The Internet of Things (IoT)
“There are a number of problems with ushering in the era of the Internet of Things (IoT), which all center on the security capabilities of the connected system,” writes Nick Ismail of Information Age magazine.
The Big Hitter
Aron Laszka, Ph.D., an assistant professor in the Department of Computer Science in the College of Natural Sciences and Mathematics at the University of Houston is making a name for himself in this very field. His recent work involves securing the IoT. This concept, simply put, involves computer chip-outfitted devices like smart thermostats, smart cameras and other “things” sensing, collecting and sending information to the Internet. Laszka, originally from Hungary and a former postdoctoral scholar at the University of California, Berkeley, studies how large-scale systems — like the power grid— are kept secure.
Bug Bounty Hunters
One way is through vulnerability reward programs (VRPs). These programs involve outside security experts discovering errors in software products and services. Known informally as “Bug Bounty Hunters,” these highly skilled hackers try to break into a company or even the government’s most well-secured data. Tesla and other influential companies have already initiated vulnerability reward programs. Google, in fact, provides cash rewards.
Make It a Game
Using AI and game theory to solve cybersecurity issues, Laszka knows better than anyone that these types of issues are a high stakes game. There are cyber-defenders and cyber-attackers – and the attackers may learn to adapt to the defenses of a network.
“If you know the enemy and know yourself, you need not fear the result of a hundred battles,” said Sun Tzu in The Art of War. By determining an optimal attack plan, Laszka comes closer to learning how to defend against those who would violate security. “This may involve setting up intrusion detection systems and focusing the defender’s attention on investigating security alerts that are signs of the most likely attacks,” says Laszka.
Homeland Security and Cybersecurity
Laszka is currently funded by the National Science Foundation (NSF) and the Department of Homeland Security. On November 16, 2018, President Trump signed into law the Cybersecurity and Infrastructure Security Agency Act of 2018. This legislation established the Cybersecurity and Infrastructure Security Agency (CISA). Criticized by some for not being comprehensive enough, this agency and its eponymous act, aim to maintain a certain level of security for constructs such as the electric grid and airports. In an article on cyberscoop.com, Robert R. Ackerman Jr. proposes six steps to begin fixing the cybersecurity issues in the United States government – one of which is by having the government define a level of expected cyber resiliency and produce a methodology to protect it.
Next Steps
The government would do well to allow Laszka and other experts in the field to be at the table for discussions on how to establish these guidelines and mitigate risks. In the meantime, there is a waiting list to get into all the undergraduate classes Laszka teaches. A new generation is learning how to secure information – the game is just beginning.
