Courtesy of UCR Today

Heng Yin, an associate professor in the department of Computer Science and Engineering at UC Riverside, has been awarded a $4.68 million grant from the U.S. Office of Naval Research to fund research into protecting outdated government computers and software.

According to recent reports, cyber security has become the forefront of military concerns. “Decades ago, hackers did it as a hobby with the aim of showing how cool they were or how skilled they are,” said Yin in an interview with The Highlander, “But nowadays, hackers have become more of serious business. They make money by compromising machines and selling systems to other people so people can send spam out.”

As software systems become increasingly relevant in everyday lives, Yin suggested hackers have increasing incentive to use their skills to exploit private information. He emphasized that hacking can cause a significant amount of harm for ordinary civilians and the military alike, and old codes can leave individuals particularly vulnerable.

Maintaining the critical infrastructure of military systems is the primary purpose behind Yin’s research. The government is concerned with defending itself against attackers of all different classes, which include both unprecedented threats and recurring threats. Yin said their main focus is on developing the capability for the government to more adequately defend its critical systems, which are at the most significant risk of malicious hackers.  

Yin emphasized that his research is not supporting any particular political agenda, but rather an initiative focused on updating the software used by government agencies. “The United States can do it to other countries as well, so there is no political statement behind my research,” said Yin. “The grant is from the Navy, and there is nothing classified. Our job is to provide good research so the Navy can use it, and the other government branches can use it.”

The systems Yin will be working with are vastly more specialized than the types of devices that most civilians work with such as mobile phones and laptops. Yin’s work will aim to prevent people from being able to use Javascript to exploit Adobe Reader. “These systems that run on our laptops and phones have very good ecosystems like Microsoft, Google or Apple and they have good mechanisms so they can update very quickly and often,” said Yin. “However the systems we are working with are more specialized ones that only government agencies use so it is tougher to maintain them.”

Due to how specialized these systems are, Yin explained that there are no dedicated efforts to keep them up and running because of just how difficult they are to update. The research is being done with the ultimate aim of meeting the expectations of cyber security analysts who anticipate that top government agencies are currently vulnerable to cyber attacks.

The money from the grant will largely be used on subcontractors, who Yin claimed will be small businesses that will provide the necessary supplies in order to make the research possible. “Our team is the lead, so it is going to (hire) subcontractors, so small business companies have to develop some portion of the product,” stated Yin. “We provide these capabilities to them so they can protect the old code.”