Information Security – Skepticism and Doubt
By Dr. Alan Radley, 9 Sep 2017
It is prudent to apply skepticism in response to any forthright claims of impregnability when it comes to a (standardized) digital communication system. In light of recent events (NSA spying & Edward Snowden etc), it has become clear that conventional systems are far less secure than most people had realized. Thus, we can no longer listen to the security promises/guarantees of some rather narrow cybersecurity ‘experts’—without a certain degree of skepticism; and because countless data-breaches indicate that (at least some) people were either lying, deceptive or just plain ignorant.
Accordingly, we need to know what has gone wrong with Information Security? On a world-wide basis, every day we see new instances of stolen, lost and compromised data—and on systems that were supposed to be impregnable. We need a new open language of security vulnerability, plus assessment methods to judge one system against another. We might also ask—who is designing our technologies—and why? Have we been deceived? If so, what can we do about it and how?
Learn more at “The Science of Cybersecurity”
Incredibly, some security ‘experts’ do not ever connect their personal computers to the Internet! It is as if they had given up—and believe that nothing (no security defense) offered even the slightest chance of protection. But most people are not so lucky as the same ‘experts’ who can simply disconnect from the Internet—and then run around giving everyone else (somewhat contradictory) advice.
Information Security Crisis
It is interesting to note that a good deal of disagreement exists amongst the experts—as to which point-to-point communication system, if any, is fully secure. For example, practitioners have long argued over symmetric (local private shared key) and asymmetric (PGP) encryption—with proponents from both sides claiming that the other’s methods are inherently are more vulnerable. What we can say with certainty is that neither