Skip to content
  • Print

Cyber Scene Investigation

In our connected world, cyber threats are an unfortunate reality. However, these threats have opened new opportunities for those with the skill and motivation to stop them.

We've all watched that scene from that movie.  You know, the one the adventure thriller where the hero has to outsmart the really smart, really tech-savvy bad guys.  Sitting in dark rooms with just the light from their computer monitors for illumination, the bespectacled criminals have broken into the network of a financial institution and are threatening to sacrifice the U.S. economy unless their demands are met.  There is also the other scene from that other movie where the criminals, still sitting in the same dark room are threatening to launch a nuclear war unless their leader is released from custody.

While it is easy to think of cybercrime and cyber security as Matt Damon in a Hollywood blockbuster, the reality is much less entertaining.  If we've seen those movies, there is no doubt we have also seen the headlines. The news is regularly filled with a new retailer, bank, or even branch of government that was the victim of a cyber attack. While they do not all result in theft of personal information, they all reveal the vulnerabilities of these institutions and the data - yours and mine- that they hold.

Most of us have an idea of what cybercrime is, and what hackers - both those acting on their own and those employed by foreign governments - can do with the data that they access.  So, putting Hollywood visuals and casting aside, what is cyber security? Simply put, cyber security is the umbrella term that applies to the various ways in which information systems are kept secure or even more broadly as keeping cyberspace safe (Department of Homeland Security).  This means that such components of an information system, such as the network, and all hardware and software connected to it, are not compromised to ensure the integrity of the information that it gathers and stores.  As one can imagine, keeping all of the facets of a modern information system secure is no small feat.              

So, what is the threat faced by cyber security experts?  Hacker attacks, aimed at banks and companies to obtain customer account information appear regularly in the news.  However, this is far from the only way that the threat to systems can manifest.  Devices that store and transmit data face the threat of being hacked and having their users' data stolen. This could range from information stored on your smart phone (browser history, text messages, voice memos, GPS location) or even tracking your heart health (if you wear a personal fitness monitor).  While it may seem like a television plot (and will sound especially familiar to fans of Homeland), there is also the potential that medical equipment, including implants such as pacemakers, could be vulnerable to attack, placing patients at risk. The criminal purposes to which a data attack can be aimed span a very broad horizon.            

The potential targets of a cyber attack go beyond the personal (banking accounts and personal devices) and have the potential to impact national and global infrastructure. Power grids, water treatment plants, and even nuclear reactors, and are all examples of infrastructure that could be vulnerable to attack. Hackers working for foreign governments have also surreptitiously accessed government and military networks. Not all of these attacks have ended with stolen information and its disclosure.  The value for some of these attacks is for the hackers to see if they can get into and out of the targeted network without being detected.  This will allow them to size-up how robust the security protocols are and, in the event of an actual attack, take down a network or access information.              

As described, 'cybercrime' is a very broad term. So, how exactly do hackers perpetrate these attacks?  They use a variety of means to exploit weaknesses found; for example, a network's security authentication or by gaining the trust of unwitting users.              

While the criminally-inclined can do great damage by gaining physical access to a network or to a piece of hardware, attacks often occur through backdoors. This refers to the situation where one finds a way to go around the normal security authentication process. The expression 'keep your enemies close and your friends closer' is applicable to the realm of cyber security because those with a nefarious purpose do not have to be from the 'outside.' For example, an individual who rightly possesses a certain level of security authentication may covertly access higher security clearance than that to which they are entitled.  This is an example of privilege escalation. Though the argument can be made that subterfuge undergirds many of the ways by which criminals can commit cybercrime, perhaps the most obvious to fall under this heading are spoofing and means which utilize social engineering.   

