Imagine a corporate executive cruising down a highway in a sports car loaded with the latest digital toys and gadgets, right down to a state-of-the-art entertainment system.聽Sinking into his soft leather seats, he opens the sunroof, feeling powerful and in control.
A minute later, the music abruptly changes from soft rock to throbbing heavy metal. Then the windshield wipers start flapping and the windows jerk up and down on their own. Startled, the CEO slams on the brakes, which for some reason don鈥檛 work, and his car careens into a guardrail.
A few miles away in the suburbs, a woman browses the sale rack at her favorite mall store. She plunks down her credit card to pay for the half-off blue dress she considers a steal. But the real steal鈥攖he one that will change her life鈥攈appens halfway around the world, where hackers have lifted her credit card number along with millions of others.
At about the same time, in a different neighborhood of the same city, an elderly man slumps to the floor of his living room. It鈥檚 not a crime or anything sinister. Nonetheless, it鈥檚 a horrific malfunction. His pacemaker has stopped working. His death certificate will say 鈥渉eart attack,鈥 but it could just as easily say 鈥渟oftware error.鈥
These events may seem like far-fetched scenes worthy of a Hollywood thriller, but they are only a few of the real possibilities that researchers at in Pittsburgh work hard to prevent. For the past three decades, the SEI鈥攁 federally funded research and development center sponsored by the U.S. Department of Defense鈥攈as helped the military and private sector develop 鈥渁ssured software鈥 that works reliably and is free of vulnerabilities.
鈥淭here is almost no technology that software doesn鈥檛 touch.
The stakes have never been higher. Today, software runs everything from the most sophisticated anti-missile systems to the game apps on our smartphones. For all its seductive power to connect the world and make people feel in control of their environments, however, software also exposes mankind to new risks鈥攕ome mere inconveniences and others potentially catastrophic.
The SEI is in the middle of the fight to defend software from attacks by rogue hackers, cybercriminals, and unfriendly governments. Recently, the institute got an impressive vote of confidence from the Department of Defense, which , with an option for an additional five years. The contract has an overall ceiling of $1.73 billion, and it ensures that the institute will continue to support the nation鈥檚 defense by advancing and transitioning the science, technologies, and practices needed to engineer and secure software systems.聽The SEI continues to be the only federally funded research and development center focusing specifically on software-related security and engineering issues.
鈥淚t is an honor for 一本道无码 to be selected to manage the government鈥檚 research and development center for software engineering and cybersecurity at such a critical time for this work,鈥 . 鈥溡槐镜牢蘼脞檚 expertise in securing systems and combatting cyberattacks is a university-wide strength across SEI and various academic units, and this work is becoming increasingly important not only for national defense but also for individual citizens, critical infrastructure and commercial enterprises.鈥
The award renewal will no doubt help to advance military-related initiatives, but it also will generate applications for a range of civilian activities. That鈥檚 because the work that takes place inside the sleek glass-and-stone building has implications for everything from Wall Street to your doctor鈥檚 office to your kitchen.
鈥淭here is almost no technology that software doesn鈥檛 touch,鈥 says , director and CEO of the SEI. 鈥淎t one time, it was just defense, then telecommunications. Now it affects medicine, wholesaling, retail, finance, shipping, transportation鈥 I can鈥檛 think of a better area in which to make an impact for the 21st century.鈥
Though SEI officials do not discuss specific cases because of the sensitive and confidential nature of the work, they have worked with聽major carmakers and medical device manufacturers. They鈥檝e given technical support to the military to create highly sophisticated missile systems and tanks. They鈥檝e researched new ways to make robots more 鈥渢rustworthy鈥 so that military personnel will use them to perform more duties in combat.
Over the years, the to give law enforcement the technical assistance it needs to chase down cybercriminals whose exploits make regular headlines.
, U.S. Attorney for the Western District of Pennsylvania, is among those praising the SEI鈥檚 role in fighting computer crimes. He says the institute has helped cement Pittsburgh鈥檚 reputation as a leader in tracking down cybercriminals鈥攏o small feat in the murky and increasingly sophisticated world of Internet espionage and destructive hacking.
鈥淲e are talking about exceptionally clever criminals, proceeding in the dark anonymity of the Internet, where the evidence is evaporating because of the digital nature of communication,鈥 Hickton says. 鈥淭he technology is advancing and changing in a flash, and the legal platform is built for the pre-Internet age and is behind.
