Opinion, Berkeley Blogs

UCB leader in critical infrastructure protection research

By Doug Tygar

Cyberwarfare is something that is taken seriously by the Chinese and Russian military.   Officers in the (Chinese) People's Liberation Army have written treatises on cyberwarfare.  And we have extensive evidence of successful penetrations of US governmental and military sites.  The US also takes cyberwarfare seriously:  Defense Secretary Gates announced on June 23rd a new "US Cyber Command" (part of the US Strategic Command).

While protection of government and military computer systems is a priority of the first order, the US is even more vulnerable to electronic attacks on the civilian critical infrastructure.  These attacks are not merely a hypothetical possibility, as President Obama discussed in his May 29 remarks:

It's about the privacy and the economic security of American families.  We rely on the Internet to pay our bills, to bank, to shop, to file our taxes.  But we've had to learn a whole new vocabulary just to stay ahead of the cyber criminals who would do us harm -- spyware and malware and spoofing and phishing and botnets.  Millions of Americans have been victimized, their privacy violated, their identities stolen, their lives upended, and their wallets emptied.  According to one survey, in the past two years alone cyber crime has cost Americans more than $8 billion.

I know how it feels to have privacy violated because it has happened to me and the people around me.  It's no secret that my presidential campaign harnessed the Internet and technology to transform our politics.  What isn't widely known is that during the general election hackers managed to penetrate our computer systems. . . .  But between August and October, hackers gained access to emails and a range of campaign files, from policy position papers to travel plans.  And we worked closely with the CIA -- with the FBI and the Secret Service and hired security consultants to restore the security of our systems.  It was a powerful reminder:  In this Information Age, one of your greatest strengths -- in our case, our ability to communicate to a wide range of supporters through the Internet -- could also be one of your greatest vulnerabilities. . . .

In one brazen act last year, thieves used stolen credit card information to steal millions of dollars from 130 ATM machines in 49 cities around the world -- and they did it in just 30 minutes.  A single employee of an American company was convicted of stealing intellectual property reportedly worth $400 million.  It's been estimated that last year alone cyber criminals stole intellectual property from businesses worldwide worth up to $1 trillion.

In short, America's economic prosperity in the 21st century will depend on cybersecurity.

And this is also a matter of public safety and national security.  We count on computer networks to deliver our oil and gas, our power and our water.  We rely on them for public transportation and air traffic control.  Yet we know that cyber intruders have probed our electrical grid and that in other countries cyber attacks have plunged entire cities into darkness.

Our technological advantage is a key to America's military dominance.  But our defense and military networks are under constant attack.  Al Qaeda and other terrorist groups have spoken of their desire to unleash a cyber attack on our country -- attacks that are harder to detect and harder to defend against.  Indeed, in today's world, acts of terror could come not only from a few extremists in suicide vests but from a few key strokes on the computer -- a weapon of mass disruption.

UC Berkeley is arguably the leading US university in the areas of computer security, privacy, and cyber critical infrastructure protection.  We have a core group of researchers (particularly in our Department of Electrical Engineering and Computer Science; our School of Information; our School of Law; and our School of Public Policy) who are focused on real-world cyber-protection.  And Berkeley is the lead university in the National Science Foundation's Science and Technology Center in Computer Security:  our Team for Research in Ubiquitous Security Technologies (TRUST).  The TRUST Center, headquartered at UC Berkeley also includes researchers from a number of other institutions including Carnegie Mellon, Cornell, Stanford, and Vanderbilt.  The TRUST Center has three major directions:  (1) protecting financial infrastructures (including protecting individuals from identity theft); (2) protecting health infrastructures (including protecting the privacy of medical records); and (3) protecting physical infrastructures (including the power grid, natural gas distribution, automated railroad control, water, transportation).  For more information about TRUST, see here.  And this is no "Ivory Tower" effort:  Berkeley researchers have developed a variety of powerful technologies which have been successfully transitioned to both industry and government.

We are working hard on these topics.  It is a topic of very real concern.  In the meanwhile, please be careful in cyberspace.