Jorge Benitez and Jason Healy writing at The Atlanticist today make the point that the only computer safe from being hacked is unconnected to the net, at the bottom of a coal mine, guarded by two armored divisions and switched off.
For all the talk about cyber protection and the billions of dollars being spent ($3.2 billion in 2012 for the Pentagon alone) to improve defenses in the public and private sectors, your bank account PIN and the secrets in President Obama’s computer are both vulnerable. The key difference is the number of people with the skill, time and money to exploit these potential targets.
There is a popular misconception that perfect cybersecurity is obtainable if you invest in sufficient defenses and practice reasonable access procedures. The cold, hard truth is that we live in an age where cyber-offensive capabilities are dominant. For example, specialists who test the vulnerabilities of our nation’s computer systems said in private conversations that their success rate is nearly 99 percent””and that penetrating that remaining 1 percent is primarily a question of investing additional time and money. There used to be a famous and much-debated air force concept that ”œthe bomber always gets through.” The sobering fact about the current state of cybersecurity is that the ”œhacker always gets through.” For the foreseeable future, cyber offense is king.
…Improving security raises the bar to keep out these rudimentary attacks, leaving defenders time to focus their attention on more sophisticated threats to their high-value assets.
This attention to basic security will decrease the number of successful cyber threats from millions of clever hackers to a handful of usual suspects with the resources and intent to attack a cyber-resilient system. Stronger defenses require greater costs, time and skills to be overcome.
Policy makers must understand this distinction: Complete cybersecurity is a myth, but cyber resiliency is obtainable and worthwhile.
Of course, policy makers will not be encouraged to make this distinction by those with a vested financial or career interest in making cybersecurity the next big procurement turf-fight. With billions of dollars, promotions, bureaucratic clout and of course the power that comes from unfettered authority to meddle and spy all at stake, we can expect that buzzword cybersecurity rather than resililience to be on everyone’s lips. It’s the newest arms race and everyone who can will jump on the gravy train.
But then you go and fill in your FBi dossier on Facebook and walk around with your Google or Apple personal tracking device.
Your privacy and security was lost long ago.
Meanwhile, the government sells the cyberterror threat to reign in what freedoms are left on the internet…even though the US government is engaging in cyberterror on an ongoing basis.
Policymakers are also fear-mongering PR makers.
The world of IP/TCP only works because of addressing and the ability for one computer to “talk” to another (port addressing/handshaking, etc.). In a very real sense, the design of the Internet is both it’s greatest strength and most profound weakness.
very poorly implemented, particularly relating to security.
Originally, the physical hookups were secure, so security wasn’t a high priority. By the time the need became obvious, it was too late to make security a tightly-integrated part of the system.
It’s just an add-on: remove the security and systems still run.
Properly designed you should not be able to run a system or application without very tight security.
A trusted insider going rogue can compromise any system and in nearly 50 years in the business I’ve never seen anyone discuss that issue, much less design & implement protection against that scenario.
With proper access rules, a computer system can be acceptably secure when the only access is hard-wired ‘dumb’ terminals. Since computer access became general instead of limited to professionals, all companies can do is tighten security as much as possible, make sure they have tools and methods in place to detect intrusions quickly, quarantine them and rebuild to a pre-compomised state.
We move this way to keep from going blind. – Weldon Kees