Technology In Cybersecurity – Before We Get Into The Topic, Let’s Learn Some Basic Of This Topic
In this section, we’ll look at some of the most popular cybersecurity technologies and tools. Okay, what’s hot right now will be lukewarm tomorrow, but it’s a start.
We also assumed you’d be interested in learning which universities are conducting cutting-edge research in emerging sectors. We’ve hand-picked a few of the greatest schools, but there are many more. Inquire about it. There’s certain to be a group working on whatever topic you’re interested in, from military robotics to Smart Grid security.
Emerging Data Threats
The old IT world is coming to an end. Let’s set aside the shitstorm of aging computer systems for a moment and consider the threats posed by the Cloud, the Internet of Things, mobile/wireless, and wearable technology. Data that was once contained within systems is now being routed through a bewildering number of routers, data centers, and hosts.
- Furthermore, cybercrooks and hackers are becoming more sophisticated. For example, they employ:
- MiM (Man-in-the-Middle) attacks are used to listen in on complete data conversations.
- Fingerprint movements on touch screens can be tracked using spy software and Google Glass.
- Malware that scrapes data from point-of-sale systems
- Personalized attacks that steal precise information (instead of compromising an entire system)
- Firewalls, anti-virus software, and tool-based security techniques are no longer enough in these situations. According to a Gartner estimate, by 2020, “60 percent of digital firms would suffer catastrophic service failures due to the IT security team’s incapacity to manage digital risk in new technologies and use cases.”
- New solutions are required, and they must be implemented immediately.
Context-Aware Behavioral Analytics
- The issue is that businesses are being bombarded with worthless security notifications.
- Solution: Monitor and identify suspicious behavior/transactions using sophisticated behavioral analytics.
Context-aware behavioral analytics is based on the assumption that anomalous behavior equals criminal activity. Snowden gaining root access and copying 1.7 million data to a USB drive after hours? That’s not typical behavior. Is Target’s point-of-sale infrastructure experiencing unusual file movement and activity? That’s not typical behavior.
This is where data analytics can help. Companies should examine the context in which data is used, as Avivah Litan, a vice president, and Gartner analyst, observed in her briefing at the Raytheon Cyber Security Summit (see this December 2014 article in ThreatPost).
This behavior-based analytics method can be seen in the following examples:
Bioprinting – Bioprint markers include how quickly employees type and how they utilize a mouse. Phone printing, which analyses acoustic data to detect bogus caller IDs, is also being used by businesses.
Mobile Location Tracking – The location of a mobile device is a key indicator of its user’s behavior. Is a mobile device from a different city logging into several accounts? Will Robinson, you’re in danger.
Companies are already developing behavioral profiles of users, accounts, clients, contractors – even devices and peer groups – because humans are creatures of habit. Then they track how that behavior shifts from month to month and from device to device. If prior behavior does not match current conduct, the firm may have a security problem.
Third-Party Big Data — Let’s say a thief sets up a phony clinic with phony doctors to obtain patient insurance IDs and bill for bogus operations. Companies can use big data analytics to detect whether these so-called clinics are located in remote office malls with low populations.
Contractors and competitors are being targeted, according to external threat intelligence. Is there a link between certain accounts and fraud? Is it possible that hackers are employing the same IP blocks in several attacks? Understanding criminal conduct requires acquiring intelligence.
The problem, of course, is putting all of this data into a logical image. The security sector is still working on it, as the case of Edward Snowden demonstrates.
Next Generation Breach Detection
- Problem: Hackers are using “zero-day” exploits to gain a foothold in networks and systems and mine data for months (e.g., Target’s stolen credit card numbers).
- Solution: Create technologies that combine machine learning and behavioral analytics to detect and track security breaches back to their source.
Hackers have been using bespoke attacks on systems in recent years. Instead of launching a battalion at a wall, they carefully examine a system’s defenses before sending in the Trojan Horse, as Odysseus did. Most businesses are unaware that their systems have been hacked due to the volume, velocity, and variety of big data.
Instead of concentrating on the first line of defense, next-generation breach detection concentrates on what happens after the criminal has gained access to the system. It takes behavioral analytics (as described above) and adds even more tools to find the breadcrumbs left behind by a hacker.
