Cybersecurity: Lookin' Bad for the Good Guys
By Allan Holmes | Tuesday, August 07, 2007 | 05:41 PM
By Allan Holmes | Tuesday, August 07, 2007 | 05:41 PM
The United States, as well as any other nation hooked into the Internet, is losing the battle against cyberthieves and hackers looking to commit crimes and steal sensitive, and possibly classified, information from networks. And it doesn't look like we will be able to improve the situation much in the near future.
That sobering assessment comes from cybersecurity expert Seymour Goodman, who was in Washington, D.C., yesterday at the Hudson Institute to give a talk on securing the Internet. Goodman, a professor of international affairs and computing at the College of Computing at Georgia Tech, was frank about the extremely difficult path nations face in trying to secure the Internet. In fact he was downright apologetic. An excerpt from Goodman's response to a question about how viable his plan to secure cyberspace really is:
The bottom line, and I hope it doesn't sound too defeatist, and I hope it sounds more realist, is we got to do what we can. We got to fight the battle. We are losing it. ... It seems that the bad guys are more innovative, and they bring their innovations into practice much more effectively than we do, and again despite the fact that all the PhDs are on our side. ... We've just got to fight this battle the best way we can. I don't see any silver bullet solutions out there. The NRC [National Research Council] committee said the same thing. We said something nobody in Congress wants to hear, and that is this is going to be a long, tough battle. ... It is going to be a battle that goes on forever. And if we stop fighting the battle, we are going to be in a deeper hole than we now are. I'm sorry I don't have a better answer for you.
Goodman did offer a model on which to build a process to police the Internet: the International Civil Aviation Organization, the members of which must follow certain safety and security guidelines, among other rules. Goodman says the model could work because it is scalable (just about every United Nations member belongs to the ICAO), because its coverage area has increased over time (from general safety to acts against aircraft to acts against the aviation infrastructure), and because it is focused on prevention. The ICAO also has a proven record, reducing the high number of hijackings that occurred in the 1960s and 1970s to nearly zero today. "This thing sorta works," Goodman says.
But at the end of his talk, Goodman admitted that the model might not be a good analogy for cyberspace because of one huge difference: the civil aviation infrastructure is finite. There are a finite number of airplanes, all of which must land at a finite number of airports, all of which are at a fixed, known location. Cyberspace and the number of computers with access to the Internet are increasing, and cyberspace is ubiquitous. It's everywhere. "So it is easier to organize this [civil aviation] case than it is to organize the cybercase," Goodman admits.
So, is it hopeless to try to make the Internet safe? Goodman's response: "We just can't say the cybercase is hopeless."
In other words, we have to believe, despite the enormous odds facing us.
That's not a real encouraging assessment. But then again, Goodman says he'd rather be a realist.
(C-Span broadcast Goodman's talk in its entirety.)
Comments
It is a battle, a dynamic balance, in which risk will always have to be guaged and chances taken. "There [really] is no way to win." If the Internet becomes too much of a risk, i.e., the probability of harm is too great, then some other avenue will have to be taken.
Roger4 | Tuesday, August 14, 2007 | 01:55 PMThe punishment never fits the crime too often its a slap on the wrist, maybe making these folks pay to fix the computers they damage would be a start with significant jail time.
The other big issue is the software makers like Microsoft. If they made cars they would be in court all the time about their cyber safety, yet there is no penality for them when they screw up. Maybe the Gates should have to pay instead of worring about dinations to their liberal trust
Good security is based on reality and common sense. Common Sense is a function of having common knowledge. Until the threats we face on the internet are common knowledge, you can't expect users to apply any level of common sense to this issue.
The answer lies in education, public education.
The kids coming into the job market today are the first generation that fully 'gets' the internet. Its the people who are 35+ right now that are posing the most danger. Primarily because they are holding the management positions and positions of power. Fortunately, these are problems that will solve themselves over the next 25-35 years... so until then...
I read these comments - the one stating "Boring doomsday drivel." I can tell is from a younger kid that grew up with a level of understanding of internet and security risks. "CertainDoom" is clearly someone who is in their 30's and can see the generation gap between himself and the younger crowd. Mr. Goodman, the man quoted in the article, is in the older generation and he sees the security problems of his generation. The ones who still can't comprehend cameras without film, have never run windows update, and automatically forward off any email with pictures of kittens.
We need public education campaigns, and that is what I am working on.
Joel R. Helgeson | Monday, August 13, 2007 | 04:17 AMBoring doomsday drivel.
Boring | Wednesday, August 08, 2007 | 10:28 AMUntil home users are not running infectable operating systems, there is no way to win this 'battle' .
The weak link in operating systems is a person with zero computer knowledge, loads of hubris, and 10 years experience, clicking or downloading anything he or she wants, getting infected without concern.
How can a society protect against that.
CertainDoom | Tuesday, August 07, 2007 | 07:07 PMABOUT THIS BLOG
Allan Holmes on what's happening and what's being discussed in the world of federal information technology.
feed