Cybersecurity Awareness Month 2022: See Yourself in Cyber
In recognition of Cybersecurity Awareness Month, cybersecurity experts share research and thought-leadership on today’s top security threats and how to best protect yourself.
By Katherine Gianni and Thalia Plata
In 2004, former United States President George W. Bush and U.S. Congress declared October as Cybersecurity Awareness Month. According to the Cybersecurity and Infrastructure Security Agency (CISA), the purpose of the month is to help educate the public on how to protect themselves and their private information from online threats. Data from the FBI’s 2020 Internet Crime Report found an average of 2,000 complaints of internet crimes per day.
This year, the theme of the month is “See Yourself in Cyber” a message that asks folks around the country to consider the personal elements behind cybersecurity, and how we can all play a role in keeping ourselves, our families, and our communities safe. This idea is also at the forefront for many cybercrimes and cybersecurity experts at Boston University. In recognition of Cybersecurity Awareness Month, we give you a round up of five articles highlighting thought leadership and research from BU experts. From what apps you should or shouldn’t trust to the devastating effects of sharing something as simple as a CV online, these articles provide valuable and important information that can benefit us all.
Is there a way to allow people to send confidential, secure, untraceable messages on apps like Signal or WhatsApp, but still effectively track threatening ones? A new program designed by Boston University cryptographer and computer scientist Myank Varia offers a viable solution. Working with a team of fellow BU computer scientists, Dr. Varia created Hecate, a system that can be bolted onto a secure messaging app to strengthen its confidentiality, while also allowing moderators to crack down on abuse. Using Hecate, an app’s moderator creates a unique batch of electronic signatures, or tokens, for each user. When that user sends a message, a hidden token goes along for the ride. If the recipient decides to report that message, the moderator will be able to verify the sender’s token and take the appropriate action. Learn more about the team’s latest system developments and how their approach to encryption can apply even beyond messaging apps.
Did you hear about the hacker that escaped from the police?
Joking aside, Boston University privacy and security experts Ari Trachtenberg, Gianluca Stringhini, and Ran Canetti encourage folks to take their cybersecurity seriously by sharpening their understanding of the potential threats they may be encountering daily. While we all enjoy the convenience and connectivity of the internet, smartphones, and social media platforms, usage of these tools, the experts say, can come at a steep price. In this Q&A, the trio sheds light on privacy threats that consumers and businesses unknowingly expose themselves to and best-practices for protection.
For Boston University Metropolitan College cybercrime investigation and cybersecurity professor Kyung-shick Choi, cybersecurity is a passion that extends beyond the walls of his classroom in Boston–to the halls of our Nation’s Capital. Currently, Dr. Choi is working with the US Department of Justice on several projects, including an $881,000 grant for his BU team to train the next generation of cyber sleuths. “This curriculum will be kind of standard for law enforcement” when completed in two years, he says, as it’s developing guidelines for cyber-investigation education for federal law enforcement and intelligence officers. “That’s why we work with many cyber experts from different universities and local, state, and federal agencies.” Dr. Choi takes a personal approach to all aspects of his work, as he has seen cybercrime from both a victim's and an investigator’s perspective. Learn more about his experience and how it influences his research.
On June 24, 2022, the United States Supreme Court overturned Roe v. Wade, a landmark decision in which the Court ruled that the Constitution of the United States conferred the right to have an abortion. As news spread of Roe’s repeal, healthcare practitioners, researchers, and reproductive rights activists alike began to sound the alarm on the impact the Court’s ruling would have on reproductive health technologies–specifically ovulation and period tracking apps. “If you are using technology to track your period, and abortion is even a remote possibility, delete your period tracking apps. Now,” wrote Catherine M. Klapperich, a BU College of Engineering associate dean of research and professor of biomedical engineering. “Why? Because depending on what state you live in, the data could be used against you, or someone who might help you get an abortion, in a court of law.” Read her perspective on keeping personal digital data secure.
According to a memo issued by the Office of Management and Budget (OMB) in January 2022, by the end of the 2024 fiscal year, government employees will be required to use devices that are “consistently tracked and monitored, and the security posture of those devices [will be] taken into account when granting access to internal resources.” While the move might sound harsh to some, it plays into the federal government’s latest “zero trust” strategy of cybersecurity. To learn more about the approach and its effectiveness in averting future cyber attacks, we turned to Sharon Goldberg, a BU College of Arts & Sciences associate professor of computer science and cofounder and CEO of BastionZero, which helps companies secure their servers. She explores the principles of a zero trust, analyzes the government memo, and offers recommendations for businesses looking to bolster their cybersecurity.
For additional commentary by Boston University experts, follow us on Twitter at @BUexperts. Follow Dr. Myank Varia on Twitter at @mvaria, Dr. Ari Trachtenberg at @a_r_i_t, Dr. Gianluca Stringhini at @gianluca_string, Dr. Kyung-shick Choi at @DR_KCHOI, Dr. Catherine Klapperich at @DrKlapperich, and Dr. Sharon Goldberg at @goldbe. For research updates from Boston University’s Center for Computing and Data Sciences, College of Engineering, Hariri Institute for Computing and Computational Science & Engineering, Metropolitan College, and College of Arts & Sciences follow @BU_CDS, @BUCollegeofENG, @BU_Computing, @METBU, and @BU_CAS.