Officially, it was a cybersecurity briefing on Capitol Hill hosted by Jean Morrison, Boston University provost, and the Congressional Cybersecurity Caucus, but it felt a little like a college freshman-level computer science seminar. Sharon Goldberg, a College of Arts & Sciences associate professor of computer science, was explaining some of the deep insecurities built into the internet, and why they matter. Her students were a group of Congressional aides and interns and other Hill staffers. They had crowded into a room in the Cannon House Office Building recently on their lunch hour and were taking copious notes so they could better inform policymakers, who are scrambling these days to catch up with technical reality. “The internet was designed several decades ago as a network for universities, for graduate students to send each other emails, to do scientific computing—not for what it’s doing today,” said Goldberg, one of three cybersecurity experts who addressed the briefing. It was a time, she added, “when basically everyone on the internet believed they could all trust each other because they were all graduate students playing with computers.”
Therein lies the problem. Many of the internet’s protocols and algorithms, which were created during an era that has long since vanished, “are baked into the architecture, and it’s very, very hard to change them,” Goldberg said. The result, she said, is a system vulnerable to attackers. Not only can attackers eavesdrop undetected, but they can also intercept, manipulate, and change internet traffic—the flow of email messages, calls, texts, internet searches—unbeknownst to users. The risk is not just to something as simple as buying a book on Amazon, said Goldberg, who is also a Rafik B. Hariri Institute for Computing and Computational Science & Engineering faculty fellow, but to vital global systems such as air traffic control or the running of trains.
“Anything that runs on the internet is subject to all these attacks,” she said. “It’s not just about interception and eavesdropping. It’s about tampering, changing the traffic.”