Cybersecurity, key and transversal
The protection of information must be integrated into the management of any company | The UVigo and Gradiant investigate and train professionals called to improve the Galician economic fabric
Cybersecurity and the challenges it poses for higher education and companies focused the first talk of «A Galicia that works», a forum organized by FARO and the University of Vigo to put on the table the ideas that can boost our community. The talk, which took place at the School of Telecommunications Engineering, was moderated by the Vice-Rector for Communication and Institutional Relations, Mónica Valderrama, and was attended by Ana Fernández Vilas, coordinator of the Master in Cybersecurity; David Álvarez Pérez, PhD student and senior malware analyst at Avast; and Iago López Román, head of information security (CISO) at the Gradiant technology center.
Ana Fernández Vilas, who is also a researcher at the Information and Computing Lab group and responsible for the R Chair of Cybersecurity, began the debate by highlighting that Galicia «has complied» at the training level in an increasingly demanded field. In addition to the master’s degree taught jointly by Vigo (School of Telecommunications Engineering) and A Coruña (Fac. of Informatics) and which «connects» with the technological centers AtlanTTic and CITIC, a Cybersecurity Node of Galicia has been put into operation in which the three universities participate to «support the business fabric and public administrations». And in addition, the Olympic institution has created its own degree to train professionals already active in the field of industrial cybersecurity. «We have joined in teaching and research and we also fulfill our mission in relation to companies. We are in a good position with respect to the rest of Spain, although there is still work to be done,» he acknowledged.
Iago López: «In most attacks, the enemy is at home»
He also stressed that cybersecurity «is not an area of knowledge, but a cross-cutting issue, such as quality.» And he advocated that it gain presence in the educational system, from Primary to the university stage and FP, so that it becomes a global concern, not only of expert professionals. «We have to get a critical mass of people who integrate cybersecurity as a way of working, who are aware of the risks,» he said.
David Álvarez Pérez, senior malware analyst at Avast, also insisted on its transversal nature and pointed out the role of Galician campuses: «There is currently a very large demand for professionals and they are training them, in addition to generating research. And also the technological centers are very important because they bring the basic knowledge of the universities to the companies in an applied way and provide the human capital that then improves the Galician business fabric «.
Computer engineer and master in Cybersecurity from UVigo, Álvarez developed his own antivirus, worked in several companies as a reverse malware engineer, in Gradiant as a security researcher and currently combines his employment at Avast with his doctorate at the Olympic institution. Asked by the moderator about his professional day to day, he explained that he analyzes malware with the aim of collecting the information that allows to defend users «from all possible attacks» that a device of any kind, an organization or a company may suffer.
David Álvarez: «Attackers and defenders evolve; it’s like the game of cat and mouse»
«We not only develop antivirus and processes, but we also investigate specific cases of cyberattacks. This includes a process that goes from the development of the malware, through its distribution and the business model behind it. It’s about knowing the global context. Everything is evolving, the attackers and the defenders. And it’s like the cat-and-mouse game because there’s no simple way to create perfect protection or perfect malware,» he admitted.
«Cybersecurity is no different from quality management or R&D&I. That is why we have certain international standards,» said Iago López Román, a graduate in Telecommunications Engineering from UVigo and with a master’s degree in ICT Security from the European University. Currently, in addition to CISO of Gradiant, he is a researcher in the area of Security and Privacy, and also teaches in the two master’s degrees of the CUD Naval Military School of Marín.
«Information security is different from computer security. We focus on data, on maintaining its confidentiality, availability and integrity. Information is the core of companies, both large and SMEs, and we must focus on securing it. But we should not focus only on technology, which is perhaps the most covered part. We cannot forget about organizational security, human resources or the legal field. In most attacks the enemy is at home: a careless, dishonest or untrained employee,» he explained of his field of work.
