Virtual world, real threats

Digitalisation offers a wealth of new opportunities – and criminals and hostile states are only too happy to exploit them. Protecting against such attacks requires a broad range of measures.
Jakob Bund, Project Manager Cyberdefense at the Center for Security Studies at ETH Zurich: "We have a global virtual space in which there are numerous lines of conflict." (Photograph: Colourbox)

Targeted hacker attacks on governments and companies, a critical data leak affecting holders of Swiss Federal Railway’s SwissPass, and a cyberattack that compromised data held by the International Committee of the Red Cross (ICRC) in Geneva: these are all examples of the complex risks that abound in cyberspace. The question of how to make the digital world safer is a highly charged issue – and one that occupies ETH researchers in many different ways.

One of the biggest risk factors in today’s world is the internet. To us, it appears to be a smooth-running machine that connects the world in unprecedented ways – yet it also allows malicious actors to interact with innocent users and fosters long-distance conflicts. What’s more, the outdated architecture of the internet itself causes a steady stream of serious problems.

Speedy, secure and efficient

Everyone knows that the modern internet has some major shortcomings, but Adrian Perrig, a professor in the ETH Zurich Network Security Group, is confident they can be fixed. Perrig is the originator of an ingenious concept to make the internet systematically more secure without interrupting its operations. He describes his approach as “scalability, control and isolation on next-generation networks”, or “Scion” for short. At its core is the notion of dividing up the internet into separate zones and transmitting data packets along predefined paths, thereby preventing information from passing through points where it might fall into the wrong hands.

Numerous people are now attempting to put Perrig’s concept into practice, and he enjoys the support of various colleagues, including Peter Müller and David Basin, two ETH professors whose groups are engaged in verifying Scion and validating the program code. His work so far has been remarkably successful. Last autumn, for example, the Swiss National Bank teamed up with SIX Group, ETH spin-off Anapaya and other partners to launch the Secure Swiss Finance Network, which is based on Scion technology. His concept has also been adopted by the Swiss Federal Department of Foreign Affairs, which uses Scion connections to communicate with embassies.

«Today’s internet is simply far too insecure given the critical nature of the systems relying on it.»      Adrian Perrig

And it’s not just a question of better security, says Perrig: Scion is also faster and more energyefficient. By providing more paths to transmit data, Scion makes optimum use of the infrastructure. And with the option to select which path data packets should take, it’s easy to choose the one with the lowest CO₂ emissions.

Perrig initially thought that this faster, more secure and more environmentally friendly approach would be a sure-fire hit – so he has been surprised by the tremendous effort required to spur adoption. Radically new approaches often struggle to achieve mainstream acceptance, but Scion has also been hampered by a web of market dependencies. No customers will use Scion technology if none of the internet providers offer it – and with no users, there is no need to standardise the protocols. That, in turn, makes providers hesitant to invest in the technology.

But Perrig’s persistence is finally paying off. Various providers have now started offering a Scion internet service, including Swiss telecom companies Swisscom, Sunrise and Switch. Providers in other countries are also beginning to show an interest in the new concept, and Perrig is confident it is now on track: “Scion is the first inter-domain routing infrastructure that has been deployed in practice since the Border Gateway Protocol over 30 years ago.” He also argues that switching to a new internet architecture is inevitable in the medium term: “Today’s internet is simply far too insecure given the critical nature of the systems relying on it.”

Small and fragile

But in addition to the risks posed by networks, dangerous vulnerabilities also lurk within computers themselves. As chips become more complex and the capacitors and transistors that make them become smaller, they become more vulnerable to sophisticated attacks. For example, hackers can launch what are known as side-channel and Rowhammer attacks, which compromise the integrity of data in the dynamic memory of computers, tablets and smartphones. Experts have long been familiar with how these attacks are mounted, but chip manufacturers have not yet taken sufficiently robust countermeasures, as Kaveh Razavi, Assistant Professor of Secure Systems Engineering, recently demonstrated.

This is all the more worrying since vulnerabilities in hardware are much more difficult to fix than software bugs. Right now, these classes of attacks are not a major problem because there are easier ways for hackers to infiltrate people’s computers. But the more we improve our defences against other attacks, the more tempting these new hardware attacks become.

