Colin Armstead

How safe is your information online? When you consider cyber crimes, like the 2013 Target breach where the information of as many as 70 million customers was spilled, cyber security takes on an air of particular urgency. Most people put their trust in the structure of online systems, taking their security for granted. But it’s someone’s job—in fact, it’s many IT professionals’ jobs—to guard against malicious code and information breaches.

The next wave of IT professionals is learning about cyber security and studying ways to make data more secure. We sat down with Colin Armstead, a recent graduate of the Information Technology Infrastructure (ITI) program, to ask five questions about cyber security. Armstead chose to focus his attention on cyber security through a directed study course during his last semester in the ITI program.

How would you define cyber security?

Cyber security is the technology and processes to protect networks, computers, programs, and data from any kind of attack or unauthorized access. In my directed study, I focused on web application security and network security. Web application security involves building secure databases and websites using Javascript and other forms of coding in a secure way that can’t be exploited. Network security is about building a secure infrastructure with things like firewalls and isolated network environments. I also researched the Internet of Things, which is a network in and of itself, and discovered how it connects to cyber security.

What is the “Internet of Things” and how is it connected to cyber security?

The Internet of Things is the connectivity of all “smart” devices in your daily life. So, your phone, your TV, your tablet, even your car—these can all be connected, or made “smart” by adding small computers that connect them to this larger network: the Internet of Things. In my research I was asking, How secure are all of these different things that are now being added to the global network of the Internet? Are they accessible to others, and are they in danger of being exploited?

In my research I looked for currently exploitable devices. Webcams, for example, have default usernames and passwords connecting them to the Internet. This default setup puts them in danger of being exploited. If a hacker wanted to, they could use bots to scan Internet ranges and IP addresses, looking for webcams that use this default setup. Once found, the unsecured webcam could be corrupted with a bit of malicious code and added to a bot network, or “botnet,” which is a network of small devices working together to perform one activity.

How concerned should the average person be about the security of their information?

I think cyber security is something people should make an effort to learn more about because we’ve seen security breaches happen in the past and we’ll continue to see it in the future. If there was more demand from consumers to make their devices secure, we might see a difference in how those devices are built. Unfortunately, theoretical threats don’t make people take action. The general public is reactionary when it comes to these types of dangers. As the IT field grows, we’ll have security issues that coincide with that.

It’s less likely that the individual person is going to get hacked. What you see more often are large-scale breaches, which is scary in its own way. We all still have to trust other people with our information. It’s tough.

Can cyber crimes be prevented?

You can try to learn the telltale signs of how things like botnets behave, and there’s a whole area of research for how to deal with that and minimize their effectiveness. And there are ways to build networks to defend against threats. At the corporate level, IT departments take the time to make security and prevention a best practice and standard. It’s implicit in how corporations build their networks, isolate their networks behind firewalls, and make sure only certain types of traffic go through certain areas of their networks. Individuals could do that same thing on the home level, too, but it would require a lot of technical work.

What are students like yourself learning at the University so that they can improve cyber security?

Speaking for myself and my ITI major, I’ve taken a number of classes on network administration and network infrastructure, as well as my directed study on cyber security and the Internet of Things. Network security is an important part of our field and an important topic within this major. We have to be able to keep our information safe.