Subscribe to The Brown Daily Herald Newsletter

Sign up for The Brown Daily Herald’s daily newsletter to stay up to date with what is happening at Brown and on College Hill no matter where you are right now!

Subscribe

News, Science & Research

‘We’re facing a tipping point:’ Cybersecurity in the age of COVID-19

Cybersecurity, IT experts weigh in on Zoom, TikTok safety measures and concerns about digital dependency during the pandemic

By
Senior Staff Writer
Thursday, October 1, 2020

In the rush to transition many aspects of our daily lives online — attending virtual lectures, working a full-time job from home and communicating over social media — one issue has risen to the forefront of local and global concerns: cybersecurity. 

“We’re facing a tipping point in terms of global cybersecurity and privacy, as a result of the pandemic forcing everybody out of the streets and their offices and into their home offices and online,” said Timothy Edgar, senior fellow at the Watson Institute for International and Public Affairs. 

Edgar formerly worked as the deputy for civil liberties in the Office of the Director for National Intelligence, later advising the National Security Council on cybersecurity policy under former President Barack Obama’s administration.

The COVID-19 pandemic has definitely “accelerated the vulnerability we all have to cybersecurity problems, … (forcing) us to hyper-accelerate our movement to the cloud and to digital communication,” Edgar said. While trends toward remote work existed previously, the pandemic has rapidly driven those trends forward. It has increased our susceptibility to security and privacy threats, such as by necessitating virtual communication platforms. 

Cybersecurity for communication

Zoom, the primary video communication platform used in much of the world and by the University, was initially unprepared to handle cybersecurity for the onslaught of new users due to the pandemic, Edgar said. The American company has made significant improvements in the past few months, such as giving users greater control of where their Zoom data is stored. But Zoom’s technological dependence on China for its hardware infrastructure has “raised a lot of concerns in many Western countries, including the U.S., about cyberspying by the Chinese government,” Edgar said.

Still, in comparison to alternative platforms, Edgar said that the University cannot be faulted for relying on Zoom for courses and communication. “Brown is in the same position as a lot of universities,” he said, needing “a platform that is easy to use and functional.” 

Edgar’s main concern with Zoom lies in the recording of lectures and discussions on the platform. Since the University’s transition to fully remote learning in March, classes have commonly been recorded in order to accommodate students taking courses in different time zones. While Edgar understands the importance of recording university courses, “we do need to be very careful that we don’t simply decide that the recording of everything that we do is now suddenly acceptable for convenience reasons,” he said.

The University’s IT Service Center currently recommends that faculty download and post recorded Zoom calls through the Canvas website, which uses a secure software called Panopto, Director of Information Security Mark Dieterich said. Students taking asynchronous classes are only able to view recorded lectures on Canvas through Panopto, which allows “fine-grain control” — limiting access to those in a specific section of a class, for instance. But Zoom also allows hosts to download recorded meetings to the cloud; if this happens, the video will be automatically deleted after a year, and a Brown log-in is required for access if it is shared before its deletion.  

“Brown has been focused on flexibility. We want to do everything we can to make things secure, but we don’t want to make it so hard to use that it’s no longer attractive; that’s one of the fine lines we need to walk in security,” Dieterich said.

The University does not currently require the use of waiting rooms and passcodes, which would raise the barrier of entry for meeting attendees, and instead leaves the decision up to each faculty member, Dieterich said. The University notified the Brown community Aug. 28 that Zoom would mandate the use of waiting rooms and passcodes. But Zoom has since backed away from this decision, prompting the University to release a follow-up announcement Sept. 24 stating that these safety precautions are encouraged but not required.

Zoom-bombing — the intrusion of uninvited guests into a meeting — last occurred at the University in early April. No Zoom-bombings have been reported since, Dieterich said. 

A staple feature on Zoom is the chat function, which allows meeting attendees to send messages either publicly to everyone in the meeting or privately to a person of their choice. Public chats are accessible by the meeting host and the administration after a meeting ends; messages are not downloaded automatically, but may be downloaded by the host at their discretion. The University administration can also use chat information in the case that they are legally bound by subpoena, but will not use the information in any other situation, according to Dieterich. There is no record of private chats after the meeting ends, he said. 

