Cybersecurity Student Profile: Lt. Col. Rick Galeano
In honor of Cybersecurity Awareness Month, UA Little Rock is profiling student researchers who are studying the rapidly growing field of cybersecurity.
Lt. Col. Rick Galeano is pursuing a Ph.D. in Computer and Information Science at UA Little Rock. He is the deputy director of information warfare at Special Operations Command Africa for the U.S. Army and is currently assigned overseas.
As a research fellow with Dr. Nitin Agarwal’s Collaboratorium for Social Media and Online Behavioral Studies (COSMOS), he studies social and human factors of cybersecurity by researching the topic from a cyber warfare angle.
What kind of work do you do in your career with the U.S. Army?
All of us work in a complex environment. New technology and the rapid dissemination of information has allowed us to work in this ecosystem of the new digital information environment. I happen to be one of a select few information operations officers that have the opportunity to work at the tip of the spear in this career field for the U.S. Army. My job supports Commander decisions to integrate different IRCs (information-related capabilities) into the information environment.
How did you join UA Little Rock as a doctoral student in the information science program?
In 2011, I was a student at Naval Postgraduate School pursuing a M.S. in Information Science. My interest was sparked in information science after taking several graduate courses in game theory, which eventually evolved into learning about social network analysis. This was a stepping stone to study how networks are formed and what propagates diffusion amongst actors in a network. Subsequently, after graduation, and a few publications later; an opportunity was presented which allowed me to apply and be accepted as a Ph.D. student in 2017 at UA Little Rock.
You have devoted countless hours in the lab identifying the tactics, techniques, and procedures that are often the result of hostile acts against users. Can you tell us more about the research you do at COSMOS?
I joined COSMOS and have been working in the realm of cybersecurity and identifying different features and aspects of it for several years. YouTube, for example, is one of many platforms that our fellow researchers continue to explore. In this platform, we have identified good and bad information actors that have access and reach throughout networks. For example a commenter may want to amplify or distort the narrative, create a toxic/trolling environment for other viewers, or exploit YouTube’s recommendation algorithms by flashflooding/flashmobbing the comment space – a behavior that misleads YouTube’s algorithms into believing that the video is going viral resulting in rank elevation.
Sometimes, it is difficult to identify who or what is the source of message manipulation, but the large team of scientists that make up COSMOS helps accelerate identification. One of my own favorite pieces of research was, Weak Ties to the Narrative Rescue: Starbucks Arrest Controversy Case Study. That research provided the rationale as to how weak ties promulgated messaging through natural occurrences resulting in Starbucks quickly regaining a positive external communication narrative. This was in response to the April 2018 Starbucks incident where the coffee chain appeared to be biased against African Americans in Philadelphia. The data and the messaging that was in this data set is an excellent base study that will tweak one’s interest into this field.
Botnet Evolution During Modern Day Large-Scale Combat Operations, is another one my favorite publications. This research identified social bots that have been introduced to the constantly evolving information environment. Their sole purpose was to shape and influence perceptions and cognitively trigger behavioral change on an exponentially massive scale worldwide. The goal of malicious influencers was to influence the information environment by amplifying social media followership in the form of “social bots”—scripted codes that mimic human users and serve as super-spreaders of information.
These social bots were used to promote particular points of view, fabricate perception of popularity or popular viewpoint, muddle the discourse and narrative space, and/or served as a means to bolster these points of view by promoting blogs or other digital content. Effects can ranged across the physical, cognitive, and informational dimensions to ultimately trigger specific behaviors in individuals and groups that impacted the operational environment in a way that is beneficial to those who operate the bots.
You are coming up on your last year of coursework before you begin your dissertation. What will your dissertation focus on?
It will fall within the social network analysis lane. I will look at what is happening within information actors, how messages or organizations are manipulating the information environment. That doesn’t necessarily mean that it’s all about human behavior. It’s also botnet behavior that is manipulated by humans that are trying to change the behaviors of the end users, whether that is influencing us to vote a certain way, or buy a different product like laundry detergent, or to go to a certain location.
There is a continued need for academia to conduct exploratory analysis across the information environment, thus enabling cybersecurity specialists to develop and update both hardware and software to counter malicious behavior, all the while stressing that education and informing users of how to operate safely is key to prevention of data leaks, password spillages, or unprovoked attacks in this vast domain.
You mentioned that one of the ways hackers or bots could use your personal information is to influence you to buy a product, like a different type of laundry detergent. Most people won’t be worried about laundry detergent. What kind of damage can cybersecurity attacks really cause?
In this day and age, the digital information environment continues to rapidly evolve, oftentimes with actors pushing misinformation with the intent of conducting behavior change targeting individuals to large corporations. One recent example is the 2021 ransomware attack against the Colonial Pipeline which disrupted the gasoline supply chain across the eastern seaboard of the United States. Investigators identified a compromised Virtual Private Network (VPN) password as the critical vulnerability in this attack. Ransomware attacks are perpetuated by malware that locks computer data behind a wall with the perpetrators demanding a ransom to unlock the systems.
Another example in 2021 was a cyberattack that disrupted COVID-19 vaccine scheduling web site in Central Italy. This attack caused mayhem for a region that had already been hit extremely hard by the pandemic. Despite the attack, the Italian government pushed forward with vaccinations but with a temporary inefficiency as well as disruptions to those trying to get vaccinated.
Lastly, imagine a lack of electricity at a hospital or a power disruption to a city’s traffic lights. The bad news is that has happened with Supervisory control and data acquisition (SCADA) attacks. Off the top of my head, one attack of this nature was a 2015 attack at a Ukrainian nuclear power facility which affected hundreds of thousands of end users who lost power to include hospitals and traffic lights. A series of phishing emails allowed for penetration into their network which allowed for this event to occur.
Why do you think Cybersecurity Awareness Month is important?
These are some of the many reasons that Cybersecurity Awareness Month brings to the forefront. We are in our 18th year of Cybersecurity Awareness Month. That is important because we see this reflected across the U.S. as consumers become more connected to rapid information flow that the internet provides to us. From a quick credit card transaction at Walmart to a post that you add to your Instagram account, we need to synthesize how information is processed and what vulnerabilities are out there. Smart technology exists all around us. Alexa listens to what we say and security cameras monitor what we do. Our homes and workplaces are filled with more Internet of Things (IoT) each day which opens up routes for cybercriminals to penetrate The Internet of Things
What advice would you give people to keep themselves safe from cybersecurity attacks?
“If you are going to connect it, protect it.” It is imperative that you, as the user, ensure that software updates are made to your digital devices when they are published. This is a pretty easy task to accomplish. Users must continually remain vigilant of what is lurking in the digital domain, software such as anti-virus (and ensuring it is up to date) is one way to mitigate risk.
Additionally, the use of VPNs provide an additional layer of protection, especially when using public Wi-Fi. Although neither are a failsafe, they do increase security making it more difficult for malicious attacks to occur. Keep your passwords secure! Don’t get fooled by phishing attacks!
With privacy settings, turn off your geolocation setting on your devices. There are a lot of in-app advertisements that are geared toward geolocation services. Geotargeted advertising uses location data to reach consumers based on what their phone or other device identifies as where you are at. You can opt in or opt out of these types of services in your locations services on your mobile device.
My last piece of advice is to think before you click. There is no delete button on the internet! Once you post something to YouTube or send an email, it’s already out there. And the reverse of that is true when you receive an email, use common sense, if the email looks suspicious or out of the ordinary, do not go clicking around on hyperlinks that are embedded in it!
