The Peach State’s multidisciplinary cyber research seeks to keep citizens safe online
From the banks of the Savannah River to the busy streets of Atlanta, cybersecurity research has become one of Georgia’s top priorities. As the wider world becomes more interconnected, and more and more devices bridge the gap between humans and technology, it may be up to the Peach State to start the trends that carry the United States into the next leg of the Information Age “arms race.”
Cross-Border Data Requests
At first glance, “cybersecurity researcher” and “lawyer” may not seem like the most compatible job titles, but that’s never held Peter Swire back.
For almost 20 years, Swire, the Holder Chair of Law and Ethics in the Scheller College of Business at Georgia Institute of Technology, has been a fixture in the cybersecurity field.
For several years, Swire and his research team have partnered with the Hewlett Foundation to examine cross-border requests for data. Previously, criminal evidence was collected locally, but that has changed with the advancement of technology.
Now, important evidence is often stored in the cloud, sometimes in different countries. To land convictions, investigators need access to emails, social media networks and other cloud-based data. Law enforcement can request access to this information through a mutual legal assistance treaty, but the process is slow. This presents law enforcement with a challenge. How can they get evidence needed for criminal investigations in a timely manner?
Enter Swire’s research on cross-border data requests, a project that grew out of Swire’s work on Obama’s review group.
“During that project, we recognized the growing importance of mutual legal assistance,” he said. “If we don’t solve the problem, then other countries will be tempted to require data to be stored locally. This research is trying to find a way to meet law enforcement goals, protect the global internet, and protect people’s privacy and civil liberties.”
In early 2015, Swire’s team proposed a solution inspired by the visa waiver program. The United States currently has agreements with almost 40 countries that allow citizens of both countries to travel without a special visa, and all these countries have agreed on a set of strong rules for the visa program.
“We proposed creating a similar set of strong rules for law enforcement requests,” Swire said.
In March, Congress passed the new Clarifying Lawful Overseas Uses of Data (CLOUD) Act. The new law adopts the approach first proposed by Swire and his team, showing the impact that academic research can have on real-world solutions in cybersecurity.
In Search of Malware Defense Solutions
Dr. Roberto Perdisci, associate professor in the Department of Computer Science and a founding member of the Institute for Cybersecurity and Privacy at the University of Georgia, has seen his research move from concept to practical use.
Perdisci is interested in understanding how malware is distributed and in creating innovative malware defense solutions.
One of his research projects, initially funded by the National Science Foundation, examined network traffic. Perdisci designed a system that observed web traffic crossing a network. When the system found signs of software downloads, it reconstructed critical information regarding how the software was being downloaded and where. Then, the system classified these events as malicious or benign.
“Originally, this project was pure research, but it became successful in the sense that we wrote a paper about the system we invented, developed a prototype, deployed it and evaluated it with the Office of Information Security at UGA,” Perdisci explained. “The program was actually quite useful to them.”
After seeing a demonstration of the program, the NSF program manager referred Perdisci and his team to the Department of Homeland Security and the “Transitions to Practice” program, an initiative that funds projects created in labs with the goal of building a solid, reliable version of the prototype.
With the help of DHS, Perdisci was able to deploy a better version of his software across the UGA campus. The project is now in use by UGA, Georgia Tech and the University of Alabama at Birmingham.
“You don’t see this every day,” Perdisci said. “Many things we do as academics are closer to fundamental research. It was good to see the evolution of this project from an academic research paper to a system that multiple universities are using.”
CyberSecurity for U.S. Cities
Dr. William Hatcher, director of the Master of Public Administration program at Augusta University, also seeks to build solutions that will help the average citizen.
Last year, Hatcher and his colleagues conducted a cyber workforce study to measure the economic effect of cyber in Augusta. Hatcher’s current research project focuses on helping local governments secure their citizens’ data.
Hatcher explains that citizens frequently say that they’re hesitant to give the government personal information because of privacy concerns. The result is that citizens are less likely to participate in government, from simple services like online bill paying to interacting with elected officials online.
“You install an alarm system in your house because you want to keep your possessions secure, but data is a possession,” Hatcher said. “Your medical records and banking information are all possessions. People want to keep that information secure. They want reassurance that the data they’re giving private companies and the public sector are secure.”
Unfortunately, this fear is not unfounded. From the perspective of local governments and nonprofit organizations, the data collected from citizens needs to be protected. Oftentimes, however, these organizations do not have the needed expertise in information technology.
That’s where Hatcher’s research comes in.
Hatcher and his research team are conducting a survey of cybersecurity plans in U.S. cities, about which little is known.
The project targets cities with 10,000 to 15,000 citizens. Generally, large and medium-sized cities have the expertise to keep their data secure, but smaller cities often don’t.
Survey questions include whether or not a formalized cybersecurity plan exists for their city and what types of cybersecurity policies are being implemented.
