However, if the computer and information science field focuses too narrowly on producing the next best gadget rather than improving technology already in use, the cost could be our safety and wellbeing, cautioned Marios Polycarpou, PhD at Fordham’s 2015 Clavius Distinguished Lecture.

In an April 17 talk on “Intelligent Big-Data Monitoring of Critical Infrastructure Systems,” Polycarpou stressed preempting catastrophic technological failure by focusing on making our smart devices smarter.

This is especially important for technology that underlies our critical infrastructure systems (CIS)—such as power and energy systems, telecommunication networks, transportation systems, and water networks.

“These systems are critical for everyday life and well-being, and people expect them to always be available. But the problem is that they do fail. And when they fail, the consequences are tremendous,” said Polycarpou, a professor of electrical and computer engineering and the director of the KIOS Research Center for Intelligent Systems and Networks at the University of Cyprus.

To prevent natural disasters, equipment failures, or malicious attacks leading to catastrophe, he said, “we need to design smarter infrastructure networks. This means designing smarter software to handle any faulty hardware.”

Smart technology is the next logical step following the “sensor revolution” of the 2000s, Polycarpou said. The introduction of sensors gave technological devices physical capabilities akin to the traditional human senses—balance, pressure, and temperature as well as sight, hearing, smell, and touch.

Now that these gadgets can sense their environments, they need the ability to process the information they gather and make decisions in response—which is the essence of smart technology.

“These devices have sensors that provide information and a brain that processes that information,” Polycarpou said. “They’re not just passive devices that make tasks easier for us, but have intelligent software to … make decisions.”

The growth in global population (Polycarpou cited that in 2000 there were 18 megacities around the world, whereas there will be an estimated 30 megacities by 2020 and 60 by 2050) makes CIS intelligence even more important, as most infrastructure networks are intertwined.

“If there’s an earthquake and everyone tries to use their phones, the communication system could break down,” he said. “There’s a lot of interdependence. When something goes wrong, it can propagate through the other infrastructures.”

The annual Clavius lecture and the Clavius Distinguished Professorship of Science, which is held by D. Frank Hsu, PhD, honors 16th-century mathematician Christopher Clavius, SJ, who helped develop the Gregorian calendar and was an early advocate of Galileo’s heliocentric model of the universe.

Among them: How will Internet service providers manage the ever-greater swarms of data zipping around cyberspace and prevent “traffic jams” that disrupt service? Also, how can computer users ensure that their messages don’t reach the wrong people after they click “send” or “post”?

These are just two of the questions being examined by Honggang Zhang, Ph.D., an associate professor in the Department of Computer and Information Science, who has a knack for showing the links between various Internet-related issues. He’s broadly interested in examining all types of computer networks that have sprouted online, and wants to see how they can be made more efficient, more reliable, and—especially in the case of online social networks—safer for those who want to keep personal information private.

That’s his current research focus, one made all the more relevant by the surging popularity of social media. “It seems almost everybody has some sort of online social network account, and that has a huge impact on people’s daily life,” Zhang said. “So understanding the system from a computer science perspective is very important.”

He noted some of the obvious safety concerns: The wrong people could gain access to a Facebook posting announcing “I’m on vacation next week,” for instance, or intercept a child’s message telling a parent exactly where he is. Then there are those privacy issues raised by social networks that centrally store their members’ information.

“A single entity, a single company, owns all of your data,” Zhang said. “They look at what you have been talking about, what you have been looking at online, then they try to profile you. In some sense, they know you better than you know yourself.”

One alternative, he said, is a decentralized social network, in which members can control the circulation of their information through cyberspace by storing it on their individual computers and choosing which other computers to release it to. In fact, such a system exists—Diaspora, a social network begun by New York University students in 2010 to allow its members to maintain “data ownership,” he said.

Zhang took part in a study of Diaspora during his time at Suffolk University in Boston, where he taught before coming to Fordham last fall. Diaspora members could either store their data on their own computers and look up other members by their precise “handles,” or store their data on another member’s server and search more easily for other members who also stored their data there.

In fact, the desire to connect with others generally seemed to trump the desire to “own” one’s data. The study of 216,000 Diaspora users found that 70 percent were clustered together on one server. Four servers accounted for 94 percent of all the network’s members. These servers were also attractive because they were more likely to be operating at any given time.
Encryption holds out other possibilities for greater security in social networks, but it has its limitations in a medium designed to foster the sharing of information, Zhang said. For instance, encrypted personal information can’t be found by potential online friends, and one’s postings and messages can only remain as secure as one’s friends are willing to keep them, Zhang noted.

