh – UWF Center for Cybersecurity

We recently interviewed Dr. Tirthankar Ghosh, Professor and Associate Director at the Center for Cybersecurity at the University of West Florida. He told us how the global supply chain is deeply affected by the pandemic.

Private Internet Access: What has your journey to your current job been?

Tirthankar Ghosh: My formal education was in electrical engineering in the early ‘90s. After a few years of working as an electrical engineer, I decided to go back to school and got a master’s and a PhD in computer and electrical engineering.

When I was doing my PhD, I got exposed to the realm of information security. After I graduated, I got a job at a university in Minnesota where the university had just started a network information security major, a standalone major on information security, which was not very common at that time. I joined as a faculty member of that department. I started teaching in the program and eventually directing it. The program grew exponentially, and we eventually changed it to an IT/Cybersecurity program under the computer science department.

And then in 2018, I joined the University of West Florida at the Center for Cybersecurity and kept continuing my research and education in cybersecurity.

PIA: Tell me about the Center for Cybersecurity at the University of West Florida.

TG: At the university, we have a very strong cybersecurity portfolio. At the academic side, there are cybersecurity programs at the undergraduate and the graduate level. The programs have grown a lot in the last few years. The center, on the other hand, is the externally facing entity of the university.

At the center, we primarily engage in workforce development, research, and designing innovative curriculum with short, modular courses that are specifically targeted towards upskilling and reskilling the existing workforce.

We have several projects—we got funding through various federal agencies like NSA, NSF, Department of Energy, and Office of Naval Research—and we have used that funding to do research as well as train the existing workforce.

PIA: Why do you think individuals and companies need a good VPN?

TG: To establish an end-to-end secure connection, especially if you look at today’s context, where many of us are still working from home. Having a VPN helps to establish a secure tunnel over the public internet connecting back to our infrastructure back in the office.

PIA: What do you think the worst cyberthreats are out there today?

TG: We have seen how the threats have evolved to be more and more sophisticated. Some concerns that we have today are risks associated with supply chain as well as ransomware threats. We have seen how adversaries are becoming more resource-powerful in devising attack vectors that are targeting both public and private sector organizations. We have also seen how threats against critical infrastructure is growing. Everybody has heard about the recent attacks on the Colonial Pipeline and also the city of Oldsmar in Florida, where a water treatment plant was compromised, and the amount of sodium hydroxide or lye was increased to a dangerous level. These examples show how the adversaries are going after these critical infrastructure sectors as well and they won’t stop at anything.

PIA: How do you think the pandemic is going to change cybersecurity for the future?

TG: Because of the pandemic, we have seen how the entire global supply chain is intricately connected. That has brought special attention towards securing the supply chain or at least talking about it. The US and other governments have started addressing the issues. The supply chain is so complex. We have seen a trend in the attack vectors—the adversaries have started going after smaller companies that don’t have enough resources to secure their infrastructure or systems. If they compromise the smaller and medium businesses, that gives them a gateway into the bigger supply chain as a whole. Because of our realization of how complex the supply chain is and how intricately these operations are all linked, our eyes have been opened to how we design supply chains to mitigate those risks.

Last year, when the pandemic started, most companies sent their workers home, and it was rushed for many businesses, especially small and medium businesses. They did not have enough time to address the security issues that come with remote working, and because of that, a lot of attacks targeted those employees who started working from home.

The pandemic has essentially changed how we look at our jobs. Many companies are still working from home, and they will continue working from home. That has opened another avenue through which attackers can come in to target those employees. The employees are using their home networks, which may not be that secure, with many other devices (including home IoTs) connected to that network that can act as attack entry points.