Cyber wars

Dr Nathaniel Evans spent his formative academic career breaking into banks, hospitals.

He found ways to hack into the systems of power grids and water treatment plants, looking for ways to cripple their capacity and bring communities to their knees.

He dressed up as a UPS delivery man to try work his way past security guards to gain physical entry into institutions.

It was all part of his doctorate research into social engineering, exploring the vulnerability within people – what he calls ‘the human firewall’ – that creates security breaches for organisations.

Dr Evans is the Cybersecurity Program Lead at the Argonne National Laboratory in the United States and is visiting universities and government agencies in Australia this week, hoping to build lasting partnerships.

As a part of the visit, he spoke about his work at the SMART Infrastructure Facility at the University of Wollongong on Thursday.

(L-R) Tania Brown, Stephanie Jenkins, Dr Nate Evans, Associate Research Fellow Grace Kennedy and Senior Professor Pascal Perez

“I am hoping to start on ongoing relationship and seeing if our ideas can make sense to each other, hopefully a long term collaboration that will lead to great things,” he said.

Dr Evans’ biography describes him as “a key asset” for the Department of Homeland Security in the US, analysing threats for cyber security from individual assets of critical infrastructure (such as a water purification plant or an electrical sub-station) through metropolitan and regional threats (such as power grids), right through to national issues.

“We see in the news a lot about vulnerabilities in security, and it seems to be this growing problem,” he says.

“I want to show that there is hope, there is light – there are ways in which we can have a solution to cyber security issue.

“I believe that there will be a variety of technologies that will create the solutions that we need for cyber security.

“We won’t ever get rid of the issue entirely, but we will mitigate that risk in a significant fashion.”

One example of this is the idea of a “moving target defence” to hackers wishing to compromise computer software.

Like a soldier, dodging and weaving the bullets fire at him, this defence involves a system constantly changing its structure. One minute, it’s running on Linux, the next on Windows, then 30 seconds later it’s Mac operational software.

“When you create a moving target defence, we give the good guys as much time as possible in order to defend that attack,” Dr Evans says.

The bad guys in this field can be a range of operators from nation states waging cyber warfare against their enemies, through organised criminals looking for financial gain, to disgruntled employees looking for revenge on their employers.

These so-called ‘insider threats’ can be some of the toughest to counter, since they intimately know the systems and vulnerabilities involved, but here too there are ways to counter the threat.

“Authentication is a key vulnerability when one person has the password,” Dr Evans says.

“But if you can have a two-person authentication, that reduces the threat dramatically.

“If I logged in then somebody else would have to log in too before I am authenticated.

“It’s much harder for a company to anger two people at the same time.”

So although his message is one of cautious optimism, his visit is about staying ahead of the game, and collaborating with researchers at SMART and elsewhere to share knowledge.

Because before too long, the kind of ransom ware that currently infects computers and encrypts the contents until the owner pays a blackmail sum, will spread to almost every aspect of our lives.

It won’t be long before our car won’t start because the software is locked, or we’ll be locked out of our homes when the smart front door lock is compromised, or our smart lights in our smart homes will stop working, or work sporadically.

The work will never end.