4 minute read
Fighting the hackers
KEEPING OURDATA SAFE
By Chris Kocher
Nearly 30 years after the internet opened to the public, more and more of our data are online.
Financial records. Healthcare info. Social media. Personal photos and videos stored in the cloud.
The latest smart fridges text us when we’re low on milk, high-end cars email when they need servicing and home thermostats can be adjusted from anywhere on the planet.
We’re quickly approaching a Jetsons world of future wonders — but all those connections only make us more vulnerable to hackers. That’s where cybersecurity experts come in.
For years, researchers at Binghamton University have developed ways to make our internet experience safer. Those efforts became better coordinated in 2019 with the establishment of the Center for Information Assurance and Cybersecurity (CIAC), an organized research center directed by Associate Professor Ping Yang from Watson College’s Department of Computer Science. Yang arrived at Binghamton in 2006, after earning her doctorate at Stony Brook University, and she taught Watson’s first graduate cybersecurity course.
“Before 2019, we already had a strong cybersecurity research and education program, but there was not much collaboration among researchers,” she says. “Individual cybersecurity faculty members had limited exposure to the research that was outside of their expertise. So we submitted a proposal to the ORC [organized research center] program in 2019 to establish CIAC to facilitate interdisciplinary collaboration among cybersecurity researchers.”
Because cybersecurity touches so many areas, CIAC includes 25 faculty members from nearly every corner of campus: Watson College (of course), but also Harpur College, the School of Management, Decker College, and the College of Community and Public Affairs. Their research areas range from programming and computer engineering to security policy, education technology, mathematics and psychology.
MULTIPLE VULNERABILITIES
When most of us think about hacking, we see it as a software problem — and, worryingly, cybersecurity breaches in the past decade have exposed weaknesses in the fundamental building blocks of computer coding.
“Even at the level of computer architecture, people assumed that standard out-of-order execution designs are safe and nobody questioned their security implications,” says Dmitry Ponomarev, a computer science professor and CIAC associate director. “Recently, it was discovered that these architectures can cause significant security threats and leak sensitive information. As a result, now we have to rethink the entire processor architecture design with security in mind, and that shakes the foundation of what we’ve been doing for 40 years.”
NSA, Homeland Security endorse research from cybersecurity center
As an associate professor in the Electrical and an associate professor in the School of ManageComputer Engineering Department and a CIAC ment and a CIAC associate director. “Human associate director, Yu Chen looks at problems beings, as the users of computers, are the weakest from a more hardware-related, network infra- link in the chain. It’s necessary that we focus on structure-oriented point of view, such as how to the engineering side and the human side.” make processors, memory chips and communication facilities more impervious to meddling. THE FUTURE
“Cybersecurity has to cover both the applica- Last year, the National Security Agency and tion level and the infrastructure level,” Chen says. the Department of Homeland Security named “All the programs need Binghamton a to run on hardware National Center of platforms, so if the infrastructure is not secure, then your apps will be more likely THE LEVELS OF RISK Academic Excellence in Cyber Research, thanks largely to the collaborations that to be taken down by CIAC has inspired. hackers. With the To protect our digital systems, cybersecurity The designation puts research center, we experts need to consider five major layers the University among look from the root that are vulnerable to hackers. Anyone who an elite group of to the hardware and accesses one layer may also gain control of research institutions software levels system- layers below or above it. and opens doors for atically. We have a larger grant funding. cross-disciplinary Human That’s not just effort together to Controls Software application good news for Bingaddress all the aspects of the cyber systems.” Even a package of Risks identified at each level Database Operating system hamton, but for all of us. Cyberattacks will only become the best hardware and Hardware more frequent and software cannot protect sophisticated, and against the human there is a shortage factor, however. People of trained security make mistakes that lead to vulnerabilities, such professionals prepared for what is ahead. as having passwords that are too easy to guess, or Yang compared cybersecurity to an arms race: they deliberately leak information that can give “Both the hackers and the researchers will get hackers an entry point they can exploit. Dealing smarter. Recently, we’re seeing an increase in maliwith those issues is also part of CIAC’s mandate. cious software attacks on companies, universities,
“Even if you put in a security infrastructure healthcare systems and more. We also see many that is very robust like barbed-wire fences, you pandemic-related phishing scams, denial-of-service just need a single place where there’s a weakness attacks and attacks on the Internet of Things. We and that will be exploited,” says Sumantra Sarkar, need mechanisms to counter those attacks.”