What is cybersecurity? Chances are you’ve heard this term tossed around. Credit card information stolen, classified data compromised, even the private photos of your favorite celebrities uploaded for the world to see — these are some examples of the consequences of poor information security. Cybersecurity is the field which protects information technology and aims to prevent cases like those, where the costs range from online embarrassment to a real-world disaster.
Does disabling the GPS function of your device make it impossible to track you? What is the purpose of a Virtual Private Network, or VPN? Did you know people can access your personal files, encrypt them and ask you for money to decrypt them?
If you scratch your head in confusion, don’t feel alone. A national survey conducted by Pew Research Center about cybersecurity issues shows that the average respondent answered only five out of 13 questions correctly. These results suggest there is a long way before people understand the basics of the field, and this is worrisome.
What is it about cyber-security that makes it a challenge for people to understand it? DC Grant, Lecturer in Information Technology at the University of Washington Tacoma believes “a lot of people feel like the technology that’s in place is difficult to learn so they avoid it, and therefore they can’t understand the mechanics.”
Grant believes it does take some time to understand cyber-security, but the processes are clear and by understanding them, people are better equipped against attackers. The attackers, or adversaries, are usually ill-intended individuals who employ many tools and tactics to cause damage to their opponents. Using a rootkit, for example, allows anyone access to a computer system and its files, while a phishing attack focuses on tricking its target into clicking a malicious link, infecting their computer in the process.
The importance of cybersecurity grows exponentially as technology advances. As more of our devices connect to the Internet, we must take more security precautions.
“Technology has been made to make life more convenient. Convenience and security are a direct tradeoff; the more convenient, the less secure.” said Grant.
The automotive industry, for example, continues adding Internet connectivity features to cars. Security researchers Charlie Miller and Chris Valasel hacked a Jeep Cherokee using its Internet connection, making it come to a halt in the middle of a highway. Remotely, they were able to control the brakes, steering wheel and acceleration. Uber began testing self-driving cars recently, hoping to safely transport customers to their destinations in autonomous vehicles. It wouldn’t be hard to imagine the consequences of someone maliciously hijacking these cars’ systems.
A common misconception about cybersecurity is that it mostly deals with loss of credit cards or other personal information. While this is an issue, the consequences are relatively small compared to the threats of cyber-terrorism. Important systems in industries, such as water supply and power plants, are now linked together over networks, and these networks aren’t hack proof. In 2007, the Idaho National Laboratory, home for nuclear research facility, conducted an experiment to demonstrate the threats of cybersecurity. Hired hackers were able to physically destroy a power plant generator with only 21 lines of code. Video of the Aurora experiment was declassified in 2011 to raise awareness about cyber threats.
Grant believes the exploitation of vulnerabilities in critical systems has a “cascading effect throughout the rest of technology and can take down systems, infrastructure, and other components that would cause us a lot of pain.” He uses the example of hackers infiltrating and modifying water and sewer systems. If the sewage backs up, the water supply doesn’t come out. These individuals can also get into electrical systems and take down components, causing failures that would ripple throughout other parts of the grid.
“If we don’t have electricity, the networks are not going to work for very long, and the computers won’t do us as much good,” Grant said. He also says that without water and electricity systems, infrastructures relying on those will “begin to collapse over time.”
While many of the issues regarding cybersecurity seem complex and only concerning to technology experts, any average person can purchase inexpensive gear online and conduct their own cyberattacks. There is a marketplace for these tools that doesn’t require advanced programing skills to utilize. A quick video tutorial might be enough to learn how to do a DDoS (denial of service attack). This ease of access to exploits should further motivate people to understand how to protect themselves against online threats.
Information security begins at a smaller, personal level. People don’t need to be computer scientists or IT experts to follow safe online practices. As the Pew Research Center survey shows, 43 percent of people are unsure of what a safe password is, and 71 percent don’t know how tracking works on their mobile devices. How many times have you connected to suspicious Wi-Fi spots or left your Bluetooth connection open? This could enable hackers to steal your information. Cloud storage makes life easy for many and miserable for others — just ask those who have had their pictures leaked online. Don’t upload sensitive information or personal material to these services, because they can be easily accessed and released for others to see.
Grant recommends the use of encryption tools to protect information, as well as saving this material to external hard-drives. He also recommends people read social media services terms and conditions, as whatever content you upload to these sites might end up belonging to them — and they can use it however they like.
It is difficult to educate people about the concept of cybersecurity. Many steer away from it because they believe it’s too complex and intimidating. The challenge then is to disperse the misconceptions and highlight the importance of information security in our Internet-dependent society. Different institutions play a role in bringing awareness to cybersecurity. Different institutions, like the media, play a role in bringing awareness to cybersecurity.
Schools should begin offering classes in information security as part of their student’s curriculum. The University of Washington aims to raise “community awareness, partnership for research, and education,” said Grant.
UW Tacoma’s information technology program, which teaches the fundamentals of cybersecurity and technology, has experienced rapid growth over the last few years. There is high demand for cybersecurity professionals, and the school’s program wants to develop the new era of Cyberwarriors. Given the threats we face, we definitely need them.