Cyber Security: Data Integrity | The Program in Arms Control & Domestic and International Security

Interview with Alexander Withers

March 29, 2017

Alexander Withers is a Senior Security Engineer for the National Center for Supercomputing Applications (NCSA). He has worked for NCSA for two years. As part of the Cybersecurity Leadership Team, one of his responsibilities is to protect the data integrity of the Large Synoptic Survey Telescope in Chile using remote access.

What did you do before this job at NCSA?

I have worked for NCSA for two years, and before that, I worked for the Department of Energy at Brookhaven National Laboratory in scientific computing and cybersecurity. There I helped to ensure computers were not compromised or damaged, in order to protect the government’s investment in science and technology research. I also worked on cybersecurity as a graduate student.

Why does a telescope in Chile need cyber-protection?

The Large Synoptic Survey Telescope (LSST) is connected to the internet so U.S. and Chilean astronomers can access it remotely. Funded by the National Science Foundation, the telescope takes high-resolution pictures in a process that can not be interrupted, because the point is to have a constant stream of data scientists can use to investigate dark matter and supernovae. Any compromise to the telescope’s data integrity could be devastating since the data is the end product of LSST and requires tremendous resources to deliver.

What are VPNs, and how can they be unsafe?

VPN stands for Virtual Private Network. A VPN allows the user to connect to a set of systems, such as files and printers in a particular building as if the user were there physically. If the person using the VPN were to allow inappropriate software onto their computer, this could become dangerous if that software uses the VPN to access a corporation’s internal networks.

Highly sophisticated attackers typically get into systems through surprisingly simple means. They understand the protections in place and are able to get in by taking advantage of human error and psychology. They craft and deliver plausible emails to the right people and convince them the emails are legitimate so they will click on a link or attachment. Some hackers will target specific users and use this technique to piggyback into the VPN for data extraction.

How are cyber threats such as VPN hackers addressed?

We can watch the remote interaction of individuals and look at their network traffic for suspicious activity, such as data transfers that are dissimilar to the users’ regular habits, and logins from other countries. This monitoring process is very hard to automate. Although appliances like Barracuda can protect from malware and phishing, they cannot replace security professionals.

How are cybersecurity professionals trained to prepare for other attacks?

We have researchers and security engineers who use honeypots to look at attack data. A honeypot is a fake machine designed to lure attackers by making them believe they are hacking into something more exciting; the honeypot machine will collect data from the attacker until they give up. This data can be used to stay ahead of attackers and proactively prevent attacks.

What are some challenges to keeping information secure?

For some apps to function on mobile phones, there must be interactions between the app and backend servers, and companies like Google are able to access the data of their users who may not be aware of what is happening. The privacy and security of users often counter business models, since using a more stringent approach to privacy can result in fewer “cool” features. Unfortunately, this tension can present an increased risk of attackers gaining access to user’s data. A good example of this is the recent Cloudflare data breach, in which tremendous amounts of user data were leaked.
There are not enough resources for awareness and training in cybersecurity. Attackers can threaten data integrity and hold information ransom, sometimes at very substantial costs to the victims. Awareness needs to be heightened by training users to identify threats. When we run training exercises to see who will be fooled by them, typically the same ten percent of users repeatedly take actions that could create security problems. People need to understand the risks and take them more seriously. As for training, we need more education to develop security professionals for tomorrow who can tackle the evolving challenges. New products and new ways of computing introduce more and more security challenges, so we need a way to stay on top of these changes. Right now, technologies are changing faster than preventative actions can be taken, and we lack the legislation needed to help with this. Laws need to be written with the help of people who understand computers.