Government Technology

At Issue: Who’s to Blame for Shoddy Security (Opinion)


Whack-a-Mole Malware Protection

July 2, 2012 By

Last week two security firms announced that a coordinated cyberattack dubbed "Operation High Roller" appears to have hacked into 60 different banks. Believed to have originated in Russia, the hack scored approximately $78 million.

This brazen theft has left a number of unanswered questions in its trail. One may loom above all others: If banks are the gold standard for security, where does that leave the rest of us?

The short answer is we’re all in trouble.

No one needs to be reminded of the long litany of cybersecurity attacks, disruptions, thefts and exposures carried out during the past few years. Most anyone who owns a computer that's connected to the Internet — even with the newest operating system upgrades, patches ad infinitum, the latest security software, firewalls and bulletproof passwords — has had some malware bring down a system or at least cause major inconvenience.

"Looking back, the first 20 years in the war between hackers and security defenders was pretty laid back for both sides," said Kevin Poulsen in a 2009 Wired article. "The hackers were tricky, sometimes even ingenious, but rarely organized. A wealthy anti-virus industry rose on the simple counter-measure of checking computer files for signatures of known attacks. Hackers and security researchers mixed amiably at DefCon every year, seamlessly switching sides without anyone really caring. From now on, it's serious," he warned. "In the future, there won't be many amateurs."

Poulsen was right. Attacks have become more sophisticated and numerous, creating real economic damage as Americans spend more time and money online. Earlier this month, researchers reported that the Flame malware can even hijack the Microsoft patch update mechanism to spread by the very method designed to protect against attacks. The cost is high and rising. Consumer Reports said that in 2010, malware cost Americans $2.3 billion.

Government is also feeling the threat. According to a 2011 report from the U.S. Government Accountability Office, "Weaknesses in information security policies and practices at 24 major federal agencies continue to place the confidentiality, integrity, and availability of sensitive information and information systems at risk. Consistent with this risk, reports of security incidents from federal agencies are on the rise, increasing 650 percent over the past 5 years."

Attacks have cracked banks, destroyed electrical generators and disarmed nuclear plant safety features. They have the ability to bring down a country's electrical grid; the smart grid will add additional vulnerability.

It might be time to stop swatting at mosquitos and seriously consider draining the swamp — doing something very different to eliminate the threats and the vulnerabilities. But are there any incentives to do that? The security industry is big business and without attackers to fight, nobody needs an antidote. As Poulsen said, the hackers and security researchers mix and change sides. A successful attack might earn the perpetrator a good job with a security firm. It's black hats vs. white hats, and computer users are the pawns, the losers, the suckers.

What would happen if “malwar” peace broke out? Would productivity soar, lifting the economy, or would the economy crash with news that the robust cybersecurity market segment was kaput?

And if the incentives were there, is a complete solution to cybersecurity even possible? Internet pioneer Vint Cerf, in a 2009 presentation said that if he were to do the Internet over, he would put much stronger emphasis on authentication and accountability in the architecture, even though, as he said, the idea has "tension with anonymity." So is stronger authentication the answer, and is it possible to add it on at this late date?

There are all kinds of reasons given for our porous security. We tend to blame users for weak passwords, for using memory sticks, for downloading free software and apps, for using unsecured Wi-Fi hot spots — all the things that are convenient and useful.

Maybe it’s time to start faulting the overall design of the Web, and the malware makers, and also to begin demanding better solutions from security firms who can't seem to stop these increasingly serious intrusions.

At Issue: Are we destined to an eternity of "Whack-a-Mole" security, or is there some real solution we are overlooking?


| More

Comments

Add Your Comment

You are solely responsible for the content of your comments. We reserve the right to remove comments that are considered profane, vulgar, obscene, factually inaccurate, off-topic, or considered a personal attack.

In Our Library

White Papers | Exclusives Reports | Webinar Archives | Best Practices and Case Studies
Fresh Ideas In Online Security for Public Safety Organizations
Lesley Carhart, Senior Information Security Specialist at Motorola Solutions, knows that online and computer security are more challenging than ever. Personal smartphones, removable devices like USB storage drives, and social media have a significant impact on security. In “Fresh Ideas in Online Security for Public Safely Organizations,” Lesley provides recommendations to improve your online security against threats from social networks, removable devices, weak passwords and digital photos.
Meeting Constituents Where They Are With Dynamic, Real-Time Mobile Engagement
Leveraging the proven and open Kofax Mobile Capture Platform, organizations can rapidly integrate powerful mobile engagement solutions across the spectrum of mobile image capture, mobile data capture and complete mobile process integration. Kofax differentiates itself by extending capture to mobility, supporting multiple points of constituent engagement. Kofax solutions dynamically orchestrate the user’s mobile experience from a single platform—reducing time to market, improving process perf
Public Safety 2019
Motorola conducted an industry survey on the latest trends in public safety communications. The results provide an outlook of what technology is in store for your agency in the next five years. Download the results to gain this valuable insight.
View All

Featured Papers