Justin Long
Disclaimer—This paper partially fulfills a writing requirement for first year (freshman) engineering students at theUniversity of Pittsburgh Swanson School of Engineering.Thispaperis astudent, not a professional, paper. This paper is based on publicly available information and may not provide complete analyses of all relevant data. If this paper is used for any purpose other than these authors’ partial fulfillment of a writing requirement for first year (freshman) engineering students at the University of Pittsburgh Swanson School of Engineering, the user does so at his or her own risk.
THE FIGHT TO MAKE THE INTERNET MORE SECURE
Justin Long ()
1
Justin Long
THE FUNDAMENTALS
In 1943 two gentlemen from the University of Pennsylvania spent five hundred thousand dollars to create a tangled mess of cables, blinking lights, and mechanical switches, otherwise known as the first ever computer [1]. As years went on the computer was transformed into an incredibly powerful machine that most people in today’s day in age own or have access to.
They are everywhere. From cellphones to smart cars, the life of the average American depends on the use of computers. It’s extremely easy to get caught up in the world of online shopping, banking and social media. Even if one would try to stay away from spending their time in the online world, it is almost impossible to live a life that doesn’t involve some aspect of the internet. Whether it be for things like work or communication, most of the time, it is needed for basic day to day functions. It’s safe to say that the internet is the back bone of the modern society
IMPROVEMENT CAUSES SETBACK
Although the network of computers is a great benefit to society, it also opens up a whole new world of issues. On average, there are about fifteen to twenty problems in every thousand lines of code, according to Steve McConnell, the author of “Code Complete” [2]. To put that in context, applications such as Fire Fox and Google Chrome run through millions of lines of codeevery day. If a hacker wanted to find his or her way into the system, all he would need to do is find where the weakness is in the program and exploit it for their own benefit. With the growth in these areas of technology, the risk of problems will rapidly evolve [2].
Recently, the first risk became reality when it became known that there were many problems with the popular operating system software, “ios9”.The F.B.I. reportedly paid hackers over a million dollars to find all of the bugs in the code[2]. If a criminal were to be able to find a backdoor in the encryption of the device, he/she would easily be able to remotely access all sorts of information including, but not limited to, social security numbers and credit card pins and numbers. Luckily the F.B.I. was able to get its hand on the information before other private groups or governments did, saving many people around the world [2].
Although the hack of “ios9” was, for the most part, prevented by the F.B.I., the risk of a widespread cyber-attack is very evident in today’s day in age. For example, Russia recently launched an attack on Ukraine’s power grid,causingpower outages in 103 cities and towns in the nation[3]. Without proper precaution in the cybersecurity of personal and public problems, many people across the country are at a great risk.
FOCAL POINT
The internet as we know it is not a safe place. There are hackers waiting at every corner for a company to make a mistake in their code that lets them take control. Whether it be something small like defacing an internet page or something serious like getting into someone’s online banking, there is a serious need for better online security.Luckily there are many organizations and companies working rigorously to make sure everyone stays safe and secure when using the internet.
One of the major companies that is in the race to make internet systems safer is a business by the name of “Focal Point”. Their goal is to “create the connections and companies need to stay ahead of the hackers” [4]. Focal Point teams consists of cyber defense experts with fifteen years of experience in hacking and cyber defense exercises. Basically, this organization hired the people who use their knowledge of code and internet systems for the benefit of making them more secure, instead of breaking into them and exploiting their weaknesses.
How Focal Point Keeps Things Secure
Focal Point is a system perfected to create a far more secure network by doing a variety tasks that analyze a large set of data, whether that be a mobile application, a website or the local network of a business [4]. There are five major parts that all work together to get to the end goal of providing a more secure cyberspace.
Focal Point starts out by monitoring all activity done on the network including things like login attempts, data flow, and the quality of the data moving through. If a significant deviation from what is expected from the average user is detected, Focal Point starts a chain reaction of defense systems that will solve the problem.
The next thing that happens in the chain of defense is something called context reasoning. This task examines the deviation from normality by taking the context of where the problem is and running it through a series of artificial reasoning that gives a couple of different actionsthat should be taken to figure out if the deviation is harmful. If it is found to be problematic by the context reasoning, multiple different ways to solve the problem are then suggested.
After Focal Point reasons through the cybersecurity issue, the Adaptive Decision kicks in. Scholars from the University of Toronto describe this step of the security process as a way “to guide the decisions for adaptation” and to “utilize decision theoretic models drawn from graphical and probabilistic models” [5]. In other words, this part of the process takes the information found in the Context Reasoning step, reviews it, and then finally picks the route it takes from the suggestions given previously. Actions that are taken can range from informing the owner of the business that there is a flaw in the coding of his/her of their website, or even blocking an attack from a hacker who is trying to break into the network of company.
The main focus on protection is in instances where a user requests for information, the system receives new information and when an unknown user is logged on to the website or program.
