Syracuse University Magazine

cyberEspionage.jpg

Experts from SU and around the world exchange ideas at an international workshop on economic cyber espionage, hosted by the College of Law in June. 

Photo courtesy of INSCT



Thwarting Attacks: A Multidisciplinary Approach

High-profile cyber attacks against U.S. targets escalated in 2013, when information began to be “vacuumed up” from such companies as Anthem, eBay, Home Depot, Sony Pictures, and Target. An April 2015 cyber breach of the U.S. Office of Personnel Management compromised the personal data of more than 21 million individuals. Hacks of corporate news wires so far have netted insider traders more than $100 million. The Pentagon now reports more than 10 million “garden-variety” cyber incidents per day.

But the next wave of cyber attacks likely will target computers controlling physical objects. In July, “white hat” hackers infiltrated a Jeep Cherokee’s electronic controls, taking command of locks, brakes, and steering. “Thanks to the Internet of Things, computer systems are everywhere,” says cybersecurity expert Shiu-Kai Chin ’75, G’78, G’86, an electrical engineering and computer science professor in the College of Engineering and Computer Science (E&CS). “There’s now a significant ability to access the physical world through virtual networks.” But how these abilities are used and regulated depends less upon what engineers make possible, and more upon what people will allow, Chin says. “It’s society’s norms, laws, policies, and incentives that shape what we do with our capabilities.”

Chin has a multidisciplinary outlook toward cybersecur­ity that is shared by a cross-campus team of professors—from law, computer science, economics, public policy, and information systems—working together to research and teach cyber topics. In June, the SU team was joined by prominent experts from around the world at Controlling Economic Cyber Espionage, an international workshop co-sponsored by the Institute for National Security and Counterterrorism (INSCT) at SU and the NATO Cooperative Cyber Defence Centre of Excellence. Along with Internet crime, financial intelligence, and critical infrastructure, the participants tackled the reform of often outdated laws that govern the Internet. In October, a follow-up workshop in Tallinn, Estonia, examined human rights in cyberspace.

It’s clear to Chin why computer engineers must work with lawyers, policy analysts, and others on cybersecurity solutions. “An engineer’s role, we tell students, is to support society, and for computer engineers, that means ensuring the safety, security, and integrity of computer systems,” he says. “At the same time they should know what boundaries and laws there are. Our first instinct is to fix a broken thing, but these days that might mean breaking a chain of computer crime evidence.”

In a broader sense, cybersecurity solutions must balance consumer expectations of unhindered networks, with legal protections on privacy and free speech, and with surveillance requirements of law enforcement, all while allowing trade and communication to occur instantaneously across national borders 24/7.

The possibility that a cyber attack—perpetrated via smart appliances—could take out the nation’s electrical supply is the subject of Smart Grid: Security, Privacy, and Economics, a graduate course team-taught by Chin and fellow E&CS professors Steve Chapin and Prasanta Ghosh; INSCT assistant director Keli Perrin G/L’04; and Professor Peter Wilcoxen, director of the Center for Environmental Policy and Administration at the Maxwell School. Exemplifying SU’s multidisciplinary approach to cybersecurity, this course teaches methods to secure the smart grid while balancing personal privacy and providing maximum market flexibility. No small task.

From an engineer’s perspective, a more secure Internet is easy to imagine. “What we need is for every command sent from every computer to be authenticated and authorized,” Chin says. But “authorization” means different things in different contexts. “And contexts are based on a society’s laws and policies,” he adds. “Small changes in context can drive big changes in engineering.”    —Martin Walls



Controlling Economic Cyber Espionage Workshop

SU Representatives

> William C. Banks, interim dean, College of Law; director, Institute for National Security and Counterterrorism (INSCT)

> Shiu-Kai Chin ’75, G’78, G’86, professor, Department of Electrical Engineering and Computer Science, College of Engineering and Computer Science (E&CS)

> Robert. B. Murrett, professor of practice, Maxwell School; deputy director, INSCT

> Sean O’Keefe G’78, University Professor and Howard G. and S. Louise Phanstiel Chair in Strategic Management and Leadership, Maxwell School

> Nathan Sales, professor, College of Law

> James Steinberg, dean, Maxwell School

> Laura Steinberg, professor, Department of Civil and Environmental Engineering, E&CS