Firewalls, anti-virus software and a whole galaxy of tools are employed to secure our online world. There's a daily, ongoing battle between cybercriminals and the defenders of cyber assets — like Hassan Takabi, a computer science and engineering professor at University of North Texas.
Professor Takabi recently received more than $1 million in grants from the National Science Foundation. He discussed with us new efforts to increase cybersecurity as part of our science and technology focused Breakthroughs project.
» On developing a new defense system:
This is primarily focused on malicious inside attacks. To give you a brief background:
Insiders are usually people who are authorized to be in the system. They're the companies' employees and they try to access information that they are not supposed to have access to in the first place.
So compared to general cybersecurity, this is much more complex and much more difficult to protect because they are already in the system and have knowledge of your system.
» On how the system works:
We're trying to, essentially, increase the confusion.
Here's how any cyberattack works, basically: The first step for a malicious insider, in this case, is try to gather information about the system. We're using a combination of what is referred to as moving target defense techniques and deception techniques by creating fake resources that would be interesting to the attacker.
So, when malicious insiders go for it, they wouldn't get access to the actual file but, in the process, we would be able to catch them.
» On winning the battle for data security:
It's a cat and mouse game. This is not going to stop; as the technology advances really fast, so do cyber criminals. Whether organized criminal groups or state-sponsored, they also have access to that technology.
I don't think either side is going to win anytime soon, so we'll have to just keep fighting.
Part of that is trying to train more skilled workforce, because that is one of the issues the United States faces now — there is really a shortage of a skilled workforce in cybersecurity. The government has been investing in that in recent years, but there is definitely more work needed in that area.