The rapid development of technology has brought about not only enormous benefits. In view of protecting the cyberspace of countries, the issue of cyber security in the area of cloud computing, which is among the fastest progressing ones, is becoming topical. We have discussed the benefits of cloud computing and the prevailing myths of cyber security with Dr Charles Kamhoua, a researcher at the Network Security Branch of the US Army Research Laboratory, who paid his first visit to Vilnius Gediminas Technical University (VGTU) under the Fulbright Scholar Program.

“Technology is the cause of many changes, including language. Today, the word ‘cloud’ denotes the computational cloud as well,” said C. Kamhoua. According to Kamhoua, cloud computing, like atmospheric clouds, exists everywhere, we can compare it with power utilities such as water, electricity.

The National Institute of Standards and Technology defines cloud computing as a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.

According to the researcher, the future of cloud computing is very promising. The more companies use cloud computing services, the lower the risk of cyber-attacks. When speaking of the benefits of cloud computing, Dr C. Kamhoua also emphasises the importance of cyber security. “We live in a globally connected world with most of our critical infrastructure and daily life relying on online transactions. We need cyber security to mitigate all risks associated with computer networks,” emphasised C. Kamhoua.

During the conversation researcher has revealed 5 myths of cyber security. 

Myth 1. A complex password helps protect yourself against cyber attacks

Some people hope that a complex password and cryptography may resolve cyber security problems. However, no matter how complex a password may be, it still does not guarantee the cyber security of the system. This myth is also disproved by electronics engineer Charles Kamhoua. “In fact, encrypted cryptography can be mathematically strong but it is still vulnerable at the time of installation, and such shortcomings are greatly exploited by cyber attackers. It is quite difficult to remember a strong password with special characters, so people often input simply the word ‘password’ or create a simple password easily recognisable by them. Such thoughtless behaviour creates a vulnerable space and opens the door to a new cyber-attack,” said C. Kamhoua.

Myth 2. Cyber Security – responsibility of IT professionals

Probably many representatives of companies would subscribe to the opinion that cyber-attacks and cyber security are the responsibility of IT professionals. The engineer notes that the following trend prevails: a company will employ the best IT professionals who will be able to configure a perfectly secure system and install a firewall, and the entire system will be protected. However, in reality, there is a weak Internet communication support system. For best security practices, it is advisable to organise cyber security trainings for users and teach them how to prevent fraud attacks.

Dr Kamhoua emphasises the importance of informing users that they should not use suspected USB flash drives and other external devices. If using unknown devices, one may download malware and make the corporate system more vulnerable. 

Myth 3. Safety in cyber space is a one-person job

To ensure security in the cyberspace, we need to work together. Security is not the work of a single person. The researcher distinguishes yet another myth of cyber security: the protection of systems depends only on us and only we can ensure that we are secure.

“The security of a corporate system also depends on other factors and there is no organisation that exists as if in a vacuum from other companies. Indeed, companies trust other vendors, contractors and other third party representatives. So, if their information systems are damaged and they have access to your systems, then there arises a real cyber threat that your system will also be damaged and affected by a cyber-attack,” claimed researcher.

Myth 4. Cyber-attacks can’t have physical consequences

Dr Kamhoua points out that many people believe that cyber-attacks do not have physical or any other implications for security. However, cyber security can also have tragic consequences not only for companies but also for their people.

“Many elements of the infrastructure that are of special importance to us, such as the energy system, water distribution system, smart transport, air traffic control, autonomous vehicles, a medical cardiac stimulator, are based on algorithms that can be vulnerable. If those systems are damaged, we can suffer catastrophic losses, including threat to human life,” said C. Kamhoua.

Myth 5. Cyber security doesn’t need scientific foundation

As far as security in the virtual space is concerned, it is obvious that there is no room for speculation. Cyber security must have a solid scientific foundation.

“I would distinguish the fifth myth of cyber security: cyber security is too complex to be mathematically modelled and many mathematical models are unpredictable. The reality is that we should avoid cyber situations to ensure cyber security. We should look for a solid scientific foundation for cyber security. Lately, top-level international conferences are being organised, where hundreds of researchers are looking for mathematical methods to protect systems and seek to discover a scientific foundation for cyber security,” said researcher.