With the ever changing landscape of technology, the need to advance also pairs with the need to protect. While bringing benefits of convenience and problem solving, the digital connectedness of our infrastructure could create a vulnerable opportunity for cyberattacks. The ASU Knowledge Enterprise recently sat down with experts working with the school to prevent attacks while improving infrastructure.
The piece helps highlight various behaviors of attackers who prey on vulnerable people and businesses online. For experts who study these behaviors, it is easy to understand the dangers of weak cybersecurity protection. Adam Doupé, the acting director of the Global Security Initiative’s Center for Cybersecurity and Digital Forensics highlighted how easy it is for cyber criminals to exploit vulnerable points and encrypt important data. These ransomware attacks are only resolved when the victim pays for the data that was stolen. When these types of attacks first started, the cyber criminal would not earn more than a few hundred dollars, now with the advances in technology, it can be up to millions.
Assistant professor in the School of Computing, Informatics and Decisions Systems Engineering, Tiffany Bao discussed the ways AI can help address vulnerabilities in combination with game theory, a method that aims to find the best solution at the lowest cost.
“It’s like when you shop for a big piece of furniture. You really love it, you know that it will make your house pretty, but it’s huge. So then you need to think about whether you really want to buy it,” Bao says. “If you buy it, it comes with costs. You need to pay for it, maybe you will have to hire a mover or adjust your other furniture. Game theory gives you this nice way to model the costs and benefits.”
Jaimie Winterton, the director of strategy for ASU’s Global Security Initiative, focuses on the role of incentives in cybersecurity and how policy affects those incentives. One reason is due to the aging laws that were implemented in the 80’s and not updated to reflect the changes in technology.
“If we rethink the laws and policies around cybersecurity and assess what effects they’re actually having, then I think we’ll start to see how our incentives often undermine security,” said Winterton. “Then, we can figure out how to change them to make people, companies and the nation safer.”
The lag in policy updates is also noted by Diana Bowman, professor at the Sandra Day O’Connor College of Law. One solution to this problem is “soft law,” a non-legally binding method to keep up with changing technology.
“When we’re talking about having legislation passed or a new treaty, it can literally take years of negotiation. By the time you actually get an agreement, the technology has moved on in many different ways. In many cases it’s not really the most effective way to regulate a technology or its applications,” Bowman says.