We begin November with some insights from the TechToberfest Cyber-security panel. I asked our group of experts what concerned them the most, and what gave them the most hope, from their perspective on the state of Cyber-security in 2015.
Kathleen Moriarty – EMC, IETF Security Area Director & Global Lead Security Architect
“What concerns me the most are the economic models that are keeping us in a state where we will have constant threats; where we will have constant breaches. What I mean by that is that the incentives are in the wrong place for systems to be secure at their core. Vendors aren’t incented to to fix problems and secure data at the core. “
“What I’m most encouraged about is what I’m seeing at the IETF, the amount of work going in to secure the protocol layer for connections on the Internet. There’s a huge amount of work happening, and there’s lots of vendor participation helping to move that forward.”
Dan York, Internet Society, Organizer, DNSSEC Coordination Project
“The ‘Internet of Things’, where we’re basically connecting everything through Internet protocols. That’s bringing about many tremendous opportunities and efficiencies. But, along with that we have a lot of security challenges. Issues like software not being constructed correctly. Not being able to update these devices properly. For example, during our panel we talked about baby monitors and how do you get a software update out to those devices when there’s a security fix needed.”
“But by the same token, we want the convenience of having that baby monitor accessible by mobile devices. There’s a lot of these issues where we have this tension between convenience and need for security. That’s the biggest thing that keeps me awake at night.”
“The hopeful side is we are starting to see that concern come to the fore. The other positive note is that the government is beginning to acknowledge that the problems of Internet security can’t be settled by governments or businesses alone. It has to be a collaborative effort. And that’s starting to happen.”
Sean Smith, Dartmouth, Research Director, ISTS
“The advantage of speaking third is that I can just say, ‘What Dan and Kathleen said.’ In terms of what concerns me the most, I’d agree the Internet of Things, and this rush to build and connect devices in ways inconceivable even a decade ago. The issue is the focus is on ‘let’s do it,’ not an equal focus on ‘let’s do it securely.’ That’s why we used the term “Cyber Love Canal’ during our panel. There’s a definite danger that’s what we’ll face in the near future.
The positive? We were challenged on the panel to come up with deaths caused by cyber-security problems, and none of us were able to, which is a good thing. For all the problems we see ahead, things are still working. And social consciousness is moving is in the right direction. So, there’s hope.”
Ben April, Farsight Security, Director of Engineering
“The thing that scares me the most is asymmetry. Bad actors have it easy. They just need to find one mistake, one vulnerability. As a cyber-security community, we essentially have to be perfect and on our game all the time. “
“On the positive side: The cyber-security community is working hard to solve the problems we face. There’s been a lot of progress made. On balance, I’m much more heartened than frightened.”