According to the authors of a 2014 TechCrunch article:
“Rather than depending on signature detection, these businesses combine big-data techniques like machine learning with deep cybersecurity experience to profile and understand user and machine behavior patterns, allowing them to detect this new generation of threats. And, to prevent inundating security experts with worthless notifications, these businesses attempt to keep the number of alerts to a minimum and provide rich user interfaces that allow interactive inquiry and investigation.”
To put it another way, breach detection software can spot unusual movements and changes in a sea of data and establish that something is seriously wrong.
Virtual Dispersive Networking (VDN)
- Problem: MiMattacks target intermediary nodes and crack standard encryption systems.
- Solution: Break the communication into many sections, encrypt them, and send them over separate protocols and pathways.
Man-in-the-Middle (MiM) attacks, in which a hacker monitors, alters, or injects messages into a communication channel, are becoming a vexing problem for businesses. Parallel processing power can now break data that was once safely secured. SSL and Virtual Private Networks (VPNs) aren’t always effective at securing messages when they pass via intermediary channels.
That’s where Dispersive Technologies’ Virtual Dispersive Networking (VDN) comes in.
According to a Forbes article from 2014:
“[VDN] takes a leaf from now-traditional military radio spread-spectrum security techniques, in which radios randomly rotate frequencies or break up communications traffic into several streams, so that only the receiving radio can properly reassemble them. The Internet (or any network) is now the fundamental communications platform with Dispersive.”
VDN divides a message into numerous components, encrypts each one separately, and sends them across servers, desktops, and even mobile phones. Traditional bottlenecks can be totally avoided if the following steps are taken:
“The data also ‘rolls’ dynamically to the best paths, both randomizing the paths taken by the messages while also accounting for congestion or other network issues.”
As they whiz through data centers, the Cloud, the Internet, and other places, hackers are left scrambling to identify data components. Dispersive includes a concealed switch that also uses VDN to prevent cyber thieves from attacking the technology’s weak point – the location “where the two endpoints must connect to a switch to commence their encrypted interactions.” This makes it difficult to locate the switch.
Smart Grid Technologies
- Problem: Attacks on vital infrastructure have been made possible by smart meters and field equipment.
- Solution: Implement a variety of new security methods and standards to address the issue.
Here are a few takeaways from the DOE’s 2014 Smart Grid System Report:
- By 2015, an estimated 65 million smart meters will have been deployed across the country, accounting for more than a third of all power customers.
- Customer-centric technology (for example, programmable communicating thermostats, building energy management systems, web portals, in-home displays, and so on) are quickly becoming the norm.
- Sensor, communications, and control technologies are deployed in the distribution system, and these are combined with field devices to improve grid operations.
- Each of these technological advancements exposes a vulnerability in digital security. It’s no secret that cybercriminals would love to bring the nation’s electrical, oil, and gas infrastructures down.
In response, the Department of Energy is developing several instruments and policies to safeguard the energy sector. Here are a few examples:
- The padlock is a cybersecurity gateway developed by Schweitzer Engineering Laboratories that establishes encrypted connections between central stations and field devices. It’s made to detect tampering both physically and digitally. The Tennessee Valley Authority and Sandia National Laboratories are among the partners.
- Watchdog– Another Schweitzer invention is Watchdog. It’s a managed switch for the control system’s local area network that does deep packet inspection (LAN). It determines a collection of known and approved communications using a white list configuration approach.
- Seagate (Secure Information Exchange Gateway) is an acronym for Secure Information Exchange Gateway. It’s a data protocol that protects information delivered across synchrophasor networks on transmission systems from cyber attacks. It’s
- Grid Protection Alliance is working on it in collaboration with the University of Illinois, Pacific Northwest National Laboratory, PJM, AREVA, and T&D.
- NetApp is the brainchild of the University of Illinois. It’s a piece of software that allows utilities to map the communication paths between their control systems. In just a few minutes, you may conduct vulnerability assessments and compliance audits.
National Laboratories of the Department of Energy (e.g., Idaho, Oak Ridge, and the Pacific Northwest) have also been hard at work. They’ve been working on automated vulnerability detection, a situational awareness tool suite, next-generation secure and scalable communication networks, and bio-inspired technologies.
