The recent strings of cyber attacks (SolarWinds), ransomware attacks (gas pipelines) and newly uncovered weaknesses (5G non-standalone security shortcomings) are sober reminders that our cybersecurity is tenuous if we are not vigilant by strengthening our connections to the internet.
Thus, it’s apropos that “Do Your Part. #BeCyberSmart” is the theme of Cybersecurity Awareness Month 2021, a public awareness campaign cosponsored by our operational partners at the Cybersecurity and Infrastructure Security Agency (CISA), as well as the National Cyber Security Alliance (NCSA). The goal of this annual informational campaign, which was first launched by NCSA and the Department of Homeland Security in 2004, is to educate Americans on how to be safe online and provide them tips to boost their security.
At the Science and Technology Directorate (S&T), we are doing our part to ensure the nation’s, and our citizens’, cyber connections are strong and secure. We are engaged in several important research initiatives—ranging from protecting emerging 5G use-cases to safeguarding Public Service Answering Points (PSAPs)—that will help increase the nation’s cyber-resilience. Here’s a brief overview of a few of these efforts:
Mobile Security—Our Secure and Resilient Mobile Network Infrastructure (SRMNI) Research and Development (R&D) Project is addressing security and resiliency gaps in the mobile ecosystem. We are enhancing legacy (4G and earlier) and current telecommunications protocols (5G) and protections and implementing security safeguards into 5G networks. We also are leveraging 5G to demonstrate solutions that meet government security needs, including a secure voice and video capability for unclassified government communications and a protective Domain Name System for mobile network traffic.
911 Security—Our Emergency Communications R&D Project is working to enhance cybersecurity protections for emergency communications centers. PSAPs have become frequent targets of cyber and ransomware attacks, putting lives in danger because first responders cannot be dispatched to emergencies. The focus of this project is to protect 911 services by developing groundbreaking protections for vulnerable legacy systems and for the future interconnected Next Generation 911 systems.
Building the Future Cybersecurity Workforce—S&T and CISA jointly are developing a plan to build a national network of cybersecurity technical institutes that will educate the next generation of cybersecurity practitioners and leaders. Our agencies and our partners in academia are researching and will develop a plan that uses an academic hub-and-spoke model to create a national network of cybersecurity institutes to educate and train cybersecurity professionals.
Mobile App Security—Each year, thousands of new common vulnerabilities in software code are identified—12,000 in 2019 alone! An S&T R&D project developed a solution that identifies malicious code in mobile app software, preventing attackers from taking advantage of these vulnerabilities to launch cyber attacks. The solution protects against exploits such as stack manipulation, buffer overflows, execution of unintended code, and execution of an app’s code in the wrong order.
Cyber Tips for You
While S&T is busy working on cybersecurity research that will help increase our overall cybersecurity, here are three steps everyone can take to boost their own online security:
- First, always update computers and mobile devices when new security updates are available. These updates to productivity and security software, the web browser, operating system and applications provide the latest protection upgrades for newly identified vulnerabilities and risks.
- Next, never open links or attachments in emails from someone you don’t know; you could expose your computer or device to spyware or give criminals access to your or your employer’s network.
- Last, don’t assume the public wireless network in your neighborhood coffee shop is secure. Always treat a public wireless network as suspect and limit activity. Instead, use a virtual private network or a personal/mobile hotspot to shield passwords and private information from prying eyes.
Together, we—you doing your part and S&T through its research—will make cyberspace more secure today and tomorrow.