Cybersecurity: VMI Honors Cadet Explains How Cyber-Attacks Affect Physical Infrastructure
LEXINGTON, Va. March 23, 2023 — “Think back to the last time you watched a movie about a big heist. There is always a scene with a security guard sitting in front of several security camera monitors. He notices a split-second blip in the feed, then false feed begins to run, and the guard thinks that everything is normal because that is what he sees.”
That is how Lt. Col. David Feinauer, associate professor in the Department of Electrical and Computer Engineering at 小妲己直播 Institute, introduced his student Dominick Lalena ’23 and his senior thesis presentation, “Understanding Visibility as it Applies to Organizational Security through a Phased Acquisition Approach” during Honors Week, held March 20-28.
“You cannot manage what you cannot see,” began Lalena, to illustrate the necessity of visibility in cybersecurity. “Every time you go online, you enter the cyber realm. For security purposes, an organization should be able to see who enters their cyber space.”
He explained information technology (IT) and operational technology (OT) in organizations and industries have become linked, or converged.
“If a hacker gets into your computer system, not only can information be stolen, but there may be physical ramifications,” he said.
He gave two examples of cyber-attacks which have affected physical infrastructure: In 2017 in Ukraine, malware called “Industroyer” infiltrated the computer system, then caused people to go without power and water; and in 2021, a hacker attempted to poison the water supply in Oldsmar, Florida, by increasing the level of lye. It was later discovered that the water plant’s IT security was extremely lax.
“Medical devices in hospitals and health care offices are often linked to IT systems. Add to that remote access to medical records, and you can clearly appreciate the need for tight cybersecurity,” he stressed.
Lalena explained the solution lies in better security software that provides visuals that aid in operator interaction.
“Dashboard lights in your car are easily recognizable. Everyone can identify the engine light, and knows the car should be serviced immediately. Many security software products on the market are confusing, and the information displayed on the dashboard of the computer monitor often takes time to interpret,” he explained. He also cited redundancy as an effective tool.
“The more messages received from different data sources, the quicker organizations can detect that there is a problem.”
According to Feinauer, Lalena’s thesis work intersects the disciplines of cybersecurity, organizational management, and human factors engineering.
“He has taken on a complex problem that is timely and of great importance, and thoughtfully explored and suggested processes and principles that could lead to better insights and visibility into our modern, connected organizations and world,” said Feinauer.
Lalena would like his work continued to further understand capabilities and limitations of security software, and to further explore best practices for threat investigation.
Lalena will present part of his thesis work as a technical paper at the Institute of Electrical and Electronics Engineers (IEEE) SoutheastCon 2023 in April in Orlando, Florida. It is the IEEE’s annual technical, professional, and student conference for the Southeast.
Lalena attended Colonial Forge High School in Stafford. He is the son of Dennis and Carrie Lalena from Dover-Foxcroft, Maine. After graduation, he will commission into the U.S. Army Reserves. While in the Reserves, he will be working as a software engineer for Boeing in their F22 program. He also plans to attend graduate school online.
Marianne Hause
Communications & Marketing
VIRGINIA MILITARY INSTITUTE