23 March 2016
According to global security advisor and futurist Marc Goodman, “If you control the code, you control the world. This is the future that awaits us.” The scary thing is, he could be right.
Everything is now connected, from the gadget in your pocket and the electronic systems in your car, right up to your bank account, the public transport network and our water supply. Everything. All the systems that we rely on to live our lives are now connected via the Internet, and things could go terribly wrong if we lose control.
Just last month, hackers allegedly infiltrated the central bank in Bangladesh, transferring $US81 million to personal accounts in the Philippines directly from the Federal Reserve Bank of New York. It sounds like a scene from a Hollywood movie, but the potential for cyber criminals to disrupt our world is very real.
Understanding how to deal with cyber security and ‘control the code’ is going to be a steep learning curve for all of us. In order to conquer the complex challenges presented by cyber crime, close cooperation will be required between the corporate sector, governments and universities.
Thankfully, things are starting to move in the right direction. Late last year, the Victorian government announced that they would establish a high-powered cyber security facility in Melbourne, to be known as the Oceania Cyber Security Centre (OCSC). The OCSC will bring together eight Victorian universities, the Defence Science Institute, major private sector partners and a partnership with Oxford University’s world leading Global Cyber Security Capacity Centre.
The centre, which will be one of our region’s most important cyber security hubs, will be directed by Associate Professor Carsten Rudolph.
Assoc Prof Rudolph is well aware of the dangers presented by our interconnected world. “In principle, if you look at larger networks, you have to accept the possibility that someone might hack (or has already hacked) the system,” he said.
According to Assoc Prof Rudolph, everybody needs to know about, and be aware of security issues, particularly in the development of new systems. “It shouldn’t be something you only think about once you get to the end of a project,” he said. “Security implications need to be considered right at the start, before any design decisions are taken. In addition to increasing security, integrating security mechanisms in the design phase might actually enable more efficient implementations or enable new types of applications.”
Assoc Prof Rudolph, who is an expert in security protocols and hardware-based security, only moved to Australia recently. Prior to joining Monash University’s Faculty of Information Technology, he was leading a research department at the Fraunhofer Institute for Secure Information Technology in Germany.
In fact, the Faculty of Information Technology at Monash houses a group of internationally recognised cyber security researchers, which includes cryptography experts Dr Ron Steinfeld and Dr Joseph Liu.
Dr Steinfeld’s research is focussed on developing algorithms that will be able to withstand an attack by a quantum computer and Dr Liu has been working on methods to enable efficient searching within encrypted data. It sounds high-tech, but according to Dr Liu, this is technology that almost all companies are going to need to adopt.
“If you store sensitive data, such as credit card numbers or health records or anything like that, the data should be encrypted,” Dr Liu said. “A firewall is a good first line of defense, but it’s not enough. Encrypting data is essential for good security.”
Dr Liu went on to explain that while firewalls may be breached, it’s ‘computationally infeasible’ for a hacker to figure out a decryption key. It could take them 20 years, or longer!
One of the problems with encrypting all this data is that generally, organisations don’t want to lock it away for ever. They need to be able to use it, and that means searching within it. “But we don’t want to have to decrypt the data, or even reveal the search term,” said Dr Liu. “What I’ve been working on is improving the efficiency and enhancing the security of that search process.”
Dr Liu and Assoc Prof Rudolph will soon be heading to China, where they will meet with colleagues from Jinan University to launch a joint cyber security lab. The partnership will encourage collaborative research projects and student exchanges between the two universities. It’s an exciting opportunity, as Jinan University is so involved in the area of cyber security that they have a whole faculty dedicated to it.
While Monash operates on a slightly smaller scale, the academics are no less highly respected. Dr Liu and Dr Steinfeld both won awards for research papers they presented at prestigious conferences recently.
Yet all the expertise in the world is little use to anyone if the knowledge stays with the professors. Through the comprehensive courses on offer, Monash University aims to prepare all undergraduate Information Technology students with the knowledge they need to meet the cyber security demands of the future.
Part of the process of understanding cyber security is learning how to hack a system. “We call it ethical hacking,” said Dr Robert Merkel, a lecturer in Information Technology at Monash. “Once someone has a grasp of those skills, it allows them to test their own security measures, rather than hiring outside hackers, known as ‘penetration testers’ to undertake that work. It’s the closest we get to James Bond style hacking,” he added.
For students who want to go deeper, or non-IT professionals who need to broaden their knowledge, Monash University also offers courses such as the Master of Networks and Security.
The cyber security challenges that we face go beyond individuals, or even individual countries. It’s going to take a concerted international effort to secure our future, right across the spectrum of research, education and industry. Monash University is already on board. Are you ready?