Cybersecurity? Easy. Secure usability? Hard

It’s easy to protect a digital information system from cyberattacks, says Marc Dupuis — just don’t plug it in or connect to the internet. And then good luck using that phone, computer or app, says the assistant professor of computing and software systems at the University of Washington Bothell.

A key cybersecurity challenge is the balance between security and usability, Dupuis told an audience at a presentation March 29 at Chateau Ste. Michelle. About 80 people attended the program called Facing a New Era for Cybersecurity, which was sponsored by the University of Washington Bothell's Office of Research and Office of Alumni Engagement.

Dupuis was one of four UW Bothell faculty members who appeared in short videos. The others also are assistant professors in computing and software systems in the School of Science, Technology, Engineering & Mathematics. In his teaching and research, Dupuis thinks about the human component in emerging technologies. Brent Lagesse studies crowdsensing. Yang Peng considers the benefits and risks of the “internet of things.” Geetha Thamilarasu tests the security of medical devices.

Scott David

Scott David / Zach Ruble photo

Scott L. David, director of policy at the Center for Information Assurance and Cybersecurity (CIAC), served as both a speaker and moderator of the program, which was followed by a reception at the Woodinville winery. He outlined the mind-boggling changes and challenges that have come with advances in technology.

The unintended consequence of creating the internet is a system not subject to centralized control, David said. The result is an “entropy bomb” that diminishes the role of many central institutions in connecting people and information.

What this means for individuals is that they must — often on their own — learn to navigate the digital world, balancing transactions on what David calls an “insight-intrusion slider.” They want the insights, but in return they must give up some privacy and security.

“Everyone has a hacker in their pocket if you have a phone with you,” he said.

David blended the four faculty videos into his talk. In his, Dupuis said he asks his students to consider how people use computer systems — how they see and interact with them. Dupuis also studies ways in which personality can affect behavior, such as how often people back-up data or what kind of personal information they post on social media.

Lagesse researches crowdsensing, which aggregates sensors already in the environment, mostly on mobile phones, to capture and communicate information. Ideally, this data can be used in beneficial ways, like directing or allocating emergency resources, says Lagesse. Problems arise in making sure the information is not captured without consent, manipulated by malware or used to target individuals.

Peng's area of expertise is in the design of sensor networks that allow for the growth of the internet of things. By maximizing the effectiveness and efficiency of sensor networks, computers and other smart products can collect, use and share digital information that has the potential to benefit people in their daily lives, says Peng. One big way mobile and wearable devices could help, for example, is by improving health care.

Integrating medical devices into the internet of things will allow for early diagnosis and constant monitoring, says Thamilarasu. One problem is that most of the older devices don’t have security standards to prevent the flow of information from being intercepted or modified. Thamilarasu researches ways to protect data on a software level, without requiring hardware changes in legacy devices, thus easing the way for new products to come onto the market.

Zach Ruble

Zach Ruble with cyber trophy

After the formal program, attendees had the opportunity to network and speak with faculty, staff and students from UW Bothell about their work and educational programs. One student showcased a poster about the T-Mobile cybersecurity internship program. Another, Zach Ruble, president of the Gray Hats club, brought the third-place trophy the club won in the annual Pacific Rim Collegiate Cyber Defense Competition held March 23–25 at Highline College.

"Not only was this a fun event in a great venue, it was also a chance to communicate the urgent context of the research UW Bothell faculty are doing in cybersecurity  — an issue that’s in the headlines daily," said Carolyn Brennan, assistant vice chancellor of research.

UW Bothell offers a Master of Science in cyber security engineering. Other offerings with a cybersecurity component include the Bachelor of Science in computer science and software engineering, and a graduate certificate in software design and development.

The University is also home to CIAC, which has been designated by the National Security Agency (NSA) as a center of academic excellence in cybersecurity education and research. CIAC promotes research and helps prepare students for careers protecting individuals, businesses and government agencies from cybersecurity threats. In recognition of its successful government-industry-academic programs, UW Bothell was selected to host the 2018 Centers of Academic Excellence Executive Leadership Forum in April in Bellevue.