With more than a billion private records stolen by hackers in 2014, universities have finally started to up their game in cybersecurity and data-breach research—work that has previously taken place behind the closed doors of intelligence agencies like the NSA.
One such institution is the University at Albany, which announced its new data breach research laboratory late last year. The lab will explore best practices in incident response, containing the damage of an attack, and how to mitigate the effects of human error.
“If you look at the data breaches, most of the people in the past have spent time hardening their defenses and [it’s] failing and that is obvious from all the breaches that are happening because we have a weak link in the human,” Sanjay Goel, the director of the UAlbany-based NYS Cyber Security Center, tells the Daily Dot.
Researchers need to start looking at the networks and architectures within a company, says Sanjay, who will be heading up the lab, so that an entire organization isn’t exposed in a single breach.
“Can we create isolation zones where the rest of the organization can keep operating unaffected?” Sanjay said. “All of these things need to be investigated.”
The lab was officially announced in November, with software donated by computer forensics company ARC Group of New York, but the team is still putting all the components in place as well as opening up its new undergraduate program in digital forensics. “We have a lot of talented students working on these problems, we have all the software that need from companies like the ARC Group of New York so we have all the tools and the students there to work on the data-breach investigation problem,” says Sanjay.
“We’re trying to build a global threat observatory where we can put sensors around the globe and start collecting data into a data server, which we can analyze,” he adds. “There are multiple universities involved in this; we don’t have them all laid out yet so we can’t disclose them.”
By collecting huge batches of data globally, the researchers can analyze it all for recurring themes and trends, which could help locate the sources of threats or mitigate them. “If you find an attack in some place, can we correlate it with instances that are happening around the world?” Sanjay asks. “It’s all about data collection.”
Meanwhile at Oregon State University, a number of researchers from McAfee Labs are in the midst of teaching Defending Against the Dark Arts, a 10 week program on cyber security.
McAfee Lab’s Director of Threat Intelligence, Malware Operations, Christiaan Beek tells The Daily Dot that the classes show students what’s going in a particular threat space each week under the tutelage of an expert in that field. “For example, in the incident response week, the students receive training around the high-level principles and practices used,” he says.
“During the classes, labs are to learn the basics, followed by assignments that are real-scenario cases a researcher would face,” explains Christiaan. “For example, here are five malware samples, which would you give the highest priority. Here is a confiscated USB stick, can you analyze it for artifacts and how does it fit in the investigation, et cetera.”
The class, which currently has 60 enrolled students, covers several topics like malware analysis, incident response, and mobile security threats.
“What is different with other classes is that it is taught by people that work in the line of business from a daily base and share their insights in this world,” says Christiaan. “Sharing their passion and skills with the students, using real examples, it gives the students an insight you normally do not get otherwise than work inside a company.”
Much of this research has previously been carried out behind closed doors in the intelligence community but now academia is taking on an even greater role in solving our online security problems.
“Look at all the intelligence institutions,” explains Sanjay, “they’re all looking at these things. It’s just a lot of these things are not public.
“So what we’re trying to do is trying to put a public face for researchers to work on. Intelligence agencies have been looking these things for a long time so what we’re doing is starting an academic practice here.”
Recent data-breach controversies of the last year have primarily targeted large U.S. companies, like the hack of insurance giant Anthem early this month, but it’s still very a much global issue.
On the other side of the Atlantic, Queen’s University Belfast in Northern Ireland launched another new cybersecurity research initiative, the Leverhulme Interdisciplinary Network on Cybersecurity and Society (LINCS), which will commence work in September and examine a number of areas around cybersecurity and privacy. And in London, the Global Institute of Cyber, Intelligence & Security (GICIS) also recently launched new courses in cybersecurity, which aims to bridge gaps in information-security skills.
While plenty of the sharpest minds in cybersecurity researchers are tackling these issues more rigorously than ever, they’re all going to have their work cut out for them.
“We’re trying to attack a problem that is constantly changing, so that’s what makes it more challenging, more exciting,” says Sanjay. “The threats today are not the threats tomorrow.”
Illustration by Fernando Alfonso III