SAML & The Cloud
- Problem: Firewalls and standard security measures/policies are ineffective against cloud-based applications and BYODs.
- To reclaim control of business traffic, combine SAML with encryption and intrusion detection technology.
SAML (Security Assertion Markup Language) is an open standard data format based on XML that is used to exchange authentication and authorization data between parties. Although it is not a security solution in and of itself, some firms are using it in conjunction with SSO, encryption, and intrusion detection technologies to safeguard data in the Cloud.
BitGlass is one of these businesses. It decided to come up with a solution after seeing the emergence of the BYOD (Bring Your Own Device) trend and the expansion of programs like Google Apps, Salesforce, and others. As Enterprise Networking Planet’s Frank Ohlhorst explains:
“With SAML in mind, BitGlass created a proxy-based system to redirect traffic to cloud service providers via BitGlass technology, which secures access and traffic, logs activity, and even “watermarks” files and information for added security by embedding security tags into documents and other files to track their movement. Surprisingly, none of this affects the end-user. There is no software to install on endpoints and no modifications to end-user configurations.”
Data in the Cloud is tamed in this way. Companies are notified of incidents such as failed or unexpected log-ins, suspicious activity, and so on using an alert system. If a device belonging to an employee is stolen, security administrators can delete all company data without harming the user’s personal information.
Active Defense Measures
- The problem is that cybercrooks are becoming more active.
- Solution: Use techniques that can trace, or even attack, hackers to fight fire with fire.
In the field of cybersecurity, active defense mechanisms are a contentious topic. The concept is straightforward. Rather than waiting for the hacker to come after you, you take proactive efforts to prevent them from doing so.
Active defensive measures include the following:
Counterintelligence gathering entails a cyber professional going “undercover” to gather information on hackers, their tools, and procedures. It may be as easy as reversing malware research, or as nefarious as disguising your identity and shopping for malware on the Internet.
Sinkholing — A sinkhole is a regular DNS server that distributes non-routable addresses to all domains within the sinkhole to imitate the real thing. The purpose is to gather and analyze malicious or undesirable traffic by intercepting and blocking it. Read more about sinkholes in Brian Krebs’s blog entries.
Honeypots — Honeypots employ a bait-and-switch strategy. A honeypot is a computer, data, or network location that has been set up specifically to attract hackers. Honeypots are used by cybersecurity experts to investigate Black Hat methods, prevent assaults, and identify spammers, among other things. Although the concept has been known since 1999, applications are becoming more sophisticated.
Retaliatory hacking – This is possibly the most harmful form of security (and usually considered unlawful). Hacking back presents a slew of ethical issues: will you use your mission to bring down innocent third-party infrastructure? Will your hackers exact a tenfold retaliation in retaliation for your actions? Despite the dangers, the concept is gaining popularity in some quarters. (See this Washington Post piece from October 2014).
There’s also MonsterMind. According to Edward Snowden, the National Security Agency has been developing an automated tool that would search metadata repositories and identify and stop dangerous network traffic using algorithms. It could even retaliate against the server that launched the attacks.
Active defense methods can put you in perilous situations. Let’s imagine you wish to break into a hacking community. The gang, like the mob, may demand verification of your credentials. You may be required to establish a hacking reputation, participate in unlawful enterprises, and visit illicit websites (e.g. ones that peddle child pornography). None of this is permissible.
Keep an eye on the ongoing discussion over active defensive measures. It’s only going to become more contentious.
Early Warning Systems
- Hackers are increasingly targeting vulnerable websites and systems.
- Develop a system to predict which sites and servers will be hacked in the future.
Even though this concept is still in its infancy, we thought it was worth mentioning. Researchers at Carnegie Mellon have developed a “classifier” algorithm that predicts which web servers are likely to become malicious in the future using machine learning and data mining approaches.
Kyle Soska and Nicolas Christin used the Wayback Machine to test their classifier on 444,519 old websites. Their algorithm was able to predict 66% of future hacks over the course of a year, with a false positive rate of 17%.
