BILL BUCHANAN: The Battle between Ransomware, Scotland, and Education
We are entering into a new epoch of cyber-crime. Ransomware is leading the charge, and the unpreparedness of the world’s networks means that attacks are escalating in both volume and frequency. It’s difficult to believe the WannaCry blitzkrieg was two months ago now, such is the continual press coverage to this day. The attack demonstrated with devastating effect not just how exploitable our systems are, but how vulnerable we’re left when they fail. Perhaps the most sobering statistic for Scotland is that eleven of the country’s fourteen NHS Trusts were destabilised by the WannaCry programme.
In the wake of WannaCry, cyber-security expert Professor Bill Buchanan of Napier University has offered a solution – education. DIGIT questioned Bill on Scotland’s shortcomings in education when it comes to ransomware, and what professional networks and academic institutions can do to ensure security in a time of instability.
Professor Buchanan opened by outlining that business networks and university curriculums under-develop skillsets by not offering the latest cyber-courses, specific to roles in IT – a sector which has evolved rapidly in recent years.
DIGIT: How does the educational landscape of Scotland align with the threat of cyber-attacks?
Professor Buchanan: “I think we still have work to do in Scotland in developing programmes which focus on the right skill set that industry requires. This includes a strong understanding of key areas such as networking, cloud engineering, penetration testing, coding, cryptography and operating systems. Far too many programmes in the UK still do not concentrate on providing the required practical skills, and often do not provide students with experience of real-life infrastructures and tools.
“The understanding of cryptography is generally weak across the industry, and is often particularly weakly presented across programmes in Scotland.
“Increasingly, we need to look to creating virtualised infrastructures for students to train within, and for them to understand how to design systems to cope with a wide range of threats, including ransomware, denial of service and data loss. A key focus must also be on developing a deep understanding of data analysis and in coding/scripting. In a world which is moving to the cloud, we need to provide graduates who understand how to create dynamic infrastructures which can respond to threats.”
Professor Buchanan warned that as the workplace turns digital, the question is not whether budding professionals should be educated in more specific fields, but how early they should start. According to Professor Buchanan, Scotland faces an uphill battle when it comes to fostering more sophisticated understandings on cyber-threats, such as how they infect and proliferate on networks.
DIGIT: Is enough being done here to educate companies about the threat of ransomware?
Professor Buchanan: “No. Along with this there is probably not enough work done on malware analysis, especially in understanding the forensic processes involved. This includes a traditional static analysis of malware, but [also] in understanding the dynamic nature of the code, such as for the network connections the malware creates and in its operating system calls.
“We are increasingly moving into a Big Data infrastructure within cyber-security, and students need to develop skills in analysing system logs and develop a deep understanding in how to identify and trace activities with system alerts.”
Fortunately, education in these more advanced IT fields can be found in Scotland. Professor Buchanan himself has spearheaded one such initiative – Edinburgh Napier University’s Cyber Academy. The Academy is a leading source in Scotland for information and education on cyber-security, working with a great number of organisations on an international scale, including businesses, law enforcement agencies and higher education institutions. The organisation collaborates on research and delivers projects focused on delivering advanced cyber-security in educational – and useable tool – formats.
DIGIT: What is primary remit of The Cyber Academy?
Professor Buchanan: “We provide a focus on an international scale to integrate training, innovation and research, and integrate extensively with industry across the UK. A key focus for us is in pushing forward on innovation within cyber-security, and to understand the opportunities in converting research work into the development of new products and services. Along with this we are keen to engage with a wide range of communities and thus stimulate debate on key topics … our recent conferences around Big Data in cyber-security and in cryptography have brought together experience from many different areas.
“We believe that many systems need to be redesigned, and where security is a core part of the infrastructure. Many of the problems related to ransomware have been caused by the usage of legacy system or in poor security practice.
“Finally, we have developed an internationally leading virtualised training infrastructure, and where we can training a wide range of roles, within near real-life environments. This includes scenarios around ransomware, denial of service and large-scale data loss.”
