News

UCI Cybersecurity Group Will Simulate Attacks

By Kevin Costelloe
Monday, August 26, 2019

A University of California-Irvine cybersecurity effort is planning a “test range” to simulate and evaluate various types of cyberattacks, the group’s executive director said.

UCI Cybersecurity Policy & Research Institute’s Bryan Cunningham said the effort will let the group “pretend we’re all different kinds of attacker groups” targeting electronic victims.

Different kinds of devices will be tested over time, likely starting with “connected medical devices,” such as implantable pacemakers, Cunningham told the Business Journal on Aug. 6. “I’m hoping by the end of the fourth quarter this year we’ll have at least some attacks that we can actually demonstrate.”

Cunningham cautioned the ability to kill or severely injure someone by a cyberattack on a medical device remains “largely theoretical” at present, but such an attack “would be horrible for the patients and their families,” and gives the group a way to begin testing against other dangers as well.

“By far, by orders of magnitude, the threat to critical infrastructure—water sector, air traffic control, traffic systems, emergency response—those are much bigger threats,” to the nation as a whole, he said.

Cunningham is also considering a cybersecurity mission of California companies to the MWC Barcelona, formerly Mobile World Congress, in February, hoping for a half-dozen companies to take part, expanding awareness of threats and defense against them.

Security breaches at Equifax Inc. and Capital One, along with news reports of global threats involving Russian and Iran, U.S. military recruiting focused on tech skills, and other events, have helped raise public awareness of cybersecurity issues.

But he said too little concrete action has been taken to date.

“It’s surprising how little individual[s] and even a lot of small companies think it affects them,” he said. “You get numb with all of the notifications.”

Cunningham noted there will never be perfect and lasting cybersecurity.

“Generally speaking, in all military or intelligence or engineering endeavors, it’s much quicker and easier to adapt as the offense than the defense.” he said. “The bad guys are always figuring out ways to defeat today’s protections.”

— Kevin Costelloe

courtesy of The Orange County Register.