In the background, the LOD Adaptation Module is deciding what level of detail Focal Point should run through the data in. This is a key part of the program because usually the systems that are being analyzed contain an insane amount of data that would take an extremely long time to sift through to find the problem. Instead of reviewing everything, Focal Point, “uses situational assessment and triggers from context reasoning and adaptive decision” [5] to quickly produce a smaller set of information that can easily sorted in a short amount of time. For example, if the context reasoning and adaptive decision steps find a problem in a certain area of code, The LOD Adaptation Module can then remove any information that doesn’t include that information, and focus its power on going through the problem with a fine-tooth comb [5]. Overall, this process speeds up the steps above to create a faster approach to preventing and solving problems in the cyber security world.
A Different Approach
Alongside Focal Point’s ability to provide real time assessment of the security of a network, it also can simulate a hack.This is done by a four-phase program to see where problems lie. It first emulates an intruder that is planning to hack the network. After the intrusion, a scan of all the parts effected is done through Focal Point. Following that, manual and automated techniques are used to compile acomprehensive list of vulnerabilities affecting the systems. Finally, the program then goes in and executes a hack, so the user can see in real time how an actual hacker could get into and possibly change the way their network is running [4].
After the simulation hack, the owner of the network can go and make the areas that were hacked by focal point are more secure.
MOVING FORWARD
The increase in criminal activity in the world of cyber space is a growing concern throughout not only the United States but also many other countries throughout the world. From 2006 to 2015 the United States government increased the budget for IT spending by over 14 billion dollars in an attempt to keep up with the rise in cyber activity [6].
With such a rapid growth in cyberspace, companies like Focal Point are doing as much as they can to help keep businesses and organizations more secure.Although they cannot protect every single website and establishment there is, Focal Point is a great aid in the fight to make the cyber world a safer place.
It is important that in the future that the world of cybersecurity grows at a faster rate than that of the world of hacking. Focal Point alone cannot solve all worlds issues but it is a great start. I hope in the future the internet will become a completely safe place to do things like send emails, purchase items, and access bank accounts without the potential risk of a breach of privacy and theft. But in today’s day in age, it is a large risk that everyone should be aware of.
SOURCES
[1] “Invention of the PC” A&E Networks. Accessed 10.28.2016
[2] Nicole Perlroth. “Software as Weaponry in a Computer-Connected World” The New York Times. 7.7.2016. Accessed 10.28.2016.
[3] Elizabeth Weise. “What a real cyber war would look like” USA Today. 9.28.2016. Accessed 10.27.2016.
[4] “Internal & External Penetration Test” Focal Point. Accessed 10.28.2016
[5] Catherine Inibhunu, Scott Langevin, Scott Ralph, Nathan Kronefel, Harold Soh, Greg A. Jamieson, Scott Sanner, Sean W. Kortschot, Chelsea Carrasco, Madeleine White. “Adapting Level of Detail in User Interfaces for Cybersecurty Operations” Uncharted Software Inc. and University of Toronto. 16.8.2016.
[6] Eric A. Fischer “Cybersecurity Issues and Challenges: In Brief” Congressional Research Service” 8.12.2016.
ACKNOWLEDGMENTS
I would like to personally thank my friends Sam Winderman, Brain Robb, and Carter Zerwick for giving me the motivation I needed to continue to revise and edit. I couldn't have done it without them.
LIST OF FORMAT REQUIREMENTS
will help you see what the formatting requirements are. Use this list to double-check that all elements of your paper are formatted correctly. Instructions for how to use menus/settings to meet various format requirements are provided after the list. Be sure to include the disclaimer, exactly as shown/formatted at the top of this page (below the page 1 header, indented .03, Times New Roman or Cambria 10pt, single spaced, full justified; the word “Disclaimer” in bold followed by a dash), before the TITLE.Put a space between the Disclaimer and yourTITLE.