«We must train and raise awareness among our employees so that they are alert. At Gradiant we do training every year. We launch our own phishing attacks to see how they respond or leave pen drives in the office to check if someone uses them. In recent years and due to the attacks produced, companies have put the batteries. It is necessary for SMEs to implement information security management systems within a process of continuous improvement to identify and reduce risks. It is a complex process that needs resources and the leadership of senior management,» said López Román.
Regarding public administrations, he recalled the royal decree that obliges them to implement an information security management system. «However, it is easy to see that not all of them comply with it. Again, they need training, resources and also that they are forced to comply with the regulations and that there are repercussions if they do not do so,» he added.
Asked by Monica Valderrama, the experts also addressed meta’s threat, the parent company of Facebook, WhatsApp and Instagram, to leave Europe if it can’t transfer its users’ data. «Because we live here, we have very restrictive legislation. Companies have to adapt to the laws of the countries where they deploy their services and I doubt very much that they will leave such a large market,» said López Román.
«The concept of privacy is different in every culture. Here we are no longer talking about a technical concept, but about a legal and even ethical issue. Most worrying are the data markets. Citizens should be aware that they have a lot of value and that they should not give them away with nothing in return. Legislation must be adapted to society. And then you also have to take into account the usability. Each individual must take stock and make their decisions,» said Ana Fernández Vilas.
«In the case of malware, instead of compromising a server, which is more easily lockable, they get into the devices that people have at home, like a router. This is one of the many ways that attackers have to interpose technical obstacles, but also legal when it comes to blocking the command and control center of a malware, «added David Álvarez.
The Vice-Rector for Communication also asked the participants in the round table about quantum technologies and their impact on cybersecurity. «When these supercomputers arrive, much more powerful than the ones we have now, and they can discover our keys, all our algorithms are going to be dismantled. And the point is to try to get ahead of yourself. We have to position ourselves from the universities because there are many unsolved problems. The case is to what extent the bad guys are behind the good guys. If they get a quantum computer before we can defend ourselves, they have more time and they have less to lose and more to gain,» said Fernández Vilas.
Mónica Valderrama: «UVigo tries to respond to the constant challenges and problems of society»
«An attacker just has to find a hole. At Gradiant we already have quantum technologies very much in focus. Businesses and governments must take advantage of disruptive changes like this to take the lead and lead them. There are new challenges related to digital signatures and the exchange of symmetric keys and at Gradiant we are designing a hardware that allows these communications. It is possible to position yourself from Galicia in this field when it explodes,» said López Román.
Mónica Valderrama closed the round table including cybersecurity among the «constant challenges» and «problems» of society to which the UVigo «tries to respond» and thanked the participation of both Professor Ana Fernández Vilas, and the two alumni. «You represent the University. You are the best brand prescribers,» he applauded.
The session will be attended by Concepción Paz, director of Cintecx; Jacobo Porteiro, head of the Sustainability area and researcher at Cintecx; and Rodrigo Díaz Ibarra, Director of Development at Reganosa. Moderated by Juan Ignacio Rodríguez, Director of Energy at Inega. H Place and time. Center for Research in Technologies, Energy and Industrial Processes (Cintecx) of the Vigo campus at 11 am.
Los universitarios, contentos con la iniciativa
Los alumnos que ayer acudieron a la primera mesa de debate de “A Galicia que funciona” aplaudieron la iniciativa de crear un foro que visibilice el trabajo de la UVigo no solo en la sociedad sino también de cara a sus propios estudiantes. “Me he informado sobre ciberseguridad por mi cuenta, ya que no he tenido formación específica en mi carrera. Y la charla ha sido muy interesante”, comentaba ayer Yago González. “Estamos acostumbrados a escuchar términos muy complejos, pero deberíamos conocer en qué consiste la ciberseguridad aunque no seamos expertos”, apuntaba por su parte Pablo Leite. “Na miña especialidade, Telemática, temos unha materia específica, pero grazas a esta charla puiden saber que en Galicia tamén se traballa en ciberseguridade”, añadió Martina Páramos, que está en tercero de Ingeniería de Telecomunicación.