Spoofing, where a communication emanating from an unknown and dishonest source is made to appear as though it is from a known source, has made email reading more treacherous. Information, such as passwords or account information, can be gained because users believe that they are giving the information to a reliable source (for example, a retailer's Help Desk). Though clever spoofing attempts can fool users, many users are likely aware that the 'To' and 'From' lines of their email may be tampered. What can be more difficult for the potential victims of an attack to guard against are attacks that fall under the category of social engineering. Such attacks seek to gain passwords, account numbers, and credit card information directly from the owners, often through disguise or impersonation. While spoofing might be considered an example of social engineering (or at least, a close cousin), the permutations of a social engineering attack can take on many forms depending on the information that is the object of the attack.              

Cyber threats constantly change as technology changes. With this in mind, how can companies, governments, and individuals protect themselves from being victims of cybercrime?  Certainly, they can take standard precautions - making sure that passwords are strong and changed regularly, maintaining strict adherence to security protocols, among others. However, a long-term answer to the problem will involve training more cyber security specialists. The bad news is that there are currently too few people with the cyber security skills necessary to keep networks and data safe from attack.  According to Burning Glass Technologies, there are multiple indications that there are not enough cyber security specialists to meet the current need, let alone the need in the future. One such indication is that job postings for cyber security positions have outpaced openings for IT positions, but take longer to fill. The good news is that people entering the field will likely experience a good job market coupled with high pay.  The same report by Burning Glass on the state of the job market in cyber security found that cyber security specialists earned about 9% more than IT workers.               

Universities, companies, and other institutions are trying to fill in the skills gap by offering degrees and trainings in cyber security. Cyber security is needed in all sectors, including for example, sectors related to national defense. However, because so many attacks focus on obtaining data, it should come as no surprise that industries that collect and store large quantities of data would be in special need of cyber security specialists. This was the finding of Burning Glass's study, which found that while the sectors with the highest demand for cyber security specialists were such sectors as finance and defense, the greatest increase in demand for cyber security specialists is in sectors that store large amounts of data such as finance, healthcare, and retail.              

People entering the cyber security field will need not only to gain technical skills, but must also have knowledge pertinent to their particular sector. Areas such as finance and healthcare have very technical regulatory systems that a cyber security specialist working in those sectors would need to understand. This is because a cyber security expert must understand the regulatory system - its scope, required information that must be stored, and additional details - to understand a company's legal obligations.  This may also help a cyber security team to better understand the most likely paths that a hacker would take to perpetrate an attack. The addition of gaining skills and knowledge that are sector-specific may make the appeal of university programs that incorporate interdisciplinary approaches greater. Because of the complexity of this field and the breadth of knowledge required from various disciplines, it is more likely that the training and educating of new cyber security specialists will not be possible in short training courses, but will instead require the expertise found in a college or university.              

In an increasingly interconnected world, the need to make sure that information systems are secure becomes all the more important. The threat that cyber crime poses spans the breadth of fraud and financial crimes and goes into other categories of criminal offenses not all the more important. The threat that cybercrime poses spans the breadth and of fraud and financial crimes and goes into other categories not covered in this article (child exploitation, for example). Unfortunately, there are not yet enough people with the technical know-how available to fight cyber crime. Getting such would-be specialists up to speed will likely require more than an in-service or two, as many of the fields in which cyber specialists will work are heavily regulated and require familiarity with governing laws and regulations in addition to technical skills. This has created an opportunity for universities to offer programs in cyber security to fill in the gap that currently exists between demand for cyber security specialists and supply of people with the necessary skills. It is also an opportunity for students interested in this field.   

It is hard to imagine our world becoming less interconnected. Those entering this field will likely find that they will be in high demand, especially in fields that collect and store large amount of data. Institutions in these fields no doubt know that they and the data that they possess will be prime targets for those who would access this data. While those entering this field will need to learn both technical computer skills and the intricacies of the laws that govern particular sectors, such individuals will be in high demand to stop cybercrime.  

The School of Engineering and Computer Science is in the final planning stages of a new Master of Science in Cybersecurity. Stay tuned for the official announcement of this in demand program.