Emma Egan-Lawless, Gurshaan Madan, Benjamin Tan, Sheng Wei Pang, Tiffany Chiang, Matias Silva Johnson

Today, cyber security is one of the biggest challenges that society is facing. The following cases were explored to emphasize the pertinence of addressing cyber security, as its importance will only grow in coming years with the rapid pace of technological advancement.

Living the in the Internet of (Every)Things, our society has become increasingly linked to technology when we rely on it to dictate almost all aspects of our day-to-day lives, amassing interconnected data at astonishing rates. In turn, the network effect exacerbates the digital interconnectivity of society. For example, Nikita Bier, founder of tbh, spoke about the app as an overnight sensation that quickly reached the top spot in the App Store free downloads with over 5 million downloads by October 2017. The app's popularity spread to the phones and minds of millions of teens across the nation. Waze also exemplifies a pure data network effect by allowing users to provide each other with real-time traffic, navigation, and location information that can serve to predict traffic patterns in the future. While the interconnectivity of IoT can be exciting, our society's addiction to technology and data is a massive challenge when mass amounts of data are subject to misuse. These datasets hold unimaginable amounts of vulnerable and personal information. Yet, as seen in many of the recent news of data breaches, there is a lack of emphasis on cyber-security to secure such private and powerful information. [1]

Perhaps the most well-known story, and certainly one the of the most amusing, is the report of attackers accessing a North American casino through their fish tank. According to the Washington Post, the "fish tank had sensors connected to a PC," which could also conceivably be connected to the casino's WiFi network. It was through this computer that the attackers gained access to the overall network. The communication between the computer and others on the network was not suspected until after the fact. And here lies the fallacy of technology: unless directed to look for suspicious packets of data, our machines will merely accept and process any information that comes their way. On a secure network, the devices connected would have no reason to suspect that inbound information would be dangerous. But if one target is compromised, even a fish tank, the assumptions that our security are built on could collapse, leaving us vulnerable to attack. And nothing needs to be this high tech - even simple attacks like phishing can cause devastating results, especially when used on the right people. It only takes a clever designer to be able to fool users into giving up their username and password on a malicious website. 2FA was developed as a way to combat this problem, but unless you use something like a U2F device, phishing attackers can mimic the authentication screen and immediately pass that information onto the legit server, gaining access to your account anyways. [2]

As society rethinks the concepts of cars and vehicles and transitions more to general mobility, data protection and cybersecurity have come up as key areas of concern for both consumers and manufacturers. Currently, semi-autonomous vehicles are the newest technological development; however, cars have been transitioning over to becoming IoT devices since the mid 2000's. As a result, the architecture of vehicles is increasingly reliant on computers managing the operations within the car. The problem is that protecting vehicles from security breaches has not kept up with computer integration. In 2015, Wired wrote an article about their experience working with hackers as they remotely took control of a Jeep's vehicular operations while the author was driving on the freeway. These hackers could not only change the AC and music settings but also disengaged the transmission while the Jeep was traveling at 70 MPH. As carmakers push the limit of what computers can do in a vehicle, it is very possible that a lack of foresight in cybersecurity development could be catastrophic and lethal. On the bright side, Cal alumni are leading the way to use data effectively and mitigating the risk for cyber security attacks. Forrest Iandola's work at DeepScale proves that significant technological advancement in the mobility industry can be achieved while maintaining a focus on protecting data.

There is a lack of proper security protocols in place to safeguard the interests of consumers and companies. In 2017, a data breach on one of the largest credit bureaus in the U.S., Equifax, led to about 140M consumers losing their personal information, including their Social Security Numbers, birth dates, and addresses. [3] The breach itself occurred around mid-May, yet the discovery only happened in July. The U.S. Department of Homeland Security located a flaw in a computer tool that Equifax was using but the latter was slow to remedy the situation leading to the breach. The tardiness in Equifax's response is not an isolated incident. In 2016, when Uber was hacked, personal information of users, such as 600,000 driver license numbers, was obtained. [4] Uber offered to pay the hackers $100,000 to destroy the data and only notified the public a year later. In this case, Uber was not only tardy in its response but also unprofessional in the way the matter was handled. With multiple incidents of data breaches happening each year, it is slated that such incidents will only be on the rise. Cyber-security remains as a tough issue to grapple with because corporations either chose to protect their reputation by hiding information or they lack proper safety nets to protect the end user. It is imperative that relevant protocols are set by these companies or imposed by the government to see a change in this upward trend.

