Duquesne's Digital Mr. Clean Develops Software to Scour Away Secret Files
Dr. Charles Wood may be the Mr. Clean of the Digital Age.
In a world of high profile cyber security breaches, from China and the U.S. Chamber of Commerce to Edward Snowden and the National Security Administration, this assistant professor of information systems management at Duquesne University has patented software that electronically scrubs incoming and outgoing computer files of suspicious programs.
Think of an anti-spying computer program on steroids.
The point is to provide protection on both sides of the firewall, said Wood, a Certified Information Systems Security Professional (CISSP) who holds degrees in computer science and corporate finance, as well as information systems management.
Hacking is not merely a possibility in Wood's world. It's an ever-present reality. The question not whether someone will try to access information but how often-and how can you best protect your information, he said. Hackers often now part of corporate entities, many of them overseas. Money is a key motivation. What is a competitor doing or planning? How much is a person-or a country's-secrets worth? What is the weakest link in the information chain?
As technology grows increasingly sophisticated, so does hacking. For instance, take that photo that just landed in your inbox. If you're looking at someone's beach vacation memory, a PDF or Microsoft Word document you would never be able to notice that some pixels that might be a little off-and might have reams of sensitive information embedded within that one miniscule portion through adjustments to line and letter spacing. Most standard security systems wouldn't detect it, Wood said.
In addition to intentional attacks, online information is at risk because of human behavior. Employees may do their best to skirt security measures because they consider them cumbersome and time-consuming. According to a recent report by public-private IT partnership MeriTalk, more than 30 percent of the federal workers polled circumvent security measures at least once a week.
How can security professionals fight such subtle, deliberate, ever-changing tampering and such inconsistent, apathetic human behavior?
"The detection of secret content is so difficult or even impossible that I've taken the position that we need a different approach," Wood explained. "Instead, every file is scrubbed so that any secret messages are removed but the actual file is, for all practical purposes, unaffected, without the need for prior detection of embedded secret messages."
With scrubbing, data stays safe while changes to the actual picture, song or movie are imperceptible. Wood's scrubbers can be configured to clean any infiltrating computer files that try to enter a computer or leave a secured area in a network.
"With such a great potential for wide-spread security breaches and devastating impacts, scrubbing files that exit and enter a system seem to be the safest and most comprehensive way to address the issue," Wood said.