Tuesday, November 15, 2016

Cybersecurity under the Trump Administration

A journalist asked me about cybersecurity under the Trump administration, whether anything will change. Here are my thoughts. Note that this is just my opinion and does not represent my employers or any of my funders.

--------------

I don't expect much to change. President Obama already made cybersecurity one of his top 10 priorities, and as a result, a lot of the heavy lifting has already started.

However, there are still some opportunities for the next administration. For example:
  • A lot more research funds for longer-term thinking and solutions to big problems. Security today is dominated by the latest data breach, and there isn't enough funding for problems 5-10 years down the road, in particular Internet of Things.
  • Another area that needs longer-term thinking and solutions is foreign countries interfering with elections. It's unclear how much happened this year, but it's only going to get worse. There are a lot of concerns that foreign countries are using our very own social media to foment uncertainty and unrest.
  • More funds for education. Right now, only about half of developers today have degrees in computer science. But even then, only 3 of the top 50 CS programs require students to take any computer security courses. Furthermore, security goes beyond computer science. We could expand cybersecurity to students in psychology (e.g. social engineering), visual design (e.g. warnings), and so on. There's also just educating the public at large.
  • Expand security to also encompass privacy too. There are many emerging technologies that have tremendous potential to benefit society, such as big data, autonomous vehicles, Internet of Things, and so on. However, these technologies will only be adopted if people feel like they understand what personal data these systems are using, and if they feel that they are in control of these systems.
On a side note, this doesn't deal with cybersecurity as it is conceived of today, but it's a different form of technology and national security. Basically, a lot of jobs are being automated out of existence. For example, once Uber, Google, Tesla, or Ford create a reliable and commercially viable autonomous vehicle, there are tens of thousands of jobs that will never come back. And it's not just the drivers of taxis or eighteen-wheelers, but also people who run the motels, gas stations, and diners
that formed part of the support ecosystem for drivers. And, no politicians are discussing any real solutions to this problem today.

Some Tips on Protecting Yourself from Ransomware

I've been asked by more and more journalists to offer some insights into various aspects of cybersecurity. I figured that since I'm already writing these up, I might as well share them with the public. This one is on ransomware.

------------------

Ransomware is a kind of malware that holds your data hostage. The malware scrambles your data and makes it so that you can't access it, unless you pay a ransom, typically in Bitcoin.

It's not really clear if you can recover your data or not. Some people have been able to by paying the ransom, while others have not.

Instead, the best thing you can do is to prevent being infected in the first place. Here are some tips for protecting yourself:

  • Don't install any software you weren't expecting to install. A lot of malware and ransomware are designed to trick you into installing them. They might pretend to be anti-virus, or say that you need to update your browser. Don't do it!
  • Be especially careful of email attachments. A lot of malware and ransomware are spread through email. A lot of these will be caught by spam filters, but check the file extension of attachments before downloading and opening them. Avoid anything with .exe or .com
  • Backup your data regularly. Keep your most important files on a separate backup hard drive, or even on cloud services.