Cyber attackers, including those from hostile nation-states, are aiming their sights on critical infrastructure for a couple of reasons. Few things can cripple an economy and leave a population vulnerable as quickly and efficiently as shutting down utilities, oil refineries, etc. According to a 2016 energy study by Tripwire, [5] more than 75 percent of over 150 IT professionals in the energy, utilities, and oil and gas sectors, said the number of successful cyberattacks in their organizations has increased in the past 12 months. This means that hackers breached one or more security controls, such as firewalls or antivirus programs, with the potential to cause physical damage to critical infrastructures. Admiral Mike Rogers, director of the NSA, agreed; the U.S. government has identified 16 areas in the private infrastructure that have "significant implications" for the nation's security. Further, he highlighted that the nation's power grid wasn't built over the past several decades with "cyber intrusions" in mind; most of the electric utilities in the U.S. used Windows XP as recently as 2014, which is an outdated operating system left the utilities vulnerable to breaches. Last September, USA Today reported [6] that attackers had successfully compromised the U.S. Department of Energy's computer systems 159 times between 2010 and 2014. The National Nuclear Security Administration, an agency within the Energy Department that is responsible for managing and securing the nation's nuclear weapons, suffered 19 successful attacks during that time.

With the rise of cryptocurrencies prices and its mainstream adoption, cybersecurity is a huge issue now more than ever. Since these new kinds of assets are digital, they are easily traded across borders and with some knowledge it could be untraceable. Cyber-crimes make a profit of nearly 200 billion dollars around the world every year, and with the help of cryptocurrencies, this number is only going to increase. As we have already seen in 2017, cybersecurity threats hit an all time high in Q4, according to the March 2018 edition of the McAfee Labs Threat Report. We have seen huge amounts of hacks into cryptocurrency exchanges or personal wallets, ICO scams, phishing scams, and different types of cyber-crimes related to digital currencies. Cryptocurrencies are normally judged because of their use to launder money and help terrorism funding, but that is not the only face of the coin, the technology behind it is a game changer, that is why bad actors have been taken advantage of this new form of money faster than mass adoption. The biggest problem with security over digital assets is that many people doesn't understand the technology and how to store their funds in a safe way. We have to educate people and also embrace regulations so we can fight against this new types of crimes. [7] [8]

[1] Weiss, Gigi Levy. "Network Effects Are Becoming Even More Important On Emerging Platforms." Forbes, Forbes Magazine, 19 Mar. 2018, www.forbes.com/sites/startupnationcentral/2018/03/18/why-a-network-effect-is-the-onlyway-your-startup-can-win/#13322d467527.

[2] Schiffer, Alex. "How a Fish Tank Helped Hack a Casino." The Washington Post, The Washington Post Company, 21 July 2017, www.washingtonpost.com/news/innovations/wp/2017/07/21/how-a-fish-tank-helped-hack-acasino/?utm_term=.dcd4b0e87eb6.

[3] Gressin, Seena. "The Equifax Data Breach: What to Do." Consumer Information, The Federal Trade Commission, 8 Sept. 2017, www.consumer.ftc.gov/blog/2017/09/equifax-data-breach-what-do.

[4] Armerding, Taylor. "The 17 Biggest Data Breaches of the 21st Century." CSO Online, CSO, 26 Jan. 2018, www.csoonline.com/article/2130877/data-breach/the-biggest-data-breaches-of-the-21st-century.html.

[5] SCCE. "Cyber Attacks on Critical Infrastructure on the Rise." The Compliance and Ethics Blog, 23 Dec. 2016, complianceandethics.org/cyber-attacks-critical-infrastructure-rise/.

[6] Reilly, Steve. "Records: Energy Department Struck by Cyber Attacks." USA Today, Gannett Satellite Information Network, 11 Sept. 2015, www.usatoday.com/story/news/2015/09/09/cyber-attacks-doe-energy/71929786/.

[7] Bisson, David. "Cybercrime Profits Total Nearly $200 Billion Each Year, Study Reveals." Security Intelligence, IBM, 21 Mar. 2018, securityintelligence.com/news/cybercrime-profits-total-nearly-200-billion-each-year-studyreveals/.

[8] McAfee. RP Quarterly Threats. McAfee, Mar. 2018, www.mcafee.com/us/resources/reports/rp-quarterly-threatsmar-2018.pdf.

Tagged , , ,