鈥淚t is very challenging to protect people in cyberspace,鈥 he says. 鈥淏ut we are聽good in large measure because of our 一本道无码 partnership. From the day the digital environment began and the digital threat occurred, 一本道无码 has been there.鈥
Grandfather of Cybersecurity
picked up the phone on his first day on the job. It was Dec. 7, 1988. Pethia was the one and only employee at (the Computer Emergency Response Team), a brand new cybersecurity unit established at the SEI by the Department of Defense. The caller was from a lab on the West Coast. A hacker keeps聽attacking the lab鈥檚 computers, the caller said. He was desperate. Could Pethia help?
Pethia, who had previously worked for computer companies, had been selected by the SEI Director to start CERT in the wake of the Morris Worm incident. One of the first viruses distributed on the Internet, the worm was launched by Robert Tappan Morris, a graduate student at Cornell University, on Nov. 2, 1988, from the Massachusetts Institute of Technology. Though Morris said he was motivated by intellectual curiosity and not malice, the damage he did to thousands of computers across the fledgling World Wide Web woke up software companies to their security vulnerabilities and showed what havoc a single technologically savvy person could unleash on the Internet.聽
Pethia didn鈥檛 know that the phone call from the West Coast鈥擟ase No. 1 at the SEI鈥攚ould be the start of an avalanche of computer crimes he鈥檇 have to solve. He just knew he needed to contain the attack immediately. So he聽rounded up three part-timers from the information technology department, and they begin exploring the breaches in the software in the lab across the country from their desks in Pittsburgh. It took six weeks for Pethia and his team to discover and plug the vulnerabilities.
During that first case, Pethia found he had a calling. He loved the thrill of finding how to fix a breach. He loved writing code and then reversing the process to get inside the mind of the hacker. Over the next few years, he investigated viruses mostly created by hackers who wanted to disrupt computer systems just to show everyone how smart they were or sometimes to get the systems people fired. The hackers made sure Pethia knew they were out there and didn鈥檛 appreciate his computer counter-sleuthing. He got hang-up calls at midnight. One summer he continually got pizza deliveries to his house on Saturday nights that he hadn鈥檛 ordered.
Fast-forward 27 years and thousands of hacker cases later. Pethia鈥攕ometimes called the 鈥済randfather of cybersecurity鈥濃攑resides over a staff of 260 and runs the SEI鈥檚 largest division. Hackers are no longer ordering pizzas as a prank or tying up computer systems to puff up their egos. They are pilfering millions of consumers鈥 credit card numbers and other financial data from the likes of Target, TJX, and Home Depot.
The headlines get more chilling every day. The government initially announced that the hacking of confidential databases at the U.S. Office of Personnel Management affected some 4.2 million people, but as the digital strands of the case were pulled, the number of people affected grew more than fourfold. Described by 聽as 鈥渁 colossal breach of government computer systems,鈥 the cyberattack鈥攖hought to be made by China鈥攕tole Social Security numbers, fingerprints, and personal information.
鈥淚t鈥檚 like organized crime,鈥漵ays聽, CERT鈥檚 Director, Monitoring & Response, of the new wave of attacks. 鈥淵ou no longer go to one of those guys鈥 houses and take his computers.
鈥淲e see more sophisticated groups involving tiers of people. Someone orchestrates it. A few key players write an 鈥榚xploit.鈥 Someone else finds the target for the exploit. Another person scours the Internet for a class of targets. There is a separation of duties, giving them leverage to go deeper and deeper into the system.鈥
鈥淲e are talking about exceptionally clever criminals, proceeding in the dark anonymity of the Internet, where the evidence is evaporating because of the digital nature of communication.鈥
Aside from investigating some of the biggest cybercrimes in the nation, the SEI also helps protect politicians and visiting dignitaries at high-security events. For each event, Pethia says, SEI staff need to look at the computer systems that control everything from traffic lights to elevators. If the president is staying at a hotel where the elevators are automated, for example, the SEI has to make sure the bad guys can鈥檛 take control of an elevator and stop it.
The SEI provides technical advice to the Secret Service to protect the President and others during inaugurations, Republican and Democratic national conventions, G-20 summits, etc. After it was called in during the 2002 Winter Olympics in Salt Lake City, Utah, to investigate a hack by a disgruntled employee of one of the contractors, the Secret Service raided the hacker鈥檚 home and headed off any trouble.
