Tech helps thwart cyber attacks

There used to be a day when a computer hack was as obvious as a slice on the arm. A compromised website would ooze with a blood-red message, “You’ve been hacked!”

How simple the old days were.

Today’s cyber intrusions are more akin to undetected cancer: cellular changes that lie unnoticed until just enough — say the function of an organ, or the performance of an operating system — doesn’t perform the way it should. These “advanced persistent threats” are far more stealthy, sophisticated and damaging than the Internet hacks of 20 years ago. They steal data and cover their tracks, moving throughout the organization to new targets, learning how to better mimic and disguise their behavior with each pilfering.

To develop the groundbreaking cyber security protections needed now, we begin by looking to government for examples of actual intrusions and where it’s spending money to devise new solutions. Government agencies award universities like the Georgia Institute of Technology millions of dollars to research and develop new capabilities when the industry has no ready solutions.

In July, Georgia Tech’s College of Computing received a $4.2 million award to develop a method that will track and record events and data at three layers: user interaction with a program, program processing of input, and program and network interactions with the operating system. Our goal is to secure the entire information flow, to know whether military commands are maliciously altered while in transit. The benefit for industry could be radical, especially for anyone conducting financial or legal transactions online.

In June, the Office of Naval Research awarded the College of Computing $1.25 million to develop a new mechanism to catch and quarantine cyber intrusions on naval warships. The potential impact for industry is an intrusion detection and repair system that doesn’t slow performance — so there is no delay, whether you’re firing off missiles or inventory orders.

Meanwhile, Tech students are developing solutions such as a run-time detection tool that recently caught 11 previously undiscovered, deep security flaws in Chrome and Facebook. Gratefully, vendors fixed the problems, and students received a $100,000 prize from Facebook in August to continue their research.

Tech earns these awards from government and other leading organizations because of our research and past successes. We have sought-after experts in the fields of algorithms, computer architecture, data analysis, theory, operating system, information security, high-performance computing and human-computer interaction. Tech also is one of 14 universities in the nation – and the only one in the Southeast – accredited as a “university affiliated research center” by the U.S. Department of Defense.

For 20 years, Tech has served government and industry with research that pursues the grand challenges of cyber security. College of Computing research focuses on long-term and theoretical explorations, while the Georgia Tech Research Institute pursues applied research to develop immediate solutions to government and industry problems.

To better thwart cyber terrorism, it will take close and fearless collaboration between government entities sharing real data, universities offering research and industry advising how, where and when to take research to the consumer. At Tech, we believe close collaboration that includes the sharing of more data will help us improve methods for securing all data. The work to secure our cyberspace will be never-ending, because insidious malware is as ever-present as cancer.

Wenke Lee is director of the Georgia Tech Information Security Center and professor in the School of Computer Science.