The concept is based on the assumption that all susceptible websites have the same characteristics. For instance, the algorithm considers a website’s:
- Statistics about traffic
- Structure of the filesystem
- Structure of a website
Plus a slew of other “signature traits” to see if it has any common denominators with previously hacked or malicious sites. If it does, then preventative measures can be performed. Operators of websites can be notified. Search engines have the ability to filter off results.
What’s even more impressive is that the classifier is built to react to new threats. It is expanding in scope, even though it does not contain vectors such as poor passwords. It should be able to improve its accuracy as it absorbs more data.
University Research Initiatives
Carnegie Mellon University
CMU has a good reputation for cybersecurity research thanks to programs like the “classifier” (see the Early Warning Systems section above). The CyberCorps Scholarship for Service (SFS) program awarded it a $5.6 million grant in 2014.
CMU is home to the following organizations:
The world-famous Software Engineering Institute (SEI) is a federally supported research and development center (FFRDC) established by the United States Department of Defense. It is home to the CERT Division, holds conferences, and offers well-known training programs.
Picoctf – Picoctf is a computer security competition aimed at kids in middle and high school. It’s a cooperation between the Entertainment Technology Center’s Team Daedalus and Carnegie Mellon’s Plaid Parliament of Pwning (PPP) of Celeb. Both of these organizations are led by students.
Celeb — Cylab is a multidisciplinary security effort aimed at forming public-private collaborations between university faculty and graduate students and industry partners. These organizations collaborate to perform critical research and develop innovative security technology.
CMU is an NSA CAE IA/CD institution that provides a variety of undergraduate and graduate information assurance and cybersecurity programs (including a Ph.D.).
George Washington University
Harry Reid, Colin Powell, and – wait for it – J. Edgar Hoover are all alumni of GWU, which benefits from its proximity to the federal government in Washington, D.C.
There are two significant security institutes at GWU:
CSPRI (Cyber Security Policy and Research Institute) — CSPRI is a non-profit organization dedicated to promoting multidisciplinary technological research and policy analysis in the field of cybersecurity. It collaborates with both public and private entities. The Privacy and Civil Liberties Project, Creating a Building Code for Medical Software Security, and PrEP: A Framework for Malware and Cyber Weapons are all ongoing research projects.
The Homeland Security Policy Institute (HSPI) is a nonpartisan organization dedicated to bridging the gap between homeland security theory and practice. It produces policy studies and journal articles on cybersecurity concerns regularly, as well as hosting some security conferences and symposiums.
GWU is an NSA CAE IA/CD university that offers undergraduate and graduate degrees in cybersecurity in addition to a certificate.
- It’s no wonder that MIT has a strong reputation for IT research, given its history of Nobel Laureates and National Medal of Science honorees. The following are some of its major initiatives:
- The Computer Science and Artificial Intelligence Laboratory (CSAIL) is a research institute dedicated to computer science and artificial intelligence. This world-renowned laboratory is concerned with designing future information technology architectures and infrastructures, as the name implies (including security). For example, the RSA cryptography technique, which safeguards most online financial transactions, was developed at CSAIL. It is MIT’s largest research facility.
Lincoln Laboratory — Founded in 1951 as a Department of Defense Research and Development Laboratory, the Lincoln Laboratory performs research and development targeted at solving challenges of national security importance. It is involved in a vast variety of cybersecurity projects.
The Geospatial Data Center is a research group that looks into innovative technologies to improve the security of the nation’s information infrastructure. Large-scale simulation, cyber-physical security, big data, and holistic system data visualization are among the current efforts.
The Hewlett Foundation stated in 2014 that it would award $45 million to three universities (Stanford, MIT, and UC Berkeley) for cybersecurity research.
MIT has opted to concentrate on current policy issues (such as the protection of financial and medical data) as well as an emerging technology (e.g. self-driving cars, drones, etc.). Daniel Weitzner of CSAIL, who served as President Obama’s CTO from 2011 to 2012, will lead this new cybersecurity program.
- Stanford University, which is located near Silicon Valley, has long been at the forefront of technology development. It has three centers dedicated to cybersecurity:
- The Center for Internet and Society is a non-profit organization that promotes the use of the internet The cyber law center focuses on evolving legal theories in technological innovation and civil rights. Cybersecurity is squarely in the midst of the discussion, as anyone working in the sector can tell you.
