Tech releases annual cybersecurity report

Photo by Sara Schmitt

On Sept. 28, Tech’s Institute for Information Security and Privacy (IISP) held a summit to discuss concerns about security and privacy in regards to technology and the internet.

Simultaneously, the IISP released its annual Emerging Cyber Threats, Trends and Technologies report to the public, containing expert-written detail about current and future issues relating to technology as well as the public policy which is concerned with technology’s use.

The Threats Report offers analyses of multiple areas in the field of technology, including one section dealing with the increasing regard for privacy in the
digital sphere.

In particular, the report highlighted how Apple’s refusal to comply with FBI demands to decrypt one of its devices showcased tensions between the government and private individuals over the growing role of encryption in consumer technologies.

According to the National Telecommunications and Information Administration, which operates under the U.S. Department of Commerce, about half of consumers declined some sort of online service due to privacy concerns. In addition, after the Edward Snowden revelations, the rate of encryption adoption climbed sharply according to Peter Swire, associate director of policy for the IISP.

These two factors in combination provide great challenges to governments — particularly the U.S. government — who continue to rely on data gathering for federal intelligence work and for law enforcement.

The report also discusses the insecurities and flaws in our current electronic voting systems, of particular importance given the divisiveness of this year’s elections. Multiple state legislatures have expressed concerns over funding to replace outdated voting machines, as electronic machines must be replaced far more often than older machines, such as lever-operated systems. Furthermore, recent hacking of critical political systems has increased the concern that electronic systems may be vulnerable to widespread hacking or fraud.

Many electronic voting machines, including those used in Georgia, do not produce any sort of hard copy recording individual votes cast at the ballot. A lack of such a record makes it difficult for a voter to verify that the machine recorded his or her vote correctly. Additionally, without some feedback, computer scientists cannot verify the accuracy of the software in recording and reporting votes to the elections offices. Georgia is one of only five states to exclusively use such machines.

It is often difficult for computer scientists to audit the software on voting systems because the vast majority of them use proprietary software which is never released to the public. Some elections in Texas and California are beginning to develop open-source software to run their elections, hoping to encourage widespread adoption — and thus, verification — of voting software that will be cheaper and easier to maintain than software pre-loaded on proprietary machines.

Many of the topics in the report discuss the role of people in cybersecurity and how their actions concerning computer systems can drastically impact what actions are taken or what trends emerge. For example, the release of information on NSA programs by Edward Snowden caused many businesses to accelerate encryption of consumer data, in part responsible for Apple’s inability or refusal to cooperate with the FBI in their investigation.

Another example of the role that people play in determining areas of concern for emerging technologies is the relationship between so-called smart devices and users’ ability to trust their decisions.

Cybersecurity, the report argues, is paramount in protecting both intelligence and the trust that users place in their devices. If the devices could make incorrect decisions or reveal information despite the user’s preferences, users would lose confidence in the capabilities of the device or become unwilling to trust it with important decisions.

The report further notes that individual devices must also be able to verify information transmitted to them by other devices for similar reasons. If the device cannot trust the information sent from other devices or trusts incorrect information from a compromised connection or device, it could make incorrect decisions that would similarly impact the ability of users to trust the system.

The IISP estimates that anywhere from 25 to 50 billion smart devices will go online by the year 2020. The report also estimated that smart city technology will be an industry worth $27.5 billion annually by 2023.

The IISP is Tech’s research center for numerous issues surrounding the use of technology. The organization holds symposiums, summits and keynotes on its topics of research throughout the year, as well as releasing information and updates on its central research topics as they become available.

The IISP also maintains a number of labs and facilities, including Georgia Tech Cyber Security, the team responsible for protecting Tech members and resources from breach or infiltration.

IISP’s next event is a symposium of scientists from the US and France discussing cybersecurity strategies and innovations. It will be held Oct. 13 and 14 in Tech Square.