With a federal investigation underway into the Russian cyber intrusion of the 2016 presidential election, Cal State Fullerton cybersecurity expert Mikhail Gofman points out that there is no “silver-bullet solution” to prevent such cyberattacks from happening again.
“Don’t be fooled,” said Gofman, associate professor of computer science, who directs CSUF’s Center for Cybersecurity. “Staying secure is like staying healthy — it is a process that requires constant work, commitment and dedication. There is no security tool to make you magically secure.”
Still, to guard against attacks, Gofman discusses how novel tools are being developed by companies, such as Alphabet’s Jigsaw, as well as research being conducted by CSUF faculty members and students to enhance computer security.
What are some of the viable tools to prevent election hacks?
Jigsaw, a technology incubator, for example, can certainly offer a valuable addition to the arsenal of tools designed to keep us safe in today’s highly connected world. However, it is naive to presume that a tool alone can stop a gamut of highly sophisticated cyberattacks aimed at influencing elections — especially targeted attacks orchestrated by state-actors designed to steal information of high importance and strategically disrupt the target’s system. These types of attacks are extremely multifaceted, adaptive and stealthy, and have highly qualified experts coordinating them every step of the way. Security experts have referred to these attacks as advanced persistent threats. Further, the impossibility of developing a tool capable of perfectly detecting viruses and other malware was proven mathematically, and the proof is grounded in the foundational principles of computational theory.
Is there anything that can be done to prevent attacks?
There is no silver-bullet tool for securing our elections. Solving this problem requires a comprehensive cybersecurity strategy that is as adaptive and persistent as attackers themselves. It must address not only the technical aspects, but also the human aspect — a single irresponsible decision by one individual can be sufficient, as we have seen during the election. Google tools can warn you when you use your Google credentials on a phishing site. These cannot, however, prevent you from writing your password on a piece of paper that gets lost, using the same password on many sites, which may expose it, or simply choosing an easily guessable password.
Furthermore, attackers always have indirect avenues of influencing elections — fake news is one. Spreading misinformation has worked since ancient times. Now it works even better, as attackers can use social networks as multipliers for spreading fake news. The populace in general is always much easier to fool than to disillusion.
What research projects are you and your students involved in this semester?
We have a number of active projects, including several focusing on developing the next generation of authentication for mobile devices by using multiple biometrics to verify user identity. Over the past two years, we have produced multiple peer-review publications in highly ranked conferences and journals. I also recently co-edited a book with Sinjini Mitra [assistant professor of information systems and decision sciences] on “Biometrics in a Data Driven World: Trends, Technologies, and Challenges” [CRC Press, December 2016]. Other projects center on how to protect sensitive information in a computer’s memory and prevent it from leaking out. As you surf the web, write documents and perform other security tasks, your passwords and credit card numbers, for example, are stored in your computer’s memory. If that information is saved to persistent storage, attackers will have more time to compromise it. Our solution allows users to prevent such information from reaching persistent storage.