ASU’s cybersecurity guru said before a U.S. Senate Subcommittee on Wednesday that massive data breaches like the recent Equifax hack, which exposed approximately 145.5 million credit records last month, is comparable to a human without an immune system.
“One small intrusion can cause massive effects that can shut down the system for considerable periods of time and cause considerable damage,” said Jamie Winterton, director of strategy for the Global Security Initiative, an interdisciplinary research hub at Arizona State University. “Our online systems are continually under attack, and it’s unrealistic to believe we can fend off every intrusion, every time. Cyber adversaries are clever and very persistent.”
Jamie Winterton
Winterton traveled to Washington, D.C., this week to give testimony to the U.S. Senate Subcommittee on Privacy, Technology and the Law. Entitled “Equifax: Continuing to Monitor Data-Broker Cybersecurity,” the hearing hoped to examine cybersecurity measures and industry standard practices in place at data brokers like Equifax, Experian and TransUnion. Two of those brokers — Experian and Equifax — have experienced major data breaches since 2015.
Equifax revealed in September that sensitive personal information was exposed in a data breach that lasted from mid-May through July. The hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some cases, driver’s license numbers.
Winterton said threats are evolving more quickly than defenses, and companies collect and store vast amounts of personal data yet cannot adequately protect them.
“One reason why we can’t sufficiently secure online systems is because we fail to understand their complexity — from a computer science perspective, a social science perspective or a legal perspective, much less the overlap of the three,” Winterton said at the hearing.
Richard Smith, former Equifax chairman and CEO, and Tyler Moore, assistant professor at the University of Tulsa, also testified. The 11-member committee was chaired by Sen. Jeff Flake (R-Ariz.), who noted at the start of the proceedings that approximately 3 million Arizonans were affected by the Equifax breach.
Flake said the committee gathered to find out how secure consumer information was in the hands of data brokers.
“The answer: not very secure,” Flake said while looking at Smith, who has been under the microscope of Capitol Hill the past few days.
Winterton was asked to speak because of her broad expertise on cybersecurity as a complex problem — not just stolen consumer data. She said cybersecurity has far-reaching implications and also filters into areas such as homeland security, defense, intelligence, privacy and the U.S. economy.
Our lives are deeply intertwined with the internet, from purchasing goods online to research or signing up for a Twitter account. That means, Winterton said, it’s time to craft a forward-looking research agenda and “revolutionary approaches to the problem if we want things to change.”
Beyond credit data breaches, Winterton said she was more concerned about what a foreign adversary might be able to do with this sensitive information. She pointed to a breach at the Office of Personnel Management in 2015 in which approximately 21 million security-clearance files were exposed. This scenario, Winterton said, could leave a person “vulnerable to blackmail or bribery by an adversary to ‘leak’ classified information.”
Stopping massive consumer data breaches is not impossible, but it will require monumental effort from industry, government and researchers, she said.
“We must begin building systems that recognize an attack and defend against it, minimizing the damage of each intrusion — much like a health immune system isolates and destroys an intruding virus,” Winterton said.
She said the next generation of cybersecurity experts will come through universities, and it’s important to give them real-world, hands-on research experiences.
“Getting those research experiences in college means they are already contributing to solving problems,” Winterton said. “Universities have a culture of exploration; we embrace tough challenges and have the freedom to take risks.”
Leslie Minton contributed to this report.
More Law, journalism and politics
To secure our future, this ASU initiative is examining the past
The year was 1947, and the United States was adjusting to new realities after World War II. Jackie Robinson became the first African American player to join Major League Baseball, and President…
CBS News, ASU Howard Center partner on investigation into police 'moonlighting'
A new, investigative series by CBS News and the Howard Center for Investigative Journalism at Arizona State University reveals the stark reality of the practice of letting police officers work off-…
How ASU is leading the national conversation on journalism and AI
As artificial intelligence continues to advance at a rapid pace, journalism faces both unprecedented opportunity and profound responsibility.At Arizona State University, those challenges are being…