Pethia and his staff have worked with major computer and software companies to fight computer viruses. But it鈥檚 like an arms race, with the hackers attacking from every angle, every second. With about 200,000 new pieces of malware to deal with per week, Pethia says, the SEI has had to develop software to catalogue all the malware because humans can鈥檛 keep up with the proliferation of hacks.
鈥淚 am sure this place is being attacked now,鈥 Pethia says, referring to the SEI. Then he added with a sly smile, 鈥淏ut not successfully.鈥
Risks to Automobile Drivers
Today鈥檚 luxury cars are so smart that you might need a few hours with the dealer to figure out how all the software-enabled features even work. Ignitions start without a key, while your key fob lets the car know who is driving, and the seat, mirrors, radio settings, and A/C all adjust accordingly. Entertainment systems answer calls and connect to the apps you鈥檝e downloaded. Wheels sense when you wander out of your lane and push you back. Brakes聽go on automatically before you hit a wall or another car.
All those extras that make driving safer and easier than ever before are made possible by about 100 million lines of computer code in a new luxury car. While computers in cars aren鈥檛 necessarily new, we鈥檙e just getting started in realizing the innovations software can provide, says , deputy director of the Software Solutions Division of the SEI.
鈥淚n the near future, cars will have 300 million lines of code because they will have to communicate with each other and the road, immediately using the information they gather to avoid crashes and traffic pile-ups鈥攚hile at the same time providing customized entertainment for those riding inside. It鈥檒l be almost like a smartphone on wheels.鈥
The approximately 150 people in the have advised the makers of cars, medical devices, guided missiles, and tanks. They even have a hand in the development of the DoD鈥檚 new robotic exoskeleton, or 鈥淚ron Man suit,鈥 which seems almost straight out of science fiction, providing superhuman strength and bulletproof protection. Carleton urges developers, in DoD and industry, to make their software and systems a priority from the outset instead of creating something 鈥済ood enough鈥 that ultimately isn鈥檛鈥攁nd leaves products open to dangerous cyberattacks. 鈥淎lmost 50% of any software effort is rework. It takes so much more time and money to go back and fix something than to build something high quality from the beginning,鈥 she says.
The risks to automobile drivers posed by hackers is obvious, but they were made painfully clear recently when researchers at the University of San Diego hacked into the computer of a car鈥檚 brakes via a text message. In the future, as researchers at 一本道无码 and other places develop a driverless car, the need for secure software will be even more acute.
Driverless or not, however, cars of the future will come loaded with more and more software. With that in mind, Carleton recently gave a talk to automotive executives from around the world where she made the case that they are now already in the software business, not just the transmission, alloy wheel, and airbag business. 鈥淪oftware is not just something in your product,鈥 she told them. 鈥淚t is your product.鈥
Historic Triumphs聽
Inside the (ETC), a disembodied robot arm sits on a table. It doesn鈥檛 look like the kind of innovation that could save the life of a U.S. soldier in the field or prevent him or her from losing a limb in combat. But the arm is part of a new robot lab that will develop technology so that bots can explain to humans in simple language why they make the decisions they do.
The aim is to get humans to trust robots more so they will allow the robots to make autonomous decisions more often. Most of the robots used in the military now are remotely controlled by humans. But if military personnel learned to trust robots more, robots would be able to engage in combat or conduct search missions by themselves.
鈥淥ne of the things we don鈥檛 like about robots is that we don鈥檛 trust them,鈥 says , director of the ETC, the SEI鈥檚 newest and smallest division. 鈥淲e don鈥檛 know how they are going to move. Imagine a robot helping you cook in the kitchen, and it suddenly moves the knife it is holding abruptly. Chances are you will feel startled. But if it says, 鈥楽orry I moved abruptly. I saw your three-year-old coming, and I wanted to get out of the way,鈥欌 then you may trust your bot as a sous chef.
鈥淲e want people to have this level of trust with robots. If I am working with a robot, and the robot explains itself to me, I will trust it more.鈥
The group of researchers in the ETC will devise a mathematical formula to assign a task to a robot鈥攑erhaps writing something on a white board or even feeding a marshmallow to a human. That will allow them to write a mathematical algorithm to enable the robot to explain its actions to humans in simple English in light of the variables in the real world. Though there may not be much of a market for a robot that feeds people marshmallows, a robot that explains itself to soldiers in the heat of combat could save human lives.
Figuring out how to do that is just one of the latest ways that 一本道无码鈥檚 world-renowned SEI is making sure the age of automation is an age filled with historic triumphs rather than historic calamities.