Razavi’s research focuses on the security of the entire computer system, including both software and hardware, and he is currently working on projects with several of the big chipmakers. “In some of these projects, we’re going deep into the system and developing new methods of chip design. In others, we’re more concerned with the impact that programs have on the hardware,” he explains.

«Who has access rights to certain types of information are political decisions that engineers shouldn't be expected to make.»      Kaveh Razavi

Ultimately, everyone is interested in improving security – yet this poses something of a dilemma for computer manufacturers. Additional security comes at a price, but few consumers are willing to pay more or sacrifice performance in return for more security. Razavi also faces a dilemma: as a scientist, he needs to publish his findings as soon as possible in order to gain an edge in the cut-and-thrust world of academia – but his industry partners have other ideas. “We follow the principle of responsible disclosure,” he says. “In other words, we give companies time to fix flaws before we publish them.” Razavi has also enlisted the support of Swiss federal authorities: for example, his discovery of the vulnerability in dynamic memory led to a joint publication with the National Cyber Security Centre. As of last September, this is the agency responsible for registering critical vulnerabilities in Switzerland.

Yet technical measures alone are not enough to make cyberspace safer, says Razavi. “We also need input from policymakers, because questions about how we share data and who has access rights to certain types of information are political decisions that engineers shouldn't be expected to make,” he says.

Neutral and transparent

Such policy issues fall within the remit of Jakob Bund, who heads up the cyberdefense project in the Risk and Resilience Team at the ETH Zurich Center for Security Studies. One of his tasks is to examine how governments and organisations protect themselves against risks in cyberspace. “We provide policymakers with the scientific principles they need to make decisions,” he says. To do this, Bund maintains regular contact with the Swiss Department of Defence and the Armed Forces Command Support Organisation, which is to be transformed into a military cyber command by early 2024.

As a political scientist, his job is to place the technological risks in a political context. “We’re concerned with possible impacts,” he says. “For example, how are these technologies being deployed? What can they be used for? And how do they differ from conventional methods?”

Today’s governments face competition and conflicts on many different levels in cyberspace: disseminating false information in social networks, using cyber espionage to obtain secret information and deliberately seeking to cripple their opponents’ critical infrastructure. Yet individual actions can only be properly understood within a broader strategic framework, says Bund – and by continuously reassessing what actors hope to achieve, and what impact their activities may have. Experts are currently engaged in heated debate about the possibility of establishing rules for governments in cyberspace. “It’s a complex process,” says Bund. “As well as defining what it means for a state to behave responsibly in cyberspace, we also need to figure out how we want to ensure that those norms are followed in the future.”

The US presidential election in 2016 was a wake-up call for how sophisticated state-sponsored cyber conflict has become. “The fact that the national headquarters of both major parties in the US were targeted by cyber espionage operations came as little surprise,” says Bund. “But the way in which some stolen information was used in the election campaign in the attempt to manipulate voting decisions was a new combination of existing tactics and tools.” This illustrates how modern governments now have completely new methods at their disposal to interfere in another country’s affairs. According to Bund, Europe still tends to underestimate the significance of this point: “One possible explanation is that it’s harder to see the influence on election campaigns here because many continental European countries have a broader range of political parties.”

One aspect of particular interest to Switzerland is the law of neutrality. This has been amended on multiple occasions to reflect the emergence of new technologies such as telegraphy and radio – but the question now is how far the concept of neutrality can be extended to cyberspace. “Cyberspace spans the globe and has numerous fault lines,” says Bund. “Yet it is also connected to infrastructure in the real world. Switzerland and other countries need to consider under which circumstances these digital entanglements might bring them into touch with otherwise geographically distant conflicts.”

And that’s not the only reason Switzerland should be having this conversation: it also needs to consider its duty to protect international organisations based on Swiss territory. “These organisations are an attractive target for cyber espionage,” says Bund. “And that makes it more likely that Switzerland will be caught in the cross hairs of threat actors operating through cyberspace.” Learning how other countries are protecting themselves against cyber risks should therefore be a top priority, he argues. “And independent scientists like us can help share that kind of knowledge,” he adds.

About

Adrian Perrig, Professor of Network Security in the Department of Computer Science

Kaveh Razavi, Assistant Professor of Secure Systems Engineering in the Department of Information Technology and Electrical Engineering

Jakob Bund, Cyberdefense Project Lead at the Center for Security Studies