job harder. They are tools to be used as
part of a broad defense strategy.
PATRICK MCDANIEL: There’s been an
interesting transition of threats and
attacks over the last 10 years, and what
we’re seeing more frequently is professional attacks that more effectively
monetize the vulnerabilities in computers. In particular we have seen the
rise in things like ransomware, which
has become a very serious problem for
businesses, government agencies, and
organizations that don’t have full-time
professional cybersecurity staff.
Just looking at what is happened
over the last six months in the U.S.,
it’s clear that misinformation has become a major weapon in the cyber-criminal’s arsenal. I think we will see
even more attacks where misinformation is used to try and shape public
policy, sway public opinion or even
to alter people’s behaviors. Obviously
the use of misinformation is nothing
new—we’ve seen it before with stock
market manipulation, etc.—but I
think we’re going to see much newer
and inventive uses of misinformation
as a means of cyberattack.
PAUL VAN OORSCHOT: It’s a long-standing problem: software vulnerabilities
allowing compromise of user devices
and remote control of these compromised machines. This is easily addressed in theory, but harder to fix in
the real world. Problems stem from
long-ago and deeply entrenched architectural choices in operating systems;
use of software applications which favor rich functionality over conservative
SINCE ITS INAUGURATION in 1966, the ACM A.M. Turing Award has recognized ma- jor contributions of lasting importance to computing.
Through the years, it has become the
most prestigious award in computing.
To help celebrate 50 years of the ACM
Turing Award and the visionaries who
have received it, ACM has launched a
campaign called “Panels in Print,” a collection of responses from Turing laureates, ACM award recipients and other
ACM experts on a given topic or trend.
ACM’s celebration of 50 years of
the ACM Turing Award will culminate
with a conference June 23–24, 2017,
at the Westin St. Francis in San Francisco. This unique event will highlight
the significant impact of ACM Turing
laureates’ achievements on computing and society, to look ahead to the
future of technology and innovation,
and to help inspire the next generation of computer scientists to invent
and dream.
For our second Panel in Print, we
invited 2002 ACM Turing laureate LEN
ADLEMAN, 2014 ACM Prize in Computing recipient DAN BONEH, 2015 ACM
Grace Murray Hopper Award recipient
BRENT WATERS, and ACM Fellows PATRICK
MCDANIEL and PAUL VAN OORSCHOT to discuss current issues in cybersecurity.
The cybersecurity discipline has
developed rapidly. Do you think we
are staying ahead of, or falling behind, the threats?
LEN ADLEMAN: I think that we are
behind. Cybersecurity is a cat-and-
mouse game. There can never be a fi-
nal victory. The Internet is developing
so quickly, along so many paths, that
while we address current problems,
we cannot even anticipate those that
are emerging.
BRENT WATERS: In the research realm
of cryptography, we have made significant leaps in the past 15 years in
terms of which new functionalities we
can realize. These include solutions to
problems such as identity-based encryption, attribute-based encryption,
and fully homomorphic encryption,
and potentially can realize an exciting
primitive called indistinguishability
obfuscation.
Where we seem to be facing problems is filling in the gap between
sound cryptography and sound deployments. These deployments can fail for
any number of reasons from bad software implementation, to poor design
of new cryptography, to use of legacy
cryptographic protocols.
What do you see as the top cybersecurity threats in 2017 and why?
DAN BONEH: Social engineering attacks remain one of the top cybersecurity issues in 2017. Phishing and related attacks are still effective at stealing
user credentials. Targeted emails continue to be effective at fooling end users into installing unwanted software
such as adware, malware, or ransomware. These are common occurrences,
and are often the easiest way to gain
a foothold on a targeted system. Two-factor authentication and application
whitelisting can make the attacker’s
Cybersecurity
DOI: 10.1145/3051455
Brent Waters Dan Boneh Len Aldeman Patrick McDaniel Paul Van Oorschot