Best Tech: Keeping the nation safe online

23 April 2019

Interview with 

Chris Johnson, University of Glasgow

HACKING

The image shows a hooded person hacking a laptop.

Share

Chris Smith asks computer scientist Chris Johnson from Glasgow University to take us through his favourite technology... 

Chris J - The National Cyber Security Center if you like is the public facing part of GC HQ that's responsible for promoting the cyber security of the country as a whole. And the more things that we rely on in our daily lives for computational infrastructure the more we're going to have to look to people like them to protect us against the growing range of threats. When I worked at NASA we did things like fault injection, so deliberately putting bugs into our own code. Then we would give it to testers, and if they came back and they'd said we found eight bugs and you'd already put in 10 - keep testing keep testing, and then one time they edited the code made the changes tried to track down bugs, and they came back and after about six months still only found nine bugs, and we're like OK we'll show you where it is. And then we couldn’t find the bug that we deliberately put in ourselves. That's a bad day. But the reason for telling that story is that the thing that I wanted to talk about was the national cybersecurity center because this is the kind of connection between the space safety stuff I did first and the cybersecurity stuff, right? The connection is this: Dykstra said testing proves the presence of bugs not the absence. Right. When you run an antiviral checker on your computer, does that mean your computer is clean, or does it mean maybe that you have a very poor antiviral checker.

Chris S - The other day Chris I was really shocked when we had on our programme someone who showed me a technique for hacking a computer where it's literally a USB cable. And the point they were making is that we think about online threats and sort of downloading malware and so on. But we don't think about the cables we plug into our computer and cyber criminals are now engineering cables with little bits of electronics in the cables so when you plug it into your computer it actually installs malware on your computer from the cable and you don't know about it but it's then hijacked your machine.

Chris J - Yeah well we have those sorts of systems in the lab that we run in Glasgow. And the reason that we have them is that we're looking at ways of crossing what's called the “air gap”. A lot of the high value or safety related systems today aren't connected to the Internet, so to get malware into them you have to look at these other techniques through for example taking devices in through the supply chain and things like that. And I think what we really need to understand is that this isn't just teenagers or criminals, it's government agencies now professionally developing attack methods. That's why things like the National Cyber Security Center is so important.

Chris S - Just very briefly, Chris, what then are your top tips for staying safe?

Chris J - Have a look at the National Cybersecurity Center website, really easy to find. On it there are five tips, I won't go into all of them in detail, but things like updating the software of your operating system. Even though it says it might take 10 minutes to do, it is actually worth doing. Pretty much the only systems that were compromised by “WannaCry” were those that hadn't been updated. So, make sure you update your software.

Chris S - Run the updates! Thanks, Chris.

Adam - Is anyone else sufficiently terrified? Anyone else have the urge to smash all the computers with rocks now, just in case?

Comments

Add a comment