As he studies this issue, he hopes to collaborate with faculty members in the social sciences who better understand the interpersonal behaviors that intersect with this area of computer science. “This is not like traditional computer science, traditional computer networking,” which is more strictly technical, he said.

Social media is at the heart of another one of his research projects. This one involves peer-to-peer networks, or networks of “peer” computer users that circulate files among themselves—in a process called data swarming—rather than download the files from the server where they originated.

Because data swarming and social networking are the two most popular activities on the Internet, he asks, why not combine them? An overlay of the two could create a richer social media experience while also making for smoother, more efficient data swarming, his research has found.

He’s also researching mobile devices, such as smartphones and tablets, to find out how they might work more efficiently together to reduce power consumption.

“If we are in the same building, and we were getting the same data from the same server, maybe it’s a good idea that I gather my data and then I forward my data to your smartphone—through Wi-Fi, maybe, or Bluetooth,” to conserve power, he said.

He envisions a sort of peer-to-peer system for smartphones: “Suppose there are 100 smartphones in this area. They all have Bluetooth connections, Wi-Fi connections. Maybe [their users are all]watching some football game, or something. Maybe you can somehow manage all those connections to save energy.”

In the long term, Zhang wants to produce designs and algorithms that fundamentally improve the architecture of the Internet and help it meet its users’ growing demands.

He loves the fast pace of change in computer networking, as well as the ability to quickly gauge the effect of new programs or technologies.

“If you have very good applications, you can immediately see their impact,” he said.

John Verry, principal enterprise consultant of Pivot Point Security, and his “Tiger Team” attempted to access data possessed by the government and several Fortune 500 companies. Their methods included entering physical structures as well as using the Internet.

This research allowed Verry to suggest precautions to reduce information security risks. He found it possible to enter secure facilities without authorization in the following ways:

“Smokers are the friendliest people,” Verry said. By smoking (or pretending to smoke) outside the door of a building and striking up a conversation with other smokers, it is easy to gain access. “[The smokers] will hold the door open for you.”

Another easy way to enter secured buildings is through loading docks.

Government officials want their water, so just carry a large amount of Deer Park water bottles, he said. Or better yet, hang around the loading dock while the actual Deer Park delivery person delivers the water.

Verry pointed out that the person delivering the water probably just wants to get his or her job done. As such, he or she will not be paying attention to anyone lurking in the loading dock.

Getting data online is also quite simple.

First, gather information on someone from using a site such as Pipl.com, he said. Then, call the person and pretend to be from the payroll department at his or her workplace. Next, accuse the person of logging onto the payroll department’s online information site without proper authorization.

When the person says he or she did not, ask them to verify their e-mail address (which can easily be found online).

“After the individual confirms, say, ‘And your password is 123, right?’ The individual will say, ‘No, it’s XYZ,’” Verry explained.

He told the audience that many security lapses are due to people not realizing the gravity of the situation in which they find themselves.

“People act stupidly,” he said. “They give out passwords when accused or reset passwords without verifying who is trying to gain access. They let smokers and delivery people in without checking identification.”

Eliminating stupid mistakes would reduce cyber information risks. But as Verry pointed out, “You can’t fix stupid. You can only try to make people more aware.”

Verry spoke as part of the second International Conference on Cyber Security, which was co-sponsored by Fordham and the FBI.

—Jenny Hirsch

Though the hackers are young, they seldom work alone. In fact, Eastern European cyber crime rings are organized crime hierarchies, and the FBI is trying to tackle them, said Darren J. Mott, supervisory special agent with the bureau’s Cyber Division in Washington, D.C.

“Imagine the Cosa Nostra, with the big guys at the top and a bunch of little guys working under them; it’s just like that,” Mott said.

The FBI is taking a holistic approach to try and dismantle this burgeoning world, Mott said at a panel on Eastern European Organized Cyber Crime.

With special agents working in legal attaché offices in Russia, Romania and Estonia, Mott said the agency has established, and continues to strengthen, a working relationship with many Eastern European entities.

“We’re trying to get that cop-to-cop communication because with all cyber crimes, the information is time sensitive,” he said. “We can’t just expect to call and get or share information at a moment’s notice unless a relationship is established.”