Recent threats of Russian hacks mask what ASU computer science professors say is the most vulnerable aspect of cybersecurity: people.
Foreign hacks haven't affected the research of ASU professors, but several warned that current computer culture puts Americans at risk. They advocate for better interaction between law enforcement, consumers and their service providers.
"Humans will be the main focal point in terms of attack because humans are the weakest point, so technology should be tailored to support user’s preferences and their sort of patterns of usage of this technology,” said Dr. Gail-Joon Ahn, director of ASU’s Laboratory of Security Engineering for Future Computing.
Ahn's lab is a multidisciplinary research initiative that focuses on tightening authentication and predicting weaknesses in cybersecurity systems before they can become an issue.
“Computer security issues are not computer science issues anymore,” Ahn said. He said a multidisciplinary approach to security is necessary because of society’s multi-faceted use of technology.
But this diversity creates problems.
Ahn said computer systems need to identify and implement different levels of privileges for different users.
"In other words, we need to change our paradigm from system or server-centric decisions to user-centric," Ahn said.
He also advocates for greater communication between consumers and law enforcement. According to the Bureau of Justice, in 2005 “most businesses did not report cyber attacks to law enforcement authorities” even though 67 percent detected at least one cybercrime.
Ahn said less than 10 percent of cybercrimes end in an arrest. In order to crack down on cybercriminals, he suggests developing a sharing platform in which businesses can securely tip off law enforcement to suspicious activity in their systems.
On the other hand, ASU Computer Science Professor Partha Dasgupta, believes little can be done.
“How do you stay secure? You don’t,” Dasgupta said. “People are hackable, and that’s been the case forever.”
Dasgupta said the destruction that someone bringing down the internet would cause would be catastrophic and suggested people start talking about building a fallback that doesn't rely on internet.
“Almost the entire world’s infrastructure runs on the internet. So, you get your food because the internet works, you get your transportation because the planes are flying because of communication,” Dasgupta said.
Daniel Caruso II, a senior computer science major with a cybersecurity concentration, agrees with Ahn that there needs to be a paradigm shift.
“Companies really should be held to a legal standard involving personal information. Some companies don’t take it as seriously as they should. Everything should be encrypted,” Caruso said.
On a domestic level, Caruso stressed the need for better general cybersecurity education through more accessible information about the subject. Caruso stressed the importance of wiping computers before reselling them to protect things like bank information.
“Length is what it gets down to. You can get very long passwords that are arguably harder to break than shorter ones with random symbols,” Caruso said.
Ahn likened passwords to keys, because they have the same weaknesses.
“Authentication is the first gateway to access systems, services, even your home. You are using a key, right? A key is authentication," Ahn said. "But keys, physical ones, they don’t authenticate whether or not you are the right owner of the key. With cyber, it’s the same thing."
Ahn said that just typing in a username and password doesn't prove who owns an account, just as using the right key doesn't prove someone owns a home.
He has a couple of solutions. Biometrics, such as the fingerprint scanners on certain iPhones, could increase security, he said.
“Multiple factor authentication is necessary,” Ahn said.
Reach the reporter at chawk3@asu.edu
Like The State Press on Facebook and follow @statepress on Twitter.
