Person:
Robinson, Amy

Profile Picture

Email Address

AA Acceptance Date

Birth Date

Research Projects

Organizational Units

Job Title

Last Name

Robinson

First Name

Amy

Name

Robinson, Amy

Filters

2021 - 20222

Settings

Author's Publications: search.filters.isAuthorOfPublication.96e9fb01-2b61-46ba-969b-2afeabe660ec

Search Results

Now showing 1 - 2 of 2
  • No Thumbnail Available
    Publication
    Technical Difficulties of Contact Tracing
    (Belfer Center for Science and International Affairs, 2021-02) Robinson, Amy; Waldo, James
    In mid-October, thousands of English and Welsh citizens received phantom alerts that they had potentially been exposed to COVID-19. A quick Twitter tour reveals the spiraling fear, frustration, and confusion that ensued. Even though National Health Service (NHS) later updated the app, built using an Exposure Notification System (ENS) developed by Apple and Google, the incident still amplified mass hysteria and confusion. The NHS bug demonstrates the real problem of false positives in digital contact tracing. A false positive occurs if the app alerts someone of possible exposure to coronavirus when no such exposure has occurred. A high rate of false positives has two potential problems. First, it could overburden a state’s limited testing capacity, as concerned citizens flood the already overwhelmed testing sites. On the other hand, people could become numb to notifications if the app continues to ping them with possible exposure. Then, people who really have been exposed will ignore the warning and not get tested. While not as panic-inducing, false negatives can be just as deadly. A false negative occurs when a person who was actually exposed to the coronavirus does not receive a notification. If asymptomatic and unaware of a possible infection, she will continue her daily business and further spread the virus. Medical experts have dubbed such oblivious asymptomatic transmission “the Achilles’ heel” of the pandemic, especially as social distancing restrictions are relaxed. Therefore, a digital contact tool must sufficiently minimize false positives and false negatives to ensure it does more good than harm. This is especially true as the number of U.S. states deploying digital contact tracing apps grows. In July, Google announced that 20 states and territories were “exploring” apps based on the Apple | Google ENS, which would represent approximately 45 percent of the U.S. population. New York and New Jersey’s recent app rollouts bring the total of state public health authorities currently using the Apple | Google ENS to eleven. In order to understand if the Apple | Google ENS is up for the challenge, we must understand the accuracy of the underlying Bluetooth technology. Long story short, Bluetooth technology simply cannot provide location information that is granular or consistent enough for digital contact tracing apps to reliably function.
  • No Thumbnail Available
    Publication
    New Risks in Ransomware: Supply Chain Attacks and Cryptocurrency
    (Belfer Center for Science and International Affairs, 2022-05) Robinson, Amy; Corcoran, Casey; Waldo, James
    With the first attack dating back to 1989, ransomware is far from a new phenomenon. However, as of late, ransomware attacks have significantly changed in nature, becoming larger, more sophisticated, and more frequent. While once a rare and petty crime, ransomware has now proliferated and quickly matured into a lucrative business with the emergence of cryptocurrencies that have facilitated large, untraceable transactions. Now, organized and often state-backed hacking groups not only perpetuate sophisticated, targeted campaigns, but also franchise the infrastructure needed to carry such campaigns and sell it as Ransomware-as-a-Service (RaaS) on the dark web. Just as concerning as the increased pace of ransomware is the emergence of a new delivery mechanism for malware that has been used in some of the most infamous ransomware attacks. As hacker groups have become increasingly sophisticated, modern software has become increasingly vulnerable to attack. Complex software must incorporate a multitude of pre-written code components from various sources, including open source code. Hacker groups can then target less secure software components, known as a supply chain attack, in order to extort a wide swath of companies or customers. Supply chain attacks are particularly dangerous if they establish a thread of control through an update package, such as the SolarWinds attack, which then provides hackers with the highest level of access to a machine’s resources. This paper seeks to provide an overview of the current ransomware landscape, such as the rise of RaaS and the increase of supply chain attacks, while also gesturing towards potential emerging solutions. While not an exhaustive list, promising solutions address the vulnerability of complex software reliant on outside code components, such as software bill of materials (SBOM) and vulnerability disclosure databases, or address the payout, such as stricter cryptocurrency regulations.