Not for your eyes only:

Ravi Sandhu

Most students don’t know very much about cyber security, although our e-mails, YouTube and Facebook accounts play an integral part in our lives. They are the recipients of our information, relationships, financial information and – sometimes – secrets.

What lies behind our web accounts, authentication devices, encryption and firewalls, are foreign concepts to most web surfers, but they are crucial to protecting our privacy, which is more often at risk than we would like to believe.

Rouge and clever hackers break into databases and personal accounts everyday, which is precisely why there is a need to have brilliant defenders on our side. At UTSA, men and women are relentlessly trained to keep us virtually safe.

The UTSA’s Institute for Cyber Security (ICS), directed by Dr. Ravi Sandhu, employs a team of skilled researchers to discover a complete cyber security solution for industry and users. Motivated by aspirations of establishing the university as a major research facility, and the lack of a unified security model, Sandhu, an information assurance professional with almost 30 years of experience, acknowledges the importance of cyber security in an era where computers are highly integrated into our lives.

According to Sandhu, cyber security can be understood as the act of protecting the integrity and availability of our online information, without sacrificing the accessibility of technology. “Security tends to have the connotation of secrecy and confidentiality and privacy, but it also includes integrity and availability,” Sandhu says.

Although information assurance is a pressing topic in the information age, it would be illogical to tighten security so much that computers lose their convenience. Imagine having to pass through numerous levels of rigorous authentication before seeing your friends’ latest Facebook postings or reviewing your most recent financial activity. Technology would become tedious and cumbersome and defeat its purpose as a tool for communication, work and leisure.

Some examples that combine security and accessibility have already been established, Sandhu argues. “The Automatic Teller Machine network (ATM), online banking, and electronic commerce are all pretty secure and very widely used. They are not foolproof, but they have achieved a reasonable balance between security and ease of use.”

These technologies provide an accessible, yet safe, option for commerce, and are solid models to emulate in the pursuit of a complete security solution.

While possible solutions do exist, Sandhu insists that a logical, unified system for complete protection is yet to be discovered. “There are individual point problems, and at that individual level, we have solved many problems, but those solutions only cure part of the problem,” he says.

One of these point problems is encryption, the art of disguising information. While it is a powerful tool, the isolated area in which it proves useful is not the answer to the overall information security that ICS seeks. “Encryption is a very important technology, but in many ways it only shifts the problem. Instead of trying to break the encryption, which is very hard to do, attackers will target the point where the key to that encryption is revealed,” Sandhu says.

Even with encryption, sensitive information can still be vulnerable. Used on e-mail servers and automated teller machine transactions, encryption has bolstered security in that aspect of information assurance, but it still does not satisfy the growing concern for absolute protection.

Even without a perfect defense system in place, the majority of people still willingly use the Internet. “Our system is relatively safe. It could be better, but the benefits far outweigh the risks,” Sandhu said “Besides, who is going to advise people to stop using Facebook and stop using your smartphone?”

It’s almost impossible to conduct our lives without the Internet, and it’s just not logical to attempt to do so. Furthermore, Sandhu estimates that the number of people who actually fall victim to cyber crimes is relatively small compared to the vast number of people using the Internet.

“The saving grace is that most of us are not major targets of attackers. If you don’t have a lot of money, who is going to come after you at the end of the day?” adds Sandhu.

He is quick to point out that everyone is still vulnerable, “There is no way you’re going to be fully secure, it’s just not going to happen. A way to counteract this [vulnerability] is to do some basic due diligence on the Internet and to change your computer every once in a while.”

Clearly, we are nowhere near absolute safety on the Internet. However, Sandhu advises users to follow some precautions in an effort to thwart cyber criminals’ malicious intentions: Internet users should carefully monitor their financial records, guard sensitive information, such as social security numbers and passwords, and refrain from visiting websites with questionable content.