2016 saw an unprecedented use of cyberattacks during a U.S. presidential election. According to the U.S. Department of Homeland Security and the Office of the Director of National Intelligence, the Russian government directed theft of emails and release of information in an apparent attempt to influence the election.
What does this mean for the coming year? I asked Professors Karl Levitt, Matt Bishop, Hao Chen, and Felix Wu of the UC Davis Computer Security Laboratory for some thoughts about cybersecurity in the wake of the 2016 election hack. Here’s what they had to say.
New types of attacks, and getting back at Russia
- More targeted attacks on high profile or important individuals, such as those visited on John Podesta, Hillary Clinton’s campaign chairman, whose emails were released during the campaign
- As more devices other than traditional computers and phones are connected through the “Internet of Things,” there will be increased concern about attacks on internet-connected cars, medical devices, power grids, and so on. As a start, we will see at least standard security measures employed but this will not stem more sophisticated attacks
- There is a possibility of hijacking these devices into remote-controlled “botnets” that can launch further attacks
- “Ransomware” attacks that exploit the Internet of Things. Can you imagine having to pay a ransom to get access to your car or home during a blizzard?
- Attacks on “big data,” the very large data sets and algorithms that are now used in both industry and government to address a wide variety of problems. Unauthorized modifications to these datasets could result in erroneous inferences on climate models, strategies for national defense, response to infectious diseases, among possible consequences
- Fake news: We will see both attacks on social media intended to accelerate the spread of “fake news” and progress in thwarting such propaganda
- Behind the scenes, there will be lots of discussion on how to respond to the attacks on the 2016 election. For example, we may see online attacks of unknown origin on Russian assets and cyberinfrastructure.
Responding to cyberattacks
- More discussion about crowd sourcing as a way to discover vulnerabilities and attacks
- More efforts to co-ordinate responses between organizations, across sectors (industry, non-profits, academia) and with the government. People will become more open about the attacks they see, and there will be quiet efforts to improve coordination and resources
- Efforts to improve the state of cybersecurity will, unfortunately, mostly continue along the current state of “catch-and-patch.”
And this closing thought:
“This might be the year we confront a crossroads in privacy. There might be real efforts to provide privacy for individuals, or we will just give up any expectation of privacy in a world of internet-connected devices, social media and big data. Do people still care enough about privacy?”
For more faculty predictions about what’s in store for 2017, go here.