“We’re interested in knowing broadly what cities are doing in their cyber policies and seeing what the smaller cities are doing,” Hatcher said.
Survey results will be used to help improve cybersecurity policies of cities in the United States.
“We want to do this research to help local governments have the information and resources they need to keep their data secure,” Hatcher said.
A New Wave of Crime
The key to building a better cyber future doesn’t rest simply with protecting the “good guys,” though. To make the world, and the internet, a safer place, we must also understand how the enemy thinks. That task falls to researchers like Dr. Volkan Topalli.
Criminals are increasingly interested in the security that the dark web can provide, and law enforcement officials are seeing a new wave of crime as a result. Topalli, professor in the Department of Criminal Justice and Criminology at Georgia State University, is a criminologist, but recently he has found his research taking a turn to the cyber field.
Topalli’s research seeks to understand the development of digital payment systems and how that has changed crime.
“Traditional crime where people take cash or physical items is declining,” Topalli said. “We think the decline is because we transferred our financial transaction systems from cash to digital-based systems like mobile payment. People use these platforms to make purchases and don’t carry cash, so they’re less vulnerable to certain crimes. It seems this is causing a decrease in physical, interactional crime and an increase in electronic-based and cybercrime.”
He is interested in the advent of cryptocurrency and how this form of money is contributing to the crime shift. Cryptocurrency is a digital currency that is both anonymous and encrypted. The security of the currency may allow average offenders to commit crimes. It is currently being used for money laundering, according to Topalli.
Topalli, together with colleagues from GSU, is conducting an ethnographic study of online drug vendors, individuals who sell drugs on the dark web. In many cases, these vendors accept cryptocurrency as a form of payment. The goal of the study is to understand where these vendors are coming from and what motivates them. For example, are they former street offenders or a new type of offender?
The team will use an encrypted peer-to-peer network to conduct real-time interviews with the drug vendors. They’ll also do comparative interviews with street offenders in Atlanta, with police officers and with private cybersecurity experts to better understand this new trend in crime. Topalli expects the results of the research to be valuable to criminology, law enforcement and cybersecurity experts.
Topalli’s work is not for experts alone, however.
“We want to help people at the corporate level but are also trying to focus on what individual citizens need to understand about the internet, e-commerce and their rights when crimes occur on the internet,” Topalli said. “We tend to think that when we engage in commerce online it’s the same as walking into a store, but that’s not the case. A lot of this research is concerned with educating people to protect themselves so that they’re less of a target.”
Whether it’s sharing evidence across national borders or chasing criminals out of the internet’s seedy underbelly, the Peach State’s diverse cybersecurity research is changing the way we live online. The solutions, and the individuals discovering them, are more varied than ever before. That’s bad news for the bad guys, and great news for everyone else.
Gaming gets serious
A recent Pew Research survey showed that nearly 60 percent of Americans think some or most video gaming is a waste of time. However, a new training model in cybersecurity may just turn that conventional wisdom on its head.
Generally, cybersecurity training platforms fall into one of two categories: a traditional classroom, where information is provided and followed by an assessment, or a cyber range, where teams take turns practicing offensive and defensive positions. Now, an innovative new approach is bringing online gaming into the mix.
Circadence Corp., a leader in the cybersecurity community devoted to solving complex cybersecurity problems with cutting-edge solutions, recently incorporated artificial intelligence into Project Ares, an online gaming platform that doubles as a cybersecurity training tool.
Machine learning, a type of artificial intelligence, is where a computer learns as its environment changes, following trends and learning new rules as they appear. Once purely science fiction, machine learning is why cellphone intelligent assistants can improve their ability to understand speech by learning an individual’s pronunciation and manner of speaking.
And now, thanks to Ares, artificial intelligence is being adapted to improve cybersecurity.
“The idea is to bring teams and individuals together to play a game with certain objectives to achieve, including protecting information, networks and computers,” said Dr. Fred Wright, executive vice president of research and development at Circadence and adjunct professor in Georgia Tech’s School of Computer Science. “Artificial intelligence is a key to our approach because it provides an unpredictable adversary for individuals to play against.”
Artificial intelligence in Ares will serve a dual purpose. Researchers at Circadence collect data both on participants who use Ares and on the actions that they take within the game.
“We want to use artificial intelligence to discover new approaches within the corpus of tradecraft and bring those new ideas out of the game and into the real world,” Wright said.
In other words, artificial intelligence uses the unpredictable creativity of the players to make the cyber range concept even more dynamic and ultimately improve actual cybersecurity operations.
The result is changing the game in terms of cybersecurity training. Ciradence is using the same game-based approach for security awareness aimed at a broader audience, beyond IT and security professionals.
“Using artificial intelligence to learn techniques improves the game and is pushing the envelope for trainees. They’re getting a broader, richer experience,” Wright said.