Mines Center for Cybersecurity and Privacy takes multidisciplinary approach to new threats
By Ashley Piccone, Special to Mines Research Magazine
As today’s networks become more interconnected and complex, security risks become more evident. Malicious attackers can remotely intrude into systems and access sensitive information and manipulate transactions. Phishing emails abound, and smart devices, like cameras and speakers, present even further opportunities to invade privacy. On a larger scale, security breaches in critical infrastructure, such as in natural gas pipelines, transportation, water resources, healthcare, food and agriculture, can have severe consequences.
That widespread and daily relevance is what interests associate professor of computer science Chuan Yue and inspires his research into the security of cyber systems within Mines’ Center for Cybersecurity and Privacy (CCSP).
“The nature of cybersecurity problems remains the same, but the scope is growing much larger,” he said.
Working with Mines’ CSSP, an interdisciplinary collaboration between computer science, electrical engineering, social science, economics and business faculty, Yue seeks to solve challenges related to web, mobile, Internet of Things and cloud systems and does so in alignment with the Federal Cybersecurity Research and Design Strategic Plan.
CSSP researchers are prepared to defend against, and learn from, malicious cyberattacks. They send browsers to visit tens of thousands of websites, where they gather information about the pages, their protections and their vulnerabilities. Analysis informs another component of their strategy: designing new features and functionalities to protect users.
“Program analysis looks to see if website vulnerabilities are related to the programming language,” said Yue. “That, together with machine learning techniques, helps us analyze what could be wrong and what should be improved.”
Data collection and analysis inform strategies to design better websites and devices to protect users. But perhaps more important is teaching users to protect themselves. Mines researchers from business, economics and social sciences work with Yue to measure user understanding of attacks and determine best practices for their engagement and education.
“Cybersecurity is interdisciplinary,” said Yue. “Hackers have financial incentives, so we have a strong collaboration on the economics perspective. From the social, behavioral side, how attackers perform and how vulnerable people perform are related to human nature.”
Working in the other direction, Yue and his team help with quality control of crowdsourced surveys, which are used to collect important data for the social, behavioral and economic sciences and can easily be manipulated by attackers.
Through these collaborations and by allying with other engineering-focused researchers at Mines, Yue hopes to build safer web systems, technology and critical infrastructure from the ground up. That begins at the individual level.
“Largely, security and privacy problems are due to humans,” said Yue. “If we can identify trends in potential risks and educate users, or regular people, about those risks, then when they visit different websites they will be more cautious and keep themselves and others safe.”