RUNNING HEAD: CURRENT OVERVIEW OF ONLINE SECURITY 1

The Invisible Threat: Current Overview of Online Security

Senior Capstone

Joe Fogelman

Ocean Lakes Math and Science Academy

Author Note

Research conducted by Joseph Fogelman, Math and Science Academy, Ocean Lakes

High School.

This project was conducted as a part of the Math and Science Academy Senior Capstone

Project. Special thank to Mrs. Allison Graves for acting as my advisor through my experience.

Also special thanks to my mentor Mr. Caleb Hansen for allowing me to shadow him.

Correspondence concerning this article should be addressed to Joseph Fogelman, Ocean

Lakes High School, 885 Schumann Drive, Virginia Beach, VA 23454.

Email: joefog13@gmail.com
 CURRENT OVERVIEW OF ONLINE SECURITY 2

Introduction

Technology is continuously changing the world. Many never expected computers to fit in

our pockets or cars with the ability to drive themselves. However, with these tremendous

advancements comes great danger. It is estimated that 8.7 billion devices are connected to the

Internet as of 2012. This proliferation of technology creates a gold mine for malicious hackers to

take advantage. (Singer & Friedman, 2014) With this rapid advancement of technology hackers

now have more tools to exploit systems. Their strategies are always evolving just like the

technology they are compromising.

This quick evolution creates massive problems for the older generation who don’t

understand the problems of IT and cyber security. Therefore, it is difficult for politicians to make

policies on these problems without knowledge of the field. Considering the older generation

comprises most of our government’s leaders, our country suffers from the lack of technology

awareness. (Singer & Friedman, 2014) From the Clinton email scandal to general

misunderstanding of cyberspace. Overall, “politicians and government officials don’t know

anything about cyberspace.”(Singer & Friedman, 2014)

Cybersecurity can be defined as the state of being protected against criminal or

unauthorized use of electronic data or the measures taken to achieve this. Even though digital

attacks can be dated back to the creation of the Internet, the invention of this field of study is still

very new. As a matter of fact, many government agencies are still without a cybersecurity expert

within their firm. This oversight can be attributed to either the lack of personnel in the field or

the “invisible threat” of hacking (Singer, Friedman 2014).

 CURRENT OVERVIEW OF ONLINE SECURITY 3

Many large corporations have ignored the threat of a cyber attack because it is invisible.

With many other attacks victims can see the threat rising and therefore you make a plan to

counteract it. However, in a hack all of your information can be stolen in an instant. In the Yahoo

hack disclosed in August 2017, it was reported that over 3 billion user accounts were

compromised dating all the way back to 2013 (Selyukh, 2017). These acts can happen all at once

or over a long period of time, nonetheless with poor cybersecurity monitoring there is no way of

mitigating the risk. Since these large scale hacks, many have increased awareness to the cyber

threat, but governments still struggle to create policies on the issue. They question how to

regulate a threat that can exist halfway around the world.

Even though there are many large-scale problems related to cybersecurity, it is still

important to be protected on an individual scale. There are many measures individuals can take

to keep themselves protected. People can start with always keeping their computer and software

updated. Bug in programs are always being found and corrected so keeping your computer up to

date can help correct these mistakes (Hoffman, 2017). It is also very important to use anti-virus

and anti-malware programs. A virus can be defined as a piece of code capable of copying itself

and producing a detrimental effect. These programs constantly scan your system to ensure that

no code is corrupting a user’s personal data or harming a user’s computer in any way.

The most important aspect of online security is keeping a good password. Passwords are

the key to keeping any online account secure. If someone exploits a person’s password, that

person could possibly lose everything. Individuals can protect themselves by keeping passwords

different for different accounts and always changing them. (Hoffman 2017) They may also go an

extra step and add encryption to their passwords through programs like FileVault and BitLocker.

Cookies should also be managed properly by constantly deleting them from websites that you no
 CURRENT OVERVIEW OF ONLINE SECURITY 4

longer use. What are cookies? These are small pieces of data sent by a website to the user’s

browser and are stored there temporarily (Cookies, 2017). The ever prevalent threat of a cyber

war hangs over our heads, but many have yet to see it.

