A group of 14 academic institutions is helping to improve cyber security, writes Anthony Harrington

AS an intensely knowledge based economy, with a vast store of intellectual property residing on servers in organisations right across the country, Scotland has a huge interest in cyber security. As Professor Bill Buchanan, of Edinburgh Napier University notes, companies across Scotland need to ensure that they are using state-of-the art IT security.

“We really need to highlight the importance of cyber-security to Scotland. This is one of the main goals of The Scottish Informatics & Computer Science Alliance (SICSA), a grouping of 14 academic institutions,” Buchanan notes. SICSA is a Scottish Funding Council Research Pool and aims to develop Scotland’s research excellence in Informatics and Computer Science (ICS). SICSA funding has already enabled SICSA members to recruit some 90 high-quality PhD students from around the world through its Prize Studentship Programme. Plus it has enabled the member institutions to attract some of the finest researchers on the planet.

“In Scotland we have an excellent ecosystem to encourage academic breakthroughs in computing and cyber-security issues. Our economy has vital areas such as healthcare, biotech, software development and computer gaming, that really need top grade security. There is a huge opportunity here for niche start-up operations specialising in aspects of cyber-security, to play a key role here,” he notes.

Buchanan points out that IT generally is one of the “rock star” career opportunities. “Graduates with specialisms in areas such as “big data”, cyber security and anything to do with cloud architecture and software development are in huge demand by business and the financial services sector,” he notes. In today’s “connected world” where systems controls and software play a vital role in everything from power stations to traffic lights, there is a constant risk that everyday life could be massively disrupted by attacks on key areas of our infrastructure. “Securing not just IT but all the systems that are dependent on IT driven controls is absolutely vital. A successful attack on our energy infrastructure, for example, would have profound implications for the Scottish economy.

There are billions of sensors in play today. “We are now hugely reliant on a new foundation in our world, based on cloud technology. Cyber security is as much concerned with securing these embedded systems as it is with p r o t e c t i n g c o r p o r a t e I T systems. “The US has already suffered several IT hack attacks on its energy infrastructure from rogue states, which emphasizes just how important it is for us to improve cyber security generally,” he comments.

One obvious threat is the IT domain name server infrastructure, where the associated servers can be used to produce Denial of Service attacks against targets. Buchanan points out that it is responsible for resolving all the internet addresses on the internet. “The point is that we have risks and vulnerabilities both in our general infrastructure and in the make-up of the internet,” he comments. Individuals are also targets.

Recent headlines have highlighted successful hack attacks on the World Anti-doping Agency (WADA). The hackers were able to get their hands on highly confidential information concerning the medical histories of athletes and release them over the internet – supposedly in revenge for the banning of Russian “doping-cheat” athletes from the Olympic games. Buchanan points out that the penetration of the Anti-doping Agency was achieved not by a deep hack of its web site or systems, but rather via a phishing email sent to one of the Agency’s scientists. “Phishing emails – especially ones targeting specific individuals with a view to tricking them into compromising their organisation’s servers – have become highly sophisticated,” he notes.

At the same time, organisations need to exercise care in their recruitment processes if there is any reason to believe that their organisation could be targeted. A determined hacker group might well try to have an insider apply for positions in the company, since it is much easier to compromise an organisation’s systems once you are legitimately seated at a desk with a connected PC or laptop. Denial of service attacks continue to plague household name sites on the internet. These are the so-called botnet attacks launched by a hacker group which can make use of armies of PCs suborned from all round the internet. These are individual machines that have been compromised using a variety of exploits and unbeknown to their rightful owners, are set up to attack any specific site on command.

“Denial of service attacks work by overloading servers by deluging them with bogus access requests. The best defence against these attacks is either to have huge network and server capacity on the internet or to have a deliberately separated site that the attacks can be funneled off to, leaving the main site free to attend to the demands of legitimate visitors,” Buchanan comments. “Typically these attacks show up as a huge spike in network traffic with the originating machines visible as IP addresses that have not been seen before and that distinguish themselves by endlessly repeated requests for access. The sheer volume and the fact that these attacks are coming from a large number of different IP addresses makes it nearly impossible for the bogus traffic flow to be blocked – but it can be diverted,” Buchanan notes.

Some years ago network administrators could examine packets of data moving on the network and special tools would tell the examiner if the packets were innocent or loaded with malware.

Today, however, Buchanan explains, most network traffic is encrypted so the network administrator has no view at all of the content of the packets passing through the network.

This again makes it difficult to identify an attack until it triggers an unusual process or requests a forbidden file. “The whole area is fascinating and a very attractive intellectual challenge as well as offering a great career path. Cyber security will definitely continue to be one of the dominant concerns of the next few decades,” he concludes.