Budny 10:00
L10
Engineering Challenge: Cyber Security
YOU COULD BE TWO PEOPLE Problems Created by the User
As engineering accomplishments rise to new heights and fix Having an unsecure cyber space for uneducated users is very
problems, there are always new problems that engineers dangerous. There are many security leaks that users can
must turn their focus to. The National Academy of create by mistake. For example, a user may unwittingly
Engineering decided that there were fourteen engineering download a computer program to help do his or her taxes,
“Grand Challenges” [1]. One extremely important challenge but in the end, it may actually be mining information about
is securing cyberspace. This is of vital importance because the user [3].
in the United States and other modernized nations, there is a
Why Current Solutions are Ineffective
looming threat for serious crimes to occur in cyber space.
There are small threats such as viruses which may delete a Current solutions for cyber protection are ineffective for a
few files, and then there are total invasions of privacy. There variety of reasons. The economic market rewards those
is a chance that an individual may have all of his or her solutions that are the cheapest and quickest to be engineered
private information stolen and used in identity theft. The rather than those that would have an adequate amount of
cost of having such information stolen can cause an time in testing [3]. In a business driven world, there simply
individual to have many new problems that affect their life is not as much motivation to spend time and money
adversely. In my opinion, having a secure means of keeping developing a perfect product if there is going to be a lower
private information away from malevolent eyes in yield of income. To reduce development costs, companies
cyberspace is essential for an individual to prevent identity also create large all-in-one programs which ultimately add to
theft. the chaos of cyber security by being misunderstood by the
Cyber security has many ethical issues surrounding it. general public and creating a larger attack area [3]. If a user
Since cyber space is a plethora of all types of information, misconfigures a PC security package, how can the user
including personal, it would be seemingly easy to violate expect his private information to be kept safe? Another
ethical issues even with good intentions. method for keeping revenue up and costs down is by making
Education of the many engineering problems is very new releases of a security product [3]. Due to the large
important. These are problems that may not be solved by the changes, new security vulnerabilities usually appear [3].
current generation or even the next, and that is why it is of
the utmost importance for freshman engineers to come into Why a Solution is Required
the field knowing of these issues.
For the issue of securing cyberspace, it is just as much, A solution to the growing concern of cyber security is
if not even more important to study as the other engineering needed because people need to be secure doing work and
challenges. This would be a good issue to learn about other various tasks. Without security, individuals with
because modernized nations and even technologically weak selfish aims will steal information.
countries are growing to depend more and more on Criminal actions such as identity theft have led to about
technologies such as the internet. There may even come a $49.3 billion being stolen from US victims in 2006 [4].
day when every bit of information is virtualized. Would People who are victims of identity theft not only face severe
anyone want that day to come knowing that cyberspace was monetary loss, but also loss of extensive amounts of time
not secure? because they have to fix the problems created by the identity
thief [5]. Such problems range from having a bad credit
WHY IS THIS A PROBLEM? score, being unable to secure a job or even wrongful arrest
[5].
It is becoming increasingly more important to have secure Due to the anonymous nature of cyber space, criminal
information storage because the world is becoming investigations into such matters can cost up to $25,000 to
increasingly reliant on digital information processing and investigate because of the extent of resources required to
storage. find a perpetrator [5]. For example, the virulent computer
worm Conficker has infected over 3 million machines. All
How Identity Theft Can Occur the instances of this worm are inactive, but if they were to be
There are many ways for identity theft to occur in cyber activated they could cause massive amounts of damage and
space. Identity theft can occur from malicious programs data theft [6]. Such a large threat exists but it still has not
called malware that are commonly used by attackers to been able to be removed by modern engineers and computer
eavesdrop on network traffic and then steal private programmers. This clearly says that a new solution needs to
information such as passwords [2]. be created before something catastrophic happens.
University of Pittsburgh
Swanson School of Engineering October 28, 2010
1
Hiral Patel
A POSSIBLE SOLUTION should be good for the public[11]. With such ethical
guidelines set, what really is going too far?
Trying to find a solution to the problems of virtual identity Discussing such values and ethics in college is of high
theft would be very difficult. One possible method would be importance. It is a valuable learning experience that all
to have a different type of cyber space in which there is a freshmen engineering programs should include because
proactive defense monitoring system. Such is a proposed engineers solve problems, and being familiar with the
method by the U.S. Government in which they hope to be problems and the limitations created by ethics before going
able to make cyber communications much like into a work environment would be a very good idea.
telecommunications where the internet could be
“wiretapped” [7]. Through this method, communications EDUCATION VALUE
about all sorts of events such as identity theft and malware
distribution could be viewed and acted upon. This method Studying engineering challenges and ethics has been a very
will be enhanced further by having a “cyber czar” to important experience for me. It has helped me to see why
coordinate offensive tactics against cyber criminals [8]. ethical guidelines are in place. For most colleges, an
PC software distributors and protection software makers engineering student would most likely never have to take an
would contribute to this effort by making products less ethics course. Without that experience many engineers may
reactive to threats and more proactive. The usual method of head to the work place with little regard for engineering
making a security program involves vulnerabilities being ethics. For example, before the Challenger explosion, some
exploited by individuals with malicious intent, seeing the engineers insisted on the hazard of the shuttle but relented
vulnerability and then fixing the vulnerability. This method because they feared losing their jobs [12]. The way
would not be sufficient enough for many people who could engineers should act is towards the public good first, as
lose their private information or entire identities. If the stated by various engineering codes [12]. Overall, this has
“wiretap” method was instated, security packages would be been a very beneficial learning experience for me because I
built around the method and could have better logging of see the problems engineers face in their jobs and the cyber
information and what is sent from where and by whom security realm.