Font and size
–All text Times New Roman or Cambria
–All “body” text (except for section headings) Times New Roman or Cambria10pt
Margins
–Top and bottom margins: 1.0"
–Left and right margins: 0.75” or 0.7”
All Body Text (all columns) Full Justified
All “body” text (all text in all columns) full justified (except for TITLE, name (email) HEADINGS, subheadings
Paragraphs
–Indent all paragraphs .03; no space between paragraphs within columns
Spacing: Body and Between Elements
–Line spacing: Single (1.0) space for text in all sections
–Space between Disclaimer and MAIN TITLE
–Space between MAIN TITLE and name (email)
–Space between name (email) and first SECTION HEADING
–Space between SECTION HEADINGSand section textSpace between section subheadings and section text
Headers and Footers
–Headers and Footers 0.5“
–Header, Page 1: 10pt. bold, aligned left
–0011/0711 Section (for example, Budny 10:00)
–Group number (for example L03)
–Header, after Page 1: Your Name, 10pt. bold, aligned left
–Footer, Page 1: 10pt. bold, aligned left
–University of Pittsburgh, Swanson School of Engineering
–Date of submission –MM.DD.YYYY
–Footer, after Page 1: Page number, 10 pt., bold, centered
Title, Headings, Subheadings
–Main Title: 14 PT, ALL CAPS, BOLD, CENTERED
–Author name and email: 10 pt., bold, centered, (email in parentheses)
–Section Headings: 12 pt., ALL CAPS, BOLD, CENTERED
–Section Subheadings: 10 pt., Bold, Centered
Columns: Width and Spacing
–2 column format for the body of the document
–Spacing between columns: 0.2"
–Column width: 3.4" or 3.15
–All “body” text (all text in all columns) full justified (TITLE, name (email), HEADINGS, and subheadings are centered, not full justified)
In-text citation numbers
- You will insert/format your in-text citation numbers for sources the same way you did for Assignment 1. Place citation numbers in brackets; for example [1].In-text source citation numbers go in numerical order beginning with [1] for the1st reference
–Bracketed citation numbers go after quotation marks and beforepunctuation marks; for example, “quoted material” [2].Bracketed citation numbers go after a paraphrase and before punctuation marks; for example, paraphrased material [3].See Formatting Your Sources on page 3, and “How to Reference Sources” (linked from the Writing Assignments page) for further information on how to set up your Sources section
Sources Section
–Every in-text citation number must have a corresponding, same-numbered source in your SOURCES section.
–You will set up the bibliographic information in the same way you did for Assignment 1. For example, if the 1st source from which you quote or paraphrase is an article on a NASA deep space initiative, you must put the bracketed number [1] after the paraphrased material. The 1st reference in your sources section will then be [1] and will include, in the correct order and with the correct punctuation, all the bibliographic information for that NASAarticle.
–The basic correct order and punctuation for your bibliographic information is this:
[number] First Initial of Author. Last Name of Author. “Title of Article.” Larger Source Within Which Article is Located. Date of publication MM.DD.YYYY. Accessed MM.DD.YYYY. url or DOI.p.
–For example, this is what you would put in your Sources section:
[1] D. Weaver, M. Brakus. “NASA Announces Design for New Deep Space Exploration System.” NASA Exploration.5.4.2014. Accessed 9.30.2016.
p.2
The next reference in your References section would be [2] and would provide bibliographic information for the next source from which you have quoted or paraphrased (referenced as [2] in your paper).
–To see how to correctly present bibliographic information for a variety of kinds of sources, consult the “How to Present Sources” document available on the Writing Assignments page.
..k that.onsultant.u were writing, wouldation they have narrated.ppreciate their their own agency and how they learning about ..k that.onsultant.u were writing, wouldation they have narrated.ppreciate their their own agency and how they learning about
REMEMBER
You must have a Sources section, you might have an Additional Sources section, and you MUST have an Acknowledgments section.
ADDITIONAL SOURCES
Present any additional sources that you consulted, but from which you have not quoted, paraphrased, or summarized material. In other words, Additional Sources are sources that were useful to you in some way as you researched/wrote your paper, but you have not included any material from those sources in your paper. Format these Additional Sources as you have formatted your Sources, except Additional Sources are listed in alphabetical order by author’s last name. NOTE: you might or might not have an Additional Sources section. You will need an Additional Sources section only if there were sources which were significantly important/helpful to you in writing your paper, but you did not want or need to actually quote, paraphrase, or summarize material from these sources.
Additional sources must be listed alphabetically by the author’s last nameIf a source does not have an author’s name, use the first word of the source’s title. Arrange the bibliographical information exactly as you would in the References section (except there will be no bracketed number). The Additional Sources section goes after the Sources section
ACKNOWLEDGMENTS
An Acknowledgments section IS REQUIRED! In this section, you “acknowledge”—note your appreciation for—individuals or groups (or other types of helpful resources) that assisted you in some particularly useful, important way. For example, if you had some serious discussions with your roommate about your paper, you might thank him or her. Or, for instance, if a friend helped motivate you to keep working on your paper, you might thank him or her. Perhaps a Pitt Tech Consultant helped you solve a complicated computer problem that occurred as you were writing, you might thank the Consultant.
1
Justin Long
FORMATTING STRATEGY 1: TYPE ON THIS TEMPLATE
You may use this template to type or paste your own writing into the formatted title, headings and subheadings, and columns. To do so, you would select/highlight a line (such as a section heading) or a block of text (such as a paragraph) and replace the original text with your own text. Your text will then be in the same format as the original text. If you opt for this strategy, be sure that none of the original formatting instructions (the “original text”) remains in your paper.NOTE:There are many “bulleted” sections on pages 1 & 2 of this document—if you are using this document as a “replace text” template, be sure you are not putting all of your text into bulleted lists/format.
If, instead of formatting via template, you would would like to set or double check format specifications via your settings, you can “Use Settings” as detailed below (and as specified in the “checklist” on pages 1 and 2).