Page 18 - Cyber Warnings
P. 18
The Future of Cyber Security
A Q&A with Patrick McDaniel
by The Association for Computing Machinery (ACM) and Patrick McDaniel, Distinguished
Professor of Electrical Engineering and Computer Science at Pennsylvania State University; ACM
Fellow
What do you see as the top cybersecurity threats in 2017 and why?
There’s been an interesting transition of threats and attacks over the last 10 years, and what
we’re seeing more frequently is professional attacks that more effectively monetize the
vulnerabilities in computers. In particular we’ve seen the rise in things like ransomware, which
has become a very serious problem for businesses, government agencies, and organizations
that don’t have full-time professional cybersecurity staff.
Unfortunately, I think that trend is going to continue, and I also think we will see an increase in
attacks from organized crime syndicates and other state-sponsored types of attacks; in
particular attacks that use misinformation either for monetary or political gain.
Just looking at what’s happened over the last six months in the United States, it’s clear that
misinformation has become a major weapon in the cybercriminal’s arsenal. I think we will see
even more attacks where misinformation is used to try and shape public policy, sway public
opinion or even to alter people’s behaviors. Obviously, the use of misinformation is nothing new-
-we’ve seen it before with stock market manipulation, etc.--but we’re going to see much newer
and inventive uses of misinformation as a means of enabling cyberattacks.
What is the biggest cybersecurity concern that keeps you up at night that isn’t being
talked about?
That’s an interesting question, because I do believe that in the security community and as a
society at large, we’ve become too fixated on small-scale attacks,like phishing and ransomware,
that are the newsmakers. We see impersonation and point-of-sale attacks like the one against
Target. Of course, these are all important, and we need to spend time thinking about them,
understanding them and coming up with countermeasures. But in our fixation with these flashier
attacks, we’ve lost sight of something that was actually on a lot of people’s minds six or seven
years ago, and has potentially far more devastating results: an attack (or attacks) against
societal-scale critical infrastructure.
One of the most talked-about examples is a scenario where hackers gain access to the
electrical grid to cause havoc through widespread outages, etc. That example is very important,
but there are a lot of other critical infrastructures in our society that need to be addressed,
including things like healthcare and insurance systems. Imagine if the bad guys (whether
organized crime, hackivists, or nation states) were able to hack into one or two of the major
18 Cyber Warnings E-Magazine – March 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