which would ultimately give better protection. A proactive
approach that involves attacking back at cyber criminals and CONCLUSION
stopping the transmission of vital data, such as an Overall, a valid challenge for engineers to try and overcome
individual’s social security number, would then be in place is the challenge of preventing identity theft that occurs due
[9]. The reason for such a system to not already be in place to an insecure cyber space. With the importance associated
and be under development is that it requires software with keeping your own identity, there needs to be a way to
engineers and manufacturers to use a different line of protect it and keep it from falling into the wrong hands.
thinking, one that is not fully mastered yet. The questions that arise from such challenges though
are what is going too far? And will this really help people?
ETHICS For experienced engineers and students alike, a strong
To get good solutions to problems, engineers must follow a consideration needs to be placed on what is right before all
code of ethics. The NSPE code of ethics is the general code else.
engineers follow. However, the solution proposed by the
U.S. Government is seemingly a gray area. The Computer REFERENCES
Society’s Ethics Code Section 1.03 says that the public’s [1] “Introduction to the Grand Challenges for Engineering.” National
privacy should not be diminished and the first canon of the Academy of Engineering. Washington, D.C. [Online]. Available:
NSPE code, about working for the public welfare, is violated http://www.engineeringchallenges.org/cms/8996/9221.aspx
[2] P. Dasgupta, and L. Wifu. (2008). “Coprocessor-based Hierachical Trust
but at the same time it could also help the public [10][11]. Management for Software Integrity and Digital Identity Protection..”
For example in section II.1.C of the NSPE code, it says, Journal of Computer Security. Vol. 16, Issue 3. pp. 311-313. [Online].
“engineers shall not reveal facts, data, or information Available: Academic Search Premier, EBSCOhost
without the prior consent of the client or employer,” and [3] E. Spafford. (2010,August). “Privacy and Security: Remembrances of
Things Pest.” Communications of the ACM. Vol. 53, Issue 8. pp. 35-37.
with the “wiretap” solution to cyber security, engineers [Online]. Available: Academic Search Premier, EBSCOhost
would be required to reveal this information to many [4] W. Roberds, and S. Schreft. (2008, September). “Data Breaches and
institutions [10]. This would follow the public welfare canon Identity Theft.” Working Paper Series (Federal Reserve Bank of Atlanta).
by helping locate cyber criminals though. Simply put, this pp. 1-3. [Online]. Available: Academic Search Premier, EBSCOhost
[5] M. Chawki and, M. Wahab. (2006). “Identity Theft in Cyberspace:
method would violate many people’s privacy whether they Issues and Solutions.” Lex Electronica. Vol. 11, no 1. pp. 1-9. [Online].
are the sought after cyber criminals or not. The Computer Available: http://www.lex-electronica.org/docs/articles_54.pdf
Society’s Ethics Code Section 1.03 says that privacy should [6] D. Talbot. (2010). “Moore’s Outlaws.” Technology Review. Vol. 113,
not be diminished but it also says that the ultimate effect Issue 4. pp. 36-38. [Online]. Available:
http://www.lex-electronica.org/docs/articles_54.pdf
2
Hiral Patel
[7] C. Savage. (2010, September). “U.S. Tries to Make It Easier to Wiretap
the Internet.” The New York Times. [Online]. Available:
http://www.nytimes.com/2010/09/27/us/27wiretap.html?_r=1
[8] R. James. (2009,June). “A Brief History of Cybercrime.” Time.
[Online]. Available:
http://www.time.com/time/nation/article/0,8599,1902073,00.html
[9] (2010,August). “McAfee Labs: It’s Time to Be Proactive on
Cybersecurity.” McAfee, Inc. Security Journal. [Online]. Available:
http://newsroom.mcafee.com/article_display.cfm?article_id=3676
[10] “NSPE Code of Ethics for Engineers.” [Online]. Available:
http://www.nspe.org/Ethics/CodeofEthics/index.html
[11] “Computer Society and ACM Approve Software Engineering Code of
Ethics.” [Online]. Available:
http://www.computer.org/cms/Computer.org/Publications/code-of-
ethics.pdf
[12] M. Singleton. “The Need for Engineering Ethics Education.” Frontiers
in Education Conference. [Online]. Available: IEEEXplore, Digital Library
ADDITIONAL RESOURCES
(2006, June). “Immunizing the Internet, or: How I Learned to Stop
Worrying and Love the Worm.” Harvard Law Review. Vol. 119, Issue 8.
pp. 2442-2463. [Online]. Available: Academic Search Premier, EBSCOhost
ACKNOWLEDGEMENTS
Dan McMillan for explaining how to write this paper.
Dave Gau for a morale boost.
3