Understanding the social side of cyber-security issues by Greg St. Martin May 2, 2011 Share Facebook LinkedIn Twitter Photo by Michael Mazzanti. When Engin Kirda started focusing on cyber-security research 10 years ago, those primarily responsible for launching Internet attacks were teenagers out for kicks, he said. But the scope of threats existing through the Web has dramatically changed since then. Now security breaches are often financially motivated and highly organized — which presents intriguing challenges for Kirda, the Sy and Laurie Sternberg Interdisciplinary Associate Professor for Information Assurance. “We’ve seen a shift from attacks for fun to attacks for profit,” said Kirda, who joined the faculty in January with joint appointments in Northeastern’s College of Computer and Information Science and Department of Electrical and Computer Engineering. “That’s why it’s fascinating for me to see how these bad guys are operating, and to try to come up with solutions to combat them.” Kirda studies Internet security issues and how to discover vulnerabilities in websites and Internet applications to create more secure applications. He is also working on creating better virus-detection techniques. He previously taught at research institutions in Vienna and Sophia Antipolis, France, and he is the cofounder and codirector of the International Secure Systems Lab — a collaborative effort of European and U.S. researchers focused on analyzing and designing tools for computer security. Kirda plans to take a closer look at why some users’ computers get infected with malware, a software designed to harm or secretly access a computer system, and how well those people are able to identify cyber attacks. As part of this project, users would be given online tests to determine the scope of their understanding of cyber threats. “One thing I have learned over the years is that security problems are not only technical problems. There is a very social aspect to all these issues,” he says. “For example, someone can come up with technical solutions, but they might still fail because we don’t exactly understand how well users are actually able to accept these technical solutions.” Kirda was drawn to Northeastern in part because of the new Information Assurance doctoral program, and he hopes to explore interdisciplinary collaborations here to develop more robust systems and better solutions. He says one small virus released in a network or system, for a bank or nuclear reactor, can cause major damage. Given the number of people and companies depending on Internet reliability and security on a daily basis, he is excited to work in an ever-evolving field of significant societal importance. “The problems are very real,” Kirda says, “so there is an opportunity to make quite a large impact.”