The Story

At the beginning of my senior project journey, I wasn’t completely sure what I wanted to

do. Some seniors have set topics that they have been researching from the beginning of high

school and others are more undecided. In my initial Isearch, I investigated biogeography and bio

mineralization, which at the time was very interesting to me. Most people would disagree and

now looking back I feel the same way. I ditched that topic and decided to move onto something

else.

During the start of my junior year, I steered more into the engineering world because of

my interest in physics. When deciding which field of engineering I wanted to explore, I chose to

look into the developing field of environmental engineering. This seemed to merge my love for

the environment and interest in physics. Coincidentally, Mrs. Graves posted about a possible

mentor opportunity involving a developing environmental engineering firm. I immediately

reached out, but they were only taking one student and the spot happened to fall to another

individual.

I was very frustrated considering I was betting on that mentor opportunity for all of

January, and I had to start from scratch with finding a new mentor. I moved onto my symposium

project that dealt with building an easy to use water purifier. I didn’t work on finding a mentor

for another 3 months until the May deadline approached. However, during this time my focus

shifted, and I decided I didn’t want to look into engineering anymore. Instead, I wanted to
 CURRENT OVERVIEW OF ONLINE SECURITY 5

investigate the developing world of cybersecurity. This seemed to me to be the hottest topic

during my researching, and I wanted to be a part of it.

Shortly after this change, I was able to secure a mentorship with Mr. Caleb Hansen, the

FSO (Facility Security Officer) of RMGS Inc. I was able to get this contact from my dad who is

good friends with Mr. Hansen. The initial meeting with Mr. Hansen went very well, and he had a

lot of optimism and plans for my experience moving forward.

I started the mentorship on June 20th, a week after school ended. Their office was located

near Mount Trashmore, so it was about a 15 to 20 minute drive. I was expected to show up in

business casual clothes everyday between 9:30 to 10. These were definitely conditions that were

easy to follow. Overall, the workplace was very relaxed in terms of what to wear and when to

show up. Nonetheless, I always showed up on time except for once but my mentor didn’t care

too much.

On my first day, I started with setting up my office space and meeting everyone in the

company. It was important to learn the business structure and hierarchy so that I would know

who to look to when I had a problem. Everyone immediately accepted me as the new intern,

which was very welcoming. They were even able to give me my own room as an office space.

The most significant person I met on the first day was Mrs. Stafford, the president of the

company. Most of the first day was spent explaining what interests and topics I wanted to

include in my senior project and then I was sent to research them further. I did do some paper

shredding as well.

The second day was similar to the first except I had nothing to set up so I spent my time

researching cybersecurity and learning code. There were many days like these throughout my
 CURRENT OVERVIEW OF ONLINE SECURITY 6

mentorship where Mr. Hansen had nothing for me to do so I spent my time researching and

learning code. Other times he was doing work that was beneficial for me to see, but I needed a

security clearance. Nonetheless, I was able to learn a decent amount about coding, specifically

python, and the cyber world. My first involvement in the company came when Mrs. Stafford

asked me to help construct the WBS (Work Breakdown Schedule) for an upcoming proposal.

I worked with Micky, an independent contractor that was also working on the WBS. The

WBS had to be made using Microsoft Project which was a program I had never used before.

Micky seemed to be an expert on it, and she was being paid to make the WBS. Dave Buffalo, the

CEO of another company that was working with RMGS on the proposal, sent me the

chronological events of what the site advisor would be doing during the proposal. Basically

multiple defense contracting companies were submitting bids to the government hoping to win

the contract so that they can bring in money. The WBS made up a big part of the proposal, so I

was honored to be doing something important. It took a lot of time to understand Microsoft

Project and how Mrs. Stafford wanted the information to be displayed. There ended up being a

lot of technological problems, but in the end I was able to fix them.

