Page 20 - Cyber Warnings
P. 20
one of the major things President Trump could do to remedy cybersecurity issues would be to
approach it the same way the US approached the space race. We need to make cybersecurity a
national priority, not only to have better operational security but to go after the fundamental
science of cybersecurity. Cybersecurity should be a cornerstone of our scientific agenda, very
much the same way space travel was in the 50s and 60s. We put a tremendous amount of
energy and thought into addressing how we dealt with the space race, and I believe a similar
thing needs to be done with cybersecurity. Industry is not going to fix the problem alone. We
need a new science and new kind of engineering that will lead us to a more pervasive
cybersecurity and in turn a more secure society.
Should governments have authority to request keys/backdoors to all types of
cryptography?
Unfortunately, handing over the cryptographic keys that protect systems is only going to create
more problems. The idea that the secrets that control your most secure systems can be safely
handled by an organization as large as the federal government is just unrealistic. Quite frankly,
the history of security has shown this to be the case. By sharing all those keys with an
organization like the government, and giving them the ability to use those keys broadly, you
actually make society less secure, not more.
But this does bring up an interesting debate, and that is the tradeoff of where the right to
privacy interferes with the right to public safety. That is absolutely a public debate that needs to
be had. I don’t think that any one person has a simple answer to that question, but that’s the
question we need to be asking before we get to any particular implementation of a broader
consensus on what our public policy should be. There are technologies that will allow us to have
our cake and eat it too :here are ways to provide data, retain data, and compute with data that
will preserve our right to privacy but also preserve some rights to access for third parties. Those
technologies are very much in the forefront of people’s minds, but that is something that today
isn’t quite there yet. It’s unclear what the requirements for such a technology would be and
where to draw that line in the sand.
What are your biggest security concerns as they relate to the influx of connected devices
in the Internet of Things (IoT)?
When it comes to IoT and the future of security, I have a vision of two possible futures—we will
either be working toward and arrive at a sense of security where we have systems that provide
security for whatever we’ve defined that to be, and we have the technologies to make ourselves
secure, or we accept insecurity as the norm.
The first scenario comes at a significant cost. Just like we want more energy-efficient batteries,
it takes time and money to develop and manufacture them. If we want to be more secure, we’ll
have to pay for more security. There’s no getting around it. But I believe this to be the more
optimistic future, because we will understand the tradeoff between cost and value, and we’re
going to pay for it so we can live in a world in which we have much better security than we do
20 Cyber Warnings E-Magazine – March 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
