UMass Lowell’s Miner School Builds Defense Cybersecurity Careers

UMass Lowell’s Miner School of Computer and Information Sciences is running cybersecurity research across several fronts simultaneously, from automating vulnerability detection in building management systems to training students who move into defense contractor roles after graduation. The urgency behind that work is well-documented: cybercrime cost Americans $16.6 billion in 2024, a 33 percent jump from the prior year per the FBI’s Internet Crime Complaint Center (IC3), and a 2025 Claroty study of nearly 467,000 devices across more than 500 organizations found that 75 percent of companies run building management systems with known, actively exploited security gaps.

Science Applications International Corporation (SAIC), a Fortune 500 defense integrator, has committed $1.3 million to a new cyber center on the university’s campus. Draper, a Cambridge-based nonprofit research firm, funds a current Ph.D. student’s studies through a formal scholars program and connects that student directly with Draper’s engineers.

The Building That Got Too Smart

The FBI’s IC3 started accepting cybercrime reports in May 2000, logging roughly 2,000 complaints per month. By 2024, that volume had crossed 2,000 a day. The IC3’s 2024 Internet Crime Report counted 859,532 total complaints and confirmed $16.6 billion in losses, up 33 percent from 2023. The agency placed ransomware 20th by raw complaint volume but called it the most pervasive threat to critical infrastructure, ahead of phishing and extortion in systemic damage.

Buildings have become a quieter attack surface. As organizations connected HVAC systems, lighting and access control to corporate networks for remote monitoring, they exposed legacy protocols built without encryption alongside credentials that couldn’t be rotated. Claroty’s “State of CPS Security 2025” report on building management system exposures, covering nearly 467,000 devices across more than 500 organizations, found that 51 percent of companies with vulnerable building management systems (BMS) also had those systems insecurely connected to the internet, with vulnerabilities already tied to active ransomware campaigns. A separate Claroty finding: 55 percent of organizations use four or more remote access tools inside their operational environments, some as many as 16, most without multi-factor authentication.

Xinwen Fu, a professor in the Miner School, is building automated methods to detect and close those gaps before attackers reach them. His lab works directly with Siemens and Johnson Controls to test and analyze real-world building systems, generating outputs applicable to the products those companies sell and maintain. “Every company, every institute, everyone needs cybersecurity,” Fu has said. His team’s approach to BMS tries to replicate what a skilled penetration tester does manually, scanning for configuration flaws, missing patches and credential weaknesses at machine speed. His lab is also researching how cyberattacks propagate across complex networks, mapping the attack sequence to find earlier points where automated tools can intercept damage before it spreads. Fu directs the school’s Cyber Range, the on-campus facility that runs research simulations and student competition training throughout the year.

Three Labs Chasing the Same Adversary

The Miner School’s cyber research runs through three faculty members, each working on a different layer of the attack surface. The table below maps their projects, funders and industry connections.

Anonymous Traffic and Malicious Intent

Beyond building systems, Fu’s lab has spent years analyzing Tor, the open-source anonymization network that routes internet traffic through a chain of encrypted relays to mask a user’s origin. Human rights workers and journalists use it to communicate without surveillance. Criminal operators use it for the same reason.

Tor is good for anti-censorship. In some countries, you don’t have free speech, but you can use Tor to post about anything, and nobody can find you. However, we found it’s also abused by hackers.

Fu said this describing his lab’s analysis of Tor traffic, which has turned up dozens of active cyberattacks inside the network, including campaigns targeting cloud storage systems. His team is now testing whether large language models (LLMs, the AI architecture behind tools like ChatGPT) can identify malicious Tor traffic faster than conventional detection methods.

Sensitive Data, Guarded by the Chip

Anitha Gollamudi, an assistant professor in the Miner School, is building a framework backed by an Office of Naval Research grant worth nearly $800,000. The goal is to move sensitive data automatically into a hardware enclave, a tightly controlled region within the processor that limits what software can access it. Today, developers must identify by hand which parts of an application belong inside an enclave, a process Gollamudi has described as “tedious, error-prone and largely repetitive.” Her framework automates that identification step entirely, reducing both the labor cost and the risk of misclassification.

Draper, an anchor tenant in the Lowell Innovation Network Corridor (LINC), a public-private development partnership on UMass Lowell’s east campus, is collaborating with Gollamudi on a separate enclave-security project. Through that relationship, Gollamudi recommended Ph.D. student Samuel Dodson ’21 for the Draper Scholars Program, which funds his studies and connects him monthly with Draper’s engineers and scientists.

Securing the 5G Layer

Sashank Narain, an assistant professor in the Miner School, is using machine learning to make wireless networks, including 5G, more secure and efficient, alongside work on AI-enhanced improvements to existing cyberattack detection tools. He is a founding member of AICORE (Center for AI Computing Research), a hub the Miner School launched for foundational AI research across defense, health care and robotics. Narain has also coached the Miner School’s student cyberdefense competition team for five years, a role that overlaps directly with his research on automated threat detection.