At the conclusion of my mentorship, I completed 5 WBSs for the company. After

the 2nd was completed they sent Micky away and I had to do the other 3 on my own. The

proposals were for contracts in Addis Ababa, Somalia, Mogadishu, Nairobi and Cameroon; these

are all places in Africa. It was very interesting to be doing work that had practical use in other

locations around the world. Even though these WBSs had no applicability to cybersecurity or

security in general, I still was able to learn something. I learned a lot about how small businesses

work and that communication is very important. I also learned a good amount about how

Microsoft Project works, which according to Micky can be very useful in the future. The WBSs
 CURRENT OVERVIEW OF ONLINE SECURITY 7

did take up a lot of my time and weren’t related to my interests, but I wasn’t too disappointed. I

could at least say that I helped the company with something in return for allowing me to be

working with them.

When I finished working on the WBSs my mentor tasked me with identifying

different threats to security within a business. I also had to find out how to mitigate these risks.

Even though this was a small assignment it opened my eyes to the fact that there are other threats

to security as well. I always knew that the scope of security extended beyond the cyber world but

I didn’t know to what degree. Before there were computers, the biggest physical threat to any

organization was people. The most prevalent example is the Cold War. Computers were used

during this time but the largest problem for both the United States and the Soviet Union was the

exchange of information by people. People can be the largest concern for security as well.

Through this assignment I was able to better understand that cybersecurity is not the only focus

relating to a data breach.

Coincidentally during my time at RMGS they had a physical threat of their own.

One of the janitors was suspected of stealing phones and expensive items from their offices

during his cleaning shift. My mentor then had to buy security cameras to work to resolve the

problem. We then placed the security cameras unboxed and in plain sight, however they were not

set up yet. The janitor must have saw these cameras because he stopped taking things.

Throughout my mentorship we never ended up installing these cameras and I don’t know that

they ever were. Nonetheless, this was an interesting experience and really makes someone

realize that breaches to security can come from anyone and sometimes people you would least

expect. Most of the security threats Mr. Hansen deals with occurs on the courses that the

company runs in locations around the United States.

 CURRENT OVERVIEW OF ONLINE SECURITY 8

When my mentor had some free time he set me up on CDSE (Center for Development of

Security Excellence) training courses. He were online courses that helped with the protection of

physical threats more related to people. Nonetheless, I was still able to learn what to detect from

a potential insider threat. I was also able to get certified in CDSE training which may prove to be

very useful which seeking a job later on. These courses were made up of a series of videos that

would have to watch in succession before taking the final exam. If you get an 80% or above on

the final exam they give you a certificate of completion. Surprisingly government contract work

has a lot to do with whether or not you are certified. My mentor has various certifications and

clearances, some through CDSE, that allow him to do the work he does. This also helps the

company win contracts with the government by how qualified their employees are. The downfall

of these clearances was that I was limited on my experience because I didn’t have these

clearances. However, the system is designed that way to prohibit outsider to obtain and leak

information that they shouldn’t have had access to in the first place.

During the end of my mentorship, the company hired a cybersecurity contractor to set-up

and isolated system for a course that was coming up. They had to pay him close to $100 an hour!

This partially had to do with the fact that he was certified to do that form of work and that he

would get the job done right. I have found that this parallel can be seen with any contracting

company whether it is corporate or even a construction company must have a lot background

before they can be seen as reliable. Nonetheless, the cybersecurity expert set up a laptop that was

completely off-the-grid disconnected from all online services. He then conducted an anti-virus

scan and had the software run continuously offline. All programs that needed to be entered into

the computer would be through a disk. These methods seemed to be barbaric, but they didn’t

keep the user protected from potential online threats.

 CURRENT OVERVIEW OF ONLINE SECURITY 9

Product

From my research and mentorship I felt that I needed to inform people about methods to

make them safer while using online services. I decided to combine what I learned about coding

html and what I knew about online protection to create an informative website. The initial idea

was for me to code a website from scratch and not use any pre-designed website making

software. However, coding a website proved to be a challenge and took a lot more time than I

thought it would. I also had to find some useful information that would be practical for the

common individual and someone who wanted advanced knowledge. When I was finished with

the coding piece, the web hosting services proved to be the next challenge. It was difficult to find

web hosting that was free and a free domain name. I ended up settling with 000webhosting.com

because they offered both of these services for free, but I didn’t get the domain name I had hoped

for.

