The state had to protect its computer system 2.1 billion times last year, according to the state Department of Administrative Services’ annual report.
That works out to around 42 million hits a week, the report says, although state officials won’t describe their specifics for fear of attracting more attention.
Also, University of Connecticut professors have found their unpublished research on computer systems in China, said John Chandy, a UConn engineering professor and cyber security expert.
A portion of the 2.1 billion blocks kept information from getting out through the state’s email system; others stopped outside attacks. DAS spokesman Jeff Beckham would not say how many fell into each category. Beckham cited security concerns as the reason for not giving more information on the blocks.
“The integrity of the state’s IT network is a critical concern for us and, in this particular era, there are a multitude of potential threats and hazards out there that we have to guard against,” said Beckham. “Public disclosure of details about our protections or the events that we encounter may well inspire or inform those with criminal or mischievous intent to disrupt our systems.”
While keeping silent to dissuade attackers is one way of dealing with cyber threats, Professor Chandy said some organizations speak openly about their security systems knowing they are inviting attacks, but with the hope that the attacks will point out weaknesses they can then fix.
Chandy said one of the things Connecticut is doing to keep private information from getting out is encrypting all data on the state’s computers, so that even if a laptop is lost or stolen the data would be inaccessible.
When asked who would be trying to get through the state’s firewalls, Chandy said he doesn’t have specific information about who is attacking the state’s computers, but that attacks generally can come from a variety of sources.
There have been many recent well-publicized attacks from China on U.S. newspapers and government agencies, but most of that is happening at the federal level, he said.
Professional hackers are also a concern, but many attacks these days are coming from “script kiddies,” would-be hackers who don’t have enough technological expertise to hack on their own so they download hacking tools created by others. Script kiddies are not necessarily looking for financial gain, but are often just hacking for fun, said Chandy.
Some hackers are looking for personal information, while other groups hack computer systems for political reasons, he said.
Chandy is working with the newly formed Center for Hardware Assurance, Security and Engineering – CHASE – at UConn. One of the purposes of the center is to attract students to the growing field.
The federal government is having trouble filling cyber-security positions right now because there isn’t a sufficient pipeline of qualified students, said Chandy.
He said the research center at UConn is unique because it is focusing on the hardware necessary to keep information safe.
For example, with the current popularity of cloud storage, customers of storage companies need to be confident that the hardware used to store their information is secure.
The other focus for hardware security is on the computer chips used in everything from laptops to new fighter jets. The chips are often made overseas, and while most of the companies selling them are honest brokers, some companies are recycling chips from used sources and then are selling them as new.
This problem is exacerbated by government contracts that say contractors have to buy the cheapest parts, rather than the most secure parts, said Chandy. Companies are also looking for ways to be sure that the chips coming from overseas do not have any additional circuitry. Chandy said UConn professors are researching solutions to these issues.