Computer Science Security Lab – This is the group that is primarily concerned about cybersecurity. Cryptographic primitives/protocols, web security, and secure voting are all current research initiatives.
The Stanford Networking Research Center (SNRC) is a collaboration between IT companies and Silicon Valley businesses. Wireless access, Internet technology, and information services are among the three study directions.
It has also formed a cross-disciplinary Secure Internet of Things Project with UC Berkeley and the University of Michigan. Researchers will examine analytics, hardware/software systems, and, most significantly, the security measures required to safeguard the new world.
Stanford, like MIT and UC Berkeley, received $45 million from the Hewlett Foundation in 2014. The $15 million will be spent on the Stanford Cyber Initiative. This will cover a wide range of issues, including governance, trustworthiness, and the transdisciplinary difficulties that cybersecurity and networked information offer to humanity (for example, can we predict unanticipated advances in IT that influence security, civil rights, and society?).
UC Berkeley is a big, flourishing university with a lot going on thanks to excellent relationships and donors. You’ll be spoiled for options if you’re interested in cybersecurity research initiatives:
- The ACCURATE (A Center for Correct, Usable, Reliable, Auditable, and Transparent Elections) – The National Science Foundation funds ACCURATE, a multi-institution voting research center. It carries out research, publishes publications, creates teaching materials, and testifies before Congress.
- The Center for Evidence-Based Security Research (CESR) is a non-profit organization dedicated to conducting research that is based on evidence. CESR is a collaboration between UC San Diego, the International Computer Science Institute, and George Mason University that focuses on fundamental social and economic aspects of cybersecurity.
- DETER (Defense Technology Experimental Research Laboratory) — DETER runs DeterLab, a controlled testbed facility where researchers can try out security ideas in a real-world setting.
- Infiltration of Botnet Command and Control and Support Ecosystems — This study, a collaboration between UC San Diego and UC Berkeley, examines the botnet problem from all sides.
- Intel’s Secure Computing Research & Development Center (SCRUB) – SCRUB is a project funded by Intel that aims to make computing technologies safer and more secure for users. It is working on some topics, including mobile computing, software/hardware architectures, and analytics.
- TRUST – Team for Research in Ubiquitous Secure Technology TRUST is a well-known group with a variety of cybersecurity interests (e.g. financial, health, and physical infrastructures + the science of security) that was founded as an NSF Science and Technology Center. All of the projects are transdisciplinary in nature.
- In 2014, UC Berkeley became the third university to receive a grant from the Hewlett Foundation. It intends to use the $15 million to analyze the various future directions that cybersecurity could take. The Center for Long-Term Cybersecurity will be an interdisciplinary research initiative that will bring together researchers from throughout the university.
The University of Illinois at Urbana-Champaign
Although it lacks the name recognition of MIT or Stanford, the University of Illinois is dedicated to cybersecurity research (see the section on Smart Grid Technologies above). Breakthroughs are being made in the following areas:
- The National Center for Supercomputing Applications (NCSA) Cybersecurity Directorate – NCSA is a cutting-edge computing center that serves scientists and engineers across the country. It was founded in 1986. The Cybersecurity Directorate’s researchers and professionals focus on sophisticated cybersecurity applications, such as incident response and production security at NCSA.
- Blue Waters – One of the world’s most powerful supercomputers, Blue Waters is available for scientific research. The NCSA, UI, Cray, Inc., and the Great Lakes Consortium for Petascale Computation collaborated on it.
- Lab for Coordinated Science – CSL, which began as a classified defense laboratory in 1951, has grown into a high-powered innovation center. Researchers are considering security challenges in addition to developing next-generation IT technology.
- That’s not even taking into account the university’s initiatives in Cloud computing, universal parallel computing, multimodal information access, and other areas. (See a complete list of computer science research centers in Illinois.)
- Their success is mostly due to their education. The Illinois Cyber Security Scholars Program (ICSSP), which trains cybersecurity students in the newest technologies and approaches, earned a four-year, $4.2 million grant from the National Science Foundation in 2013.