Overall, the website looked good considering it was the first one I had ever constructed.

After reviewing other website designing software, I would definitely recommend using those

over coding a website yourself. Coding the website yourself does give a little more freedom to

how you want it to look, but takes a lot longer and in the end I don’t think it’s worth it.

Nonetheless, I was able to learn some important things about html code that I wouldn’t have

understood had I not coded a website.

I decided to present this website to my AP Computer Science class since this seemed to

be the most practical environment. I gave a 10 minute presentation while they browsed around

the website I created. It was important for me to emphasize the risks that can come out of the

hacks that were described in my website. The overall structure of the website consisted of a
 CURRENT OVERVIEW OF ONLINE SECURITY 10

header titling “Online Security.” There were then tabs labeled with “Basic”, “Advanced”, and

“Additional Information.” The basic tab had basic information that any common individual

would understand on how to protect yourself online. The things discussed in this section

focussed more on the individual level. The advanced section was made up of hacking techniques

that hackers use to take over networks of corporations. The additional information section gave

an overview for my intentions of this website and a google form to get some feedback on how

my presentation went.

Conclusion and Results

I felt that the material I presented in the class was meaningful and could assist the

students to make better online decisions. After reviewing my google form, the responses were

scattered. Every student said they learned something new from the website. Most of them said

they already knew the information presented in the basic section of the website. Some were

displeased by the color scheme of the website and its visual appeal. Those responses won’t

concern me too much unless I decide to become a website designer.

Overall the experience that I have gained from this journey has been fantastic. I can

gladly say that I have spent the past 140 hours doing something that I enjoy. This journey has

helped me to better understand what I want to do in my future career path. I definitely understand

the growing concern of cybersecurity and hope to inform others of the threats online. Many

claim that a cyber war will be the next world war but few understand that it has already began.

Thousands of attacks are launched every day in the hopes of compromising a system. I will

always remember this experience as it has helped me to learn a tremendous amount about the

career path I am about to enter. It has also helped me to actually have fun learning about
 CURRENT OVERVIEW OF ONLINE SECURITY 11

something in school. I have also found additional cyber topics very important like the dark web

and the history of cybersecurity. Throughout my mentorship I mostly focused on mitigating

security risks but these additional topics will be useful to understand as well. This entire

experience has allowed me to open my eyes to a field that is rapidly developing and allowed me

to be a part a new technological movement.

 CURRENT OVERVIEW OF ONLINE SECURITY 12

References

Dilon, G. (2006, March 19). 10 Basic Online Security Rules. Retrieved October 25, 2017, from

http://www.georgedillon.com/web/security.shtml#firewall

Cookies, W. W. (2017). What Are Cookies?Computer Cookies Explained. Retrieved October 25,

2017, from http://www.whatarecookies.com/

Crypto Policy Project. (2016, June 24). Retrieved October 25, 2017, from

http://cyberlaw.stanford.edu/our-work/projects/crypto-policy-project

Singer P.W., Friedman A. (2014). Cybersecurity and Cyberwar: What Everyone Needs to Know.

Parameters, 44(3), 149-151.

Hoffman, C. (2017, October 12). Basic Computer Security: How to Protect Yourself from

Viruses, Hackers, and Thieves. Retrieved October 25, 2017, from

https://www.howtogeek.com/173478/10-important-computer-security-practices-you-

should-follow/

Learn to Hack. (2017). Retrieved October 25, 2017, from https://www.hacksplaining.com/

Selyukh, A. (2017, October 03). Every Yahoo Account That Existed In Mid-2013 Was Likely

Hacked. Retrieved October 25, 2017, from http://www.npr.org/sections/thetwo-

way/2017/10/03/555016024/every-yahoo-account-that-existed-in-mid-2013-was-likely-

hacked

Shekhar, A. (2017, February 10). Top 10 Common Hacking Techniques You Should Know

About. Retrieved October 25, 2017, from https://fossbytes.com/hacking-techniques/