Discussing the importance of cyber security
UPDATE (5/16/2017) – We checked back in with Dr. Obeng in light of recent concerns over the WannaCry ransomware. According to Obeng, “WannaCry is a malware attack, to which unsecured Internet of Things (IoT) devices are particularly susceptible. Malware attacks on the IoT are not unique to WannaCry; they have been around for a while. These malware search for open Telnet ports and then brute force their way into the devices, they then corrupt the target’s storage, in some cases destroying it completely, or encrypting it as in the case of WannaCry. This is what is called a Permanent Denial of Service (PDOS) attack.”
Further, Obeng states that many of the topics discussed as fears in this article are now a reality, citing cases of “smart” home devices being used as weapons and cameras and DVRs causing a massive internet outage.
“In all cases,” Obeng says. “hardware security and up-to-date operating systems are key.”
(Aug. 2016) – While cyberwar may sound like the plot of the latest sci-fi blockbuster, the realities of the phenomena are much more palpable. Few understand that better than Yaw Obeng, ECS member and senior scientist at the U.S. Department of Commerce’s National Institute of Standards and Technology.
In light of the 2014 hack on Sony Pictures, the suspected Russian hacking of U.S. Democratic National Committee emails, and the data breach of the U.S. government, in which the personal information of 21.5 million government employees was leaked, the scientists at NIST – specifically researchers like Obeng – have been shifting their attention to cyber security.
“Right now, everything that can be attached to the internet has been attached to the internet – right down to toothbrushes,” says Obeng, ECS Dielectric Science and Technology Division chair. “The question then becomes: How do we make sure that these devices are secure so they cannot be hijacked or compromised?”
(MORE: Read Obeng’s paper on this topic published in ECS Transactions.)
The answer to that question, however, may not be as simple as some would hope.
Software vs. hardware
According to Obeng – who previously worked at the innovation factory known as Bell Labs – the idea that these new technologies may make people vulnerable was not considered during initial development because there was no threat of cyber-attacks at that time. For that reason, security was never a top priority in creating the newest, most innovative technologies.
In addition to the early lack of emphasis on security, the divide between hardware and software also creates vulnerabilities that can be targeted by hackers.
“For a very long time we’ve had two domains: the hardware people, the Intels of this world; and the software people, the Microsofts of this world,” Obeng says. “But we have to have a holistic view of electronics – period.”
When hardware and software do not converge into one domain, it leaves gaps for device compromise.
For example, when development begins in the software stage, there is often not a great deal of consideration in how the software will inevitably integrate with the hardware. If the hardware cannot properly understand and store the software, vulnerabilities in security begin to arise. For Obeng, understanding materials and cooperating on design between hardware and software development could allow researchers to understand what could go wrong and how to prevent cyber-attacks.
The recent integration of medical devices, software, and operating systems with networking, has removed the previous relative cyber isolation of medical devices and created management and protection nightmare.
More than a computer virus
But the topics of hacking and cyber-attacks extend far beyond viruses on your computer.
“Someone could turn off the grid; planes could fall out of the sky,” Obeng says. “These are national security issues.”
These concerns are becoming more of a reality every day. Earlier this month, a piece of malware was found on the dark web that has the potential to do major damage on critical infrastructure, such as the energy grid.
Internet of Things
One reason countries are so vulnerable to cyber-attacks is partially due to the interconnectedness of things. The idea of networking multiple devices together to improve and streamline quality of life began to rise in the mainstream with the conception of the Internet of Things in 2013.
While the seamless integration of all items – from refrigerator feeding data to your smartphone – may be beloved by tech enthusiasts across the globe, it does cause serious security issues.
Take, for example, the hacking attempt on WiFi routers in late 2015. While router manufacturers set up individual security measures for each of its wireless routers (i.e. individual passwords, usernames, etc.), for a variety of reasons many manufacturers use the same media access control (MAC) address for every router. If a hacker gained access into one a router via the MAC address, they could theoretically gain entrance into every router of that type (hundreds of thousands of units) and consequentially compromise all devices connected to the router.
Putting up a barrier
Obeng believes the answer to these security breaches again depends on materials. Instead of giving a device a number, Obeng instead suggests material choice could once again provide a solution.
“We could give each device a physical ID; a material characteristic that is built into the device from the get-go,” Obeng says.
For example, Obeng and researchers at NIST have deterministically altered the local electrical properties of items, to create unique identifiers that could be used for identification and authentication online. That would give the billions of devices an ID that is specifically unique to the device. While that level of security would immensely improve upon the already implemented system, Obeng states that many security levels would have to be layered in order to heighten device security.
“Imagine if we could take that material characteristic and make that ID dynamic, so even if you hack into it today, tomorrow you cannot come back,” Obeng says. “If we can do that, at least we can put up a barrier.”
Solutions in sight
Electrochemistry and solid state science helped create many of the most popular devices we have today; from end products like computers and cellphones to core components like transistors and semiconductors. Obeng believes that the same field that created and conceptualized these technologies can now secure them and prevent technological compromise.
“The improved quality of life that’s supposed to come with all these wonderful things that electrochemistry has enabled have also become our vulnerability,” Obeng says. “I believe the solution lies in electrochemistry. Electrochemistry made these things possible so if we put our minds to it, we can make cyber security happen.”