The connection of one computer network to another in the early 1990s created the internet, laying the early framework for what has become our main means of telecommunication today. With this innovation more than 20 years ago, however, came a host of personal and corporate issues most of us hadn鈥檛 considered: how to keep data stored on computers and servers safe.
Suddenly, passwords needed to be created, memorized or saved, and sometimes recreated every 90 days or less. Workers in every industry had the daunting knowledge when logging into a computer terminal hooked up to a corporate network that one weak password, one poorly configured software setup or one accidental click on a faux, malicious hyperlink might allow hackers access to corporate intellectual property, sensitive financials or internal systems storing personal medical information. Insecure networks have led to a spate of recent big-name data breaches including Sony, Equifax, Yahoo and local voter records, suggesting cyber security may long be an issue.
For how to ensure a more secure cyber-connected world, we went to Matt Bishop, professor of computer science at 嘿嘿视频 and a security advocate pushing for more resource allocation to train the next generation of cyber-security experts on how to keep hackers at bay. All industries are vulnerable, said Bishop, but the next generation of people who work in cyber security must learn the interplay of security issues between fields and obtain this knowledge through hands-on practice. Those people should also learn how existing cyber-security laws and regulations are upheld in certain industries and how new legislation should be shaped to protect companies and individuals 鈥 as well as to better prosecute hackers.
What remains is the need for universities and other schools to provide students the theory and also the real-world experiences necessary to understand cyber security.
Because security was largely an afterthought until the late 鈥90s and early 2000s, after many software programs companies already used were written, incorporating secure programs 鈥 and security in general 鈥 into existing and new systems has become a constant challenge. 鈥淰ery often people who write software weren鈥檛 taught to write software that is security aware,鈥 said Bishop. 鈥淲riting good code takes a lot of time, and it costs a lot, but that increases your time to market. So the question is: Will companies and customers be able to wait the extra time? The answer in most cases is probably going to be no.鈥
Indeed, technology still relies on humans, but the negative effects of cyber-security threats inevitably trickle down to the bottom line. If a large retailer鈥檚 website is hacked and rendered unavailable, for example, that could cost the retailer thousands of dollars in sales per day.
While students are taught cyber security at universities and colleges now, not enough people know security best practices, and, equally important, students don鈥檛 yet have enough opportunities to get personal experience writing and developing security-aware software, Bishop said. This is partially because computer science has multiple subtopics to study including programming, data structures, computer architecture, networking, graphics and logic, among many others.
鈥淚f you study algorithms, that鈥檚 your area of work. You will probably not be an expert in security programming,鈥 said Bishop. 鈥淭he problem is the entire structure of the software ecosystem.鈥
What remains is the need for universities and other schools to provide students the theory and also the real-world experiences necessary to understand cyber security; one way is by working with their own university鈥檚 information technology security group, said Bishop. At 嘿嘿视频, students often work with the information and educational technology department, he said. The computer science department also offers a class on research that discusses security problems related to government and other industries.
In addition, students need to learn experientially how and why keeping networks secure strongly relates to fields such as medicine, law and ethics, said Bishop. In health care, medical devices that connect to the internet, such as pacemakers and insulin pumps, are part of a new frontier for cyber-security threats; their systems may be vulnerable to exploitation, and that could affect how a device works, according to the U.S. Food and Drug Administration.
Finally, the next generation of cyber-security professionals would benefit from a deeper understanding of the legal side of the industry in order to better advise businesses and clients. In particular, in national and international jurisdictions, cooperation between authorities is necessary, but identifying the culprits of cyber-security crimes can be difficult the farther afield the networks are based, said Bishop.
鈥淭here are almost no laws relating to network security; prosecution is not very granular,鈥 Bishop said. 鈥淓ven though it鈥檚 obvious someone has done something wrong, they鈥檙e hard to prosecute.鈥