The recent rash of hack attacks, which caused only a little embarrassment to CENTCOM and damage to the images of some SONY execs, has caused President Obama to initiate high-level discussions on the subject this week. Channeling Johnny Cochrane on the 12th, the President said, ” If we are going to be connected, then we must be protected.”
We agree. On June 3rd in this space we posted the details of a Ukrainian-based malware scam that cost victims millions, and we strongly oppose people and organizations that terrorize the Internet. The cyber security experts usually point at the endusers, chastising them about using passwords more effectively. The experts would have us believe that no site or web application can be made hack-free. At a recent cyber security industry trade show, one booth featured many types of traditional locks, including some of the best home locks. As a demonstration, each lock was picked. The purpose of this was to show that–given enough time–even the best locks can be compromised, and to show that any security we think we have in the physical world is as elusive as it is in cyberspace. Then these experts ask you to hire them to help make your infrastructure more secure. They have set a very low expectation–easy to fail to deliver security if it’s really impossible in the first place. Blame it on all those users and their passwords. Hopefully, the President’s efforts will push the discourse to a more accountable level. The good news is that we CAN improve security. The people who can most effectively push back the black-hat hackers are the people who build and deliver the products and services that are getting hacked. Improved security needs to be designed into the hardware devices and software applications, starting with server, smartphone, and personal computing devices, and the high-usage, apparently wide-open ( are there any security folks at Facebook and Twitter?) social media applications. Hacking generates unusual traffic quantities and qualities. It is possible today to build products and applications that monitor themselves for such unusual activity.
Self-monitoring software applications and Internet devices are necessary firstly to end the current level of black hat activity, but drastic improvement by manufacturers and service providers is most importantly needed to protect the nation’s financial infrastructure and to enable the Internet of Things and smart homes. The billions of dollars created by companies using the Internet to deliver their product or service are more than enough to fund a major effort to improve the most-ubiquitous, highly-used products and applications. Google has the expertise to create a core group of “white hats,” talent that could be used by manufacturers and very large endusers, like the federal government. Perhaps providing developer/designer resources to hardware and software manufacturers would be a more valuable contribution from Google, for example, than a smart thermostat or smartglass.
Bill Patch, 01/15/