On 3 October, the RSS Statistical Computing Section held a meeting on cybersecurity at the RSS building in London. The meeting consisted of four presentations from Professor Nick Heard of Imperial College London, Professor Delaram Kahrobaei of the University of York, Dr Patrick Rubin-Delanchy of the University of Bristol and Dr Colin Gillespie of the University of Newcastle.
Nick Heard presented a tour through some examples of attempted cyber-attacks whose presence could be detected as a rejection of a hypothesis test, whose null hypothesis posited benign behaviour. Despite ongoing controversy surrounding hypothesis testing, it was clear that it remains a useful framework and language for measuring anomalous behaviour. Testing methods were accompanied by illustrations using real data, including suspiciously frequent connection events associated with the infamous Wannacry malware.
Delaram Kahrobaei presented recent work on statistical learning performed entirely on encrypted data, as would be required if data were highly sensitive and the learning were outsourced to a third party. The audience learned of a breakthrough from Delaram and her collaborators, enabling an indefinite number of linear operations to be performed on encrypted data without computational overheads accumulating. We also saw how the technology could be applied to Naive Bayes classification of medical data, allowing for confidential diagnosis decisions to be made.
Patrick Rubin-Delanchy presented work on the theory underpinning the behaviour of random graphs, identifiable with computer networks. We saw how nodes/computers could be characterised via their tendency to communicate with other computers. More specifically, we learned about possibilities and limitations for methods to embed computers and networks in spaces of latent variables in such a way that these characteristics are captured in their location in the space.
Colin Gillespie demonstrated to the audience how malicious actors may not need to employ sophisticated means to access sensitive statistical data. Specifically, we saw how often insecure passwords, misspelled web addresses and hastily re-purposed code could provide opportunities for hackers to take control of a computer. This talk may have prompted nervousness among the audience, many of whom could all too easily imagine their own behaviour undermining their cybersecurity.
The meeting was highly stimulating and enjoyable, and ended with a trip to the nearby Artillery Arms pub for further discussion.