Cyber criminals have compromised the data records of more than 215 million Americans and if the trend continues, by 2014 all United States residents will be affected.
These statistics drive Fred Chang, research professor of computer sciences, and the work he and other faculty and graduate students do in the cyber security labs at the Center for Information Assurance and Security.
The center, housed in the Department of Computer Sciences, was founded in 2004 to address the nation’s growing cyber security problems. Since then the problems have changed and only gotten worse.
“In the early part of the decade it was about recognition,” Chang said. “Hackers wanted to break into systems to show they could do it. Today most are about money and once that happens it gets more serious. That’s the key difference between then and now.”
Chang said today’s hackers are more professional and getting better every day at what they do.
“Many attacks are quite professional and well funded. It feels more like a business,” he said.
One of the biggest problems in cyber security today is a system of underground servers all over the world, primarily in the United States, that collect Social Security and credit card numbers and then place them for sale on the Internet.
“It is very eye opening,” Chang said. “At the end of 2005 one server had 40,000 credit card numbers for sale per month online.”
According to Chang, the problem of identity theft has risen significantly in the three years since the lab was formed.
At least one in 20 U.S. adults has been a victim of online fraud and one in 50 has been a victim of identity theft, according to research from the center.
“The cyber security problems that face us all today are really daunting and getting worse,” Chang said. “It’s going to continue to get worse before it gets better.”
The center is working to counter growing cyber threats through four research areas.
“One area addresses the issue of identifying weaknesses in computer software,” Chang said. “We are looking at what it would take to make software inherently more secure. This is a fundamental issue will go a long way to improve things.”
Right now, it takes less than a minute for a new computer with no virus protection to be attacked by something on the Internet.
“Software and applications don’t generally have security built in,” Chang said. “We put a wall around our computer environment because it isn’t secure and then continue to bolt on. We want to find what it would take to develop a system without all the bolt-on stuff.”
The center is also doing research and development on hardware and systems.
“In the state of security today something bad has to happen and then we have to react. We want to look at key areas and build reliable, dependable systems from the very beginning. It takes a very different approach,” Chang said.
The fourth area the center is working on focuses on research contracts with the U.S. Navy and other companies where it works to solve specific problems.
The center has made headway in its research but it is a slow process and for now Chang, who has curtailed his own online activity, advises people to do everything they can to secure their computer environment.
In addition to his work at the university, Chang is also tackling cyber security as part of a new Congressional Commission on Cyber Security, established to make sure the next president of the United States has an updated strategy to combat cyber threats.
He was appointed along with Admiral Bobby Inman, the Lyndon B. Johnson Centennial Chair in National Policy at the LBJ School of Public Affairs.
“Right now we are in a reactive mode and that’s a bad thing,” Chang said. “The attackers are gaining on us and we are operating from a position of disadvantage. Until we gain enough understanding to reverse the trend it will get worse.”