As one recently added security measure, Zoom has employed staff to monitor public feeds on Twitter and notify respective meeting hosts about meeting links and passcodes that have been accidentally shared in tweets.

University measures to combat online security breaches

“Higher education is one of the most attacked industries” because of the profitability of intellectual property located within academic institutions’ virtual systems, Dieterich said. The IT Center currently uses multiple firewalls within the University network that detect between 13,000 and 450,000 suspicious network connections each day. Only around two percent of these connections are permitted through the firewall to the next layer of defense, according to Dieterich. 

The University has implemented various types of security measures to build these barriers. Edgewise, a technology installed this fall, safeguards against attacks across different segments of the network. A different tool called STINGAR based at Duke University purposefully entices attackers to identify and block them, and it caught 5 million such users within its first day of use. 

The University has also partnered with the Department of Homeland Security to measure how effectively they’re scanning for vulnerabilities in their security system.  

But, “there’s no perfect security, and even very good security can sometimes be undermined (with) enough resources,” Edgar said. For example, intelligence services “with the resources of nation-states” can scour digital platforms to uncover information — a topic he expands upon in his book Beyond Snowden: Privacy, Mass Surveillance and the Struggle to Reform the NSA

International privacy concerns and conflict

TikTok  — a video-sharing social media platform owned by ByteDance, a company based in China — has also led to concerns about cybersecurity and exemplifies the dynamic surrounding technological dominance.

The platform “raises a whole host of questions around global cyber power and what appears to be a shift from the existing situation in which the United States has been absolutely dominant,” Edgar said. 

Previously, big tech companies in the United States have prevented strict regulations concerning technology “on the grounds that we don’t want anything to stifle the innovation that has given the U.S. such dominance in the global tech world,” Edgar said. But cybersecurity concerns with China’s leverage over Zoom and TikTok have revealed the ramifications of an unregulated technology market.  

John Savage, professor emeritus of computer science and member of the Rhode Island Secretary of State’s Help America Vote Act (HAVA) Task Force, expressed concerns about security from this underlying competition. He is co-authoring the book Security in the Cyberage: Introduction into Policy and Technology with Derek Reveron, professor of national security affairs at the U.S. Naval War College, about encryption, the ethics of artificial intelligence and laws regarding cyberspace.

“What worries me the most is that domestic politics, both in this country and in China, are causing tensions between the two countries to be elevated,” which may make the United States more prone to security threats, Savage said. There is additional concern over Russian interference through cyberhacking for the upcoming presidential election, he said. 

Fears of cyberattacks may lead countries to localize the storage of their data, leading to a less global Internet and limiting dominance by American technology companies within North America and Chinese companies within Asia, Edgar said. But a more likely scenario involves technology companies retaining their global reach while also accommodating for the interests of individual nations.

Proactive steps for individuals to stay cyber safe

New digital and technological developments raise “lots of concerns, but it’s like every other technology we’ve seen before. Somehow we humans found a way to cope with it,” Savage said.

Given that, the legal system and its understanding of cyber issues are not adequate to address the issues that come with new technology, he added. 

A single election or law will not resolve cybersecurity issues, but people must “try to work together to formulate some sound and reasonable policies that allow us to take advantage of (the benefits of technology) without giving up the fundamental rights that we all think are very important,” Edgar said, echoing his sentiment.

To stay protected while using any kind of technology, Dieterich recommends updating devices’ operating systems and applications, creating strong, unique passwords and using two-factor authentication (which sends a notification to a user’s device to approve or deny a log-in) whenever possible.

Email users should also be wary of “phishing,” emails trying to obtain private information from the user, which may impersonate legitimate users through similar addresses. 

Recommended steps for protection are accessible to University students on the CIS Center website

Dieterich stressed to students that the IT Service Center is “ultimately here as a service organization, and if you ever have questions … we’re there to help you.” 

In this new digital age, “you need to be an informed digital citizen that’s looking after your privacy and those of others,” Edgar said. 

To stay up-to-date, subscribe to our daily newsletter.

Your email address will not be published. Required fields are marked *

*