Defense Dollars on Campus

SAIC, a global Fortune 500 technology integrator, formalized a cyber center agreement with UMass Lowell in December 2024, siting the project inside LINC. SAIC’s initial contribution of $1.3 million is projected to create 30 jobs through paid internships, job fairs and training programs run in collaboration with Middlesex Community College and local high schools. The agreement also covers post-graduate employment for students and reskilling work at Hanscom Air Force Base, alongside coordination with the Massachusetts State Police and FBI.

A security operations center (SOC) is being added to the complex, funded through a $300,000 grant from MassCyberCenter, the Massachusetts Technology Collaborative’s cybersecurity initiative, and the Center for Advanced Manufacturing. The SOC will sit inside the university’s Wannalancit Business Center, next to the Cyber Range. CyberTrust Massachusetts, a statewide nonprofit focused on cybersecurity workforce development, will manage the center and serve area governments, nonprofits and businesses with monitoring, threat assessment and email defense analysis.

SAIC CEO Toni Townes-Whitley said the expanded partnership “will help build the future cyber workforce and ensure a stream of high demand talent for the nation, as well as Hanscom’s many critical programs.” The Miner School’s Cybersecurity Studies Program holds a National Security Agency (NSA) and Department of Homeland Security (DHS) designation as a National Center of Academic Excellence in Cyber Defense Research, a formal certification the NSA and DHS issue to universities whose graduates are prepared for defense-sector cybersecurity work.

LINC envisions a 1.2-million-square-foot mixed-use district on and beyond UMass Lowell’s east campus, with Draper, SAIC’s cyber center and Mass General Brigham among its anchor partners. The SOC is the latest facility to come online inside that corridor.

Defending the Network, Under Attack

UMass Lowell’s student cyberdefense team won the Northeast Collegiate Cyber Defense Competition (NECCDC) in March for the second consecutive year, defeating teams from the University of New Hampshire, Rochester Institute of Technology and Northeastern University over two days at Roger Williams University in Bristol, Rhode Island. The 2025 scenario placed all teams inside a fictitious pharmaceutical company preparing to merge, tasking students with protecting its digital infrastructure while professional red-team attackers ran continuous offensive operations.

Students maintained simulated business operations and completed executive-assigned tasks alongside active network defense throughout, which meant the team managed competing demands simultaneously under pressure. The Miner School’s eight-player roster prepared by training in the Cyber Range three times a week for months before the March event.

• The NECCDC has run annually since 2008, giving college teams hands-on experience defending live corporate network simulations against professional attackers
• Red-team attackers run continuous offensive operations throughout the competition, targeting teams without pause
• Eight rostered players and four alternates represented UMass Lowell in the 2025 Northeast competition
• The NECCDC win earned the team a national berth; UMass Lowell competed at the National CCDC in late April against teams including the University of Virginia and Stanford University

“We have so many new people on our team this year, and they’re insanely talented,” said Rohan Paranjape, a recent computer science graduate who served as co-captain of the competition team. “They put in the work to go into these competitions as prepared as possible.”

Computer science junior Andrew Yanofsky, who helped the competing team practice by building simulated corporate networks that faced attack, said the Cyber Range’s infrastructure was “really important for the team’s success.” The facility’s servers, shielded from external internet access, allow the team to recreate competition network conditions with high fidelity during the weeks of preparation before the event.

The Careers Built in the Cyber Range

Samuel Dodson ’21, a computer science Ph.D. student, holds a Draper Scholars appointment that funds his studies and places him in monthly contact with Draper’s researchers. “The professional connections are really valuable,” Dodson has said. “I meet monthly with researchers at Draper, and they ask questions and share their ideas about our research.”

Asmaa Amiar, a recent information technology graduate, completed a six-month internship with CyberTrust Massachusetts that took her to security operations centers in Springfield, Boston and Bridgewater. The placement gave her direct exposure to monitoring, threat analysis and response procedures across three distinct operational environments, each with its own infrastructure and client base.

On the curriculum side, Narain received a three-year National Science Foundation (NSF) grant of nearly $400,000 to develop a large language model tool that personalizes computer science instruction by adjusting its explanation depth to each student’s demonstrated knowledge level, drawing on course materials and student notes rather than generating the generic responses a general-purpose chatbot delivers. Narain is developing the tool alongside Miner School assistant professor Samantha Reig and Criminology and Justice Studies associate professor Claire Lee. Fu received a separate three-year NSF grant of $330,000 to build security education modules covering the latest Windows operating systems.

The U.S. Bureau of Labor Statistics projects computer and information technology occupations will grow more than 8 percent over the next decade, with approximately 317,700 job openings annually in roles from information security analysis to software development. AICORE, the interdisciplinary AI research hub Narain co-founded, is designed to sit at that intersection.

UMass Lowell’s new security operations center opens inside the Wannalancit Business Center beside the Cyber Range, where the school’s competition teams have trained since 2019. Students who staff it will work on live client networks for the first time.