When the seeds of the modern internet were planted in the early 1980s, the system was basically a network for graduate students to send each other emails and do scientific computing. A virtual clubhouse for tech geeks.
“Everyone believed they could trust each other because they were all graduate students playing with computers,” says Sharon Goldberg, associate professor of computer science and a Rafik B. Hariri Institute for Computing and Computational Science & Engineering faculty fellow. Many of the internet’s protocols and algorithms, which were created during an era that has long since vanished, “are baked into the architecture, and it’s very, very hard to change them.”
At a cybersecurity briefing on Capitol Hill last spring hosted by Boston University Provost and Chief Academic Officer Jean Morrison and the Congressional Cybersecurity Caucus, Goldberg detailed for congressional staff members how that innocent trust among early users has led to a system now highly vulnerable to attackers. Not only can cyber outlaws eavesdrop undetected, but they can also intercept, manipulate, and change internet traffic with users none the wiser. We’re not just talking online shopping, either, but the potential for significant damage to vital global systems such as industrial control systems or utility and power systems.
At BU, Goldberg, winner of an Alfred P. Sloan Fellowship and a National Science Foundation CAREER Award, spends her waking hours figuring out ways to identify and correct those weaknesses. Recently, she and several of her students discovered a potential vulnerability in the Network Time Protocol (NTP), the software that synchronizes clocks on computers. Applications ranging from bank website encryption schemes to Bitcoin systems to website authentications could have been breached. “If NTP breaks, many other computing applications break as well,” says Goldberg.
Back in Washington, Nick Leiserson, a staff member for Congressman Jim Langevin (D-R.I.), the co-chair of the Congressional Cybersecurity Caucus, said legislators now recognize “that any talk of security, whether it’s economic or national security, needs to have a cybersecurity component to it.” With a lack of technical backgrounds among staffers on the Hill, Leiserson said, there is a need for experts like Goldberg and her colleagues, “who can translate technology in ways policy makers can understand.”