These advanced training programmes allow The Cyber Academy to actively engage with its remits. These courses include the Insider Threat initiative, presented by digital forensics consultancy Strathclyde Forensics. The programme, aimed particularly at SMEs that lack large IT and legal departments, uses case studies and risk assessment to educate participants on access to infrastructure-critical devices, monitoring employees and data protection.
For those not in charge of a business per se, the Digital Evidence for IT professionals course offers tuition on how an employee can contain a situation, should one emerge, until a forensics expert can assist. This course is specifically targeted at intermediate workers in IT, such as managers and network administrators, which have a background in IT but limited knowledge of advanced digital forensics. The course also uses case studies, covering the pitfalls which can come from systems being accessed by others, remotely or physically.
Professor Buchanan noted that The Cyber Academy’s projects promise to grow as cyber-threats continue to evolve and escalate. In light of more recent ransomware attacks such as WannaCry businesses and public services alike have become increasingly interested in what the Academy has to offer.
DIGIT: Has Scottish interest grown in recent years, or even months, for more questions and solutions on ransomware?
Professor Buchanan: “Yes. The public sector has been a particular focus, and we are especially keen to see large-scale investment in new services, which have a strong infrastructure around trust, and which put the citizen at the centre. We are one of the supporters for the BCS (British Computer Society) initiative for cyber security in health and care (#NHSCyberSafe), and have given evidence to the Scottish Parliament’s Health and Sport Committee. Along with this we have given advice to the UK Parliament on key issues related to cyber-security and cryptography.
“We have a range of ransomware training programmes coming up, and aim to disseminate widely on risks. Whenever new ransomware arrives, we analyse it deeply, and then aim to inform the public over TV and radio. Along with this we have actively engaged with both the Scottish and UK parliaments, in order for MPs and MSPs to understand the key risks to our society and economy. As I said previously though, we are keen to help develop innovation around risks such as ransomware, and grow new businesses.
Professor Buchanan reassured that, buoyed by this engagement, the Cyber Academy was working on numerous new projects in line with the evolving threat that ransomware poses to Scotland’s businesses and official infrastructures. These new projects are not limited training courses, but also encompass new tools to assist in the detection of malware though web traffic and malicious packaging.
DIGIT: Is The Cyber Academy developing new projects and workshops to cater for the increased threat that ransomware proposes?
Professor Buchanan: “Yes. We have been developing new tools which detect malware though signature analysis of network traffic, and in detecting the presence of encryption tunnels. Along with this we are setting up new funding for the creation of enhanced cyber-security within health and social care. As part of Scottish Government funding we will also be developing a range of training programmes built around scenarios such as ransomware. We also have a wide range of on-line material, including web based material and with YouTube videos on key topics.
“We are currently collaborating with the Scottish Government and the Scottish Police on ransomware work, but also have strong links into the UK defence and law enforcement infrastructure. Our GCHQ-backed MSc in Advanced Security and Digital Forensics includes deep malware analysis, along with covering the principles related to encryption.”
Professor Buchanan concluded with a stark warning – today’s business and infrastructures have no room for a lack of knowledge on web fundamentals. As WannaCry gripped Scotland in May and Petya spread throughout Central Europe in June, it has become abundantly clear that not just multinational organisations, but SMEs and official infrastructures alike are all vulnerable to cyber-attacks.
Professor Buchanan warned: “There is no reason for anyone to avoid a basic understanding of how the Internet works, and in the usage of basic security elements such as for firewalls, intrusion detection systems and the basics of encryption. With GDPR coming up, there will be no excuses for sloppy practice, thus companies, from C-level executives down, must train staff to understand the basics of cyber-security.
“Cyber-security, too, can also transform our public services, and provide new ways of operating, thus skilling staff into new areas and improve staff development (and hopefully improve staff retention).”
DIGIT would like to thank Professor Bill Buchanan of Napier University for his contributions to this article.