Cyberattacks affect major corporations, but are also becoming a homeland security issue. Insurance companies, adult-dating sites and U.S. federal agencies are among some of the groups that have been victims of cyberattacks over the past year. Even patients’ health lies in the hands of hackers, as we saw last month when a large Hollywood hospital endured a malware attack on its internal network that led to a system-wide shutdown. Hollywood Presbyterian Medical Center was forced to pay attackers $17,000 in ransom to restore operations.
Many organizations are adopting security frameworks, and according to The Global State of Information Security Survey 2016, conducted by research firm PwC, they are also leveraging cloud-computing technologies for real-time monitoring, analytics, advanced authentication, and identity and access management. Even top executives are playing increasingly prominent roles when it comes to cybersecurity.
The Massachusetts Institute of Technology’s Computer Science and Artificial Intelligence Lab (CSAIL) recently launched Cybersecurity@CSAIL, an initiative that aims to assist major companies in protecting themselves from these kinds of threats. Cybersecurity@CSAIL collaborates closely with industry partners for input that can shape real-world applications. The team of CSAIL security researchers approach the problems from a multi-disciplinary perspective to create test beds for organizations to implement and test tools.
Companies like BAE Systems, Visa and Boeing are all part of CSAIL’s initiative.
(Image Credit: CSAIL/MIT)
(Image Credit: CSAIL/MIT)“Our reliance on the web has been accompanied by increasing numbers of cybersecurity attacks that can have devastating effects on everyday people’s lives,” said Adam Conner-Simons, CSAIL Spokesperson. “Obviously, this is a huge problem, and will continue to be unless we put more resources towards finding a solution.”
Cybersecurity@CSAIL is composed of 50 researchers, including over 12 professors and principal researchers, all with the goal of preventing, working through and recovering from cyberattacks.
Most recently, the organization has been working on a series of algorithms aimed at optimizing, fixing and recovering code. The researchers created a system for automatic bug repairs called CodePhage that repairs bugs by importing functionality from other programs without access to source code. In essence it detects the bug, takes healthy code from a public source, and then grafts it onto “unhealthy” software.
The researchers have also developed a technique called DIODE that can find overflow bugs, which occur when an application tries to put more data in a buffer than it can hold, by analyzing code.
The researchers have also developed a technique called DIODE that can find overflow bugs, which occur when an application tries to put more data in a buffer than it can hold, by analyzing code.
When it comes to cyberattacks, there is no common beach, said Conner-Simons.
“We aim to understand the breadth and depth of different security issues, because they affect citizens and companies on a massive scale,” he said.
While Cybersecurity@CSAIL is working with specific companies toward combating different threats and growing its defenses, the organization aims to create overall solutions through its works—“to create security by ‘default’ and remove program error as a source of vulnerability.”
The ultimate goal is to develop a real-life test lab where researchers can test for attacks, conduct red-teaming exercises and engage the MIT security community in hacking challenges.
“There isn't one catch-all solution, but we think that the first step is creating dedicated initiatives like Cybersecurity@CSAIL to look at such problems holistically and across multiple computer-science disciplines,” said Conner-Simons.
One such hacking experience took place at the university earlier this month, when MIT CSAIL students got together with Cambridge University students for a “capture-the-flag”-style hackathon that blended student teams to overcome a series of challenges, which included lock-picking, password-cracking and code-breaking.
MIT and Cambridge University students participate in a variety of hackathon events earlier this month. (Image Credit: Jason Dorfman/CSAIL)
MIT and Cambridge University students participate in a variety of hackathon events earlier this month. (Image Credit: Jason Dorfman/CSAIL)The event was initiated by President Obama last year in an attempt to collaborate and gain more knowledge regarding cyberattacks and how to combat them.
“It was very successful towards the goal. CSAIL and University of Cambridge are both hopeful that this is the first of many collaborations aimed at harnessing the two nations’ collective brainpower,” said Conner-Simons.
This is just one way groups are forming to defeat the ever-growing threat of cyberattacks.
According to Bank of America Merrill Lynch, cybersecurity spending represents anywhere from 5% to 10% of IT budgets at major corporations, which isn’t large to begin with. Now major companies are forming dedicated groups to target these attacks.
IBM recently purchased a cybersecurity firm and formed a 3,000-person cyberattack-response team. Even the government is on-board—The Department of Defense recently launched the “Hack the Pentagon” initiative in which vetted hackers are invited to test the department’s cybersecurity under a unique pilot program, making it the first cyber bug bounty program in the history of the federal government.
As threats increase, organizations are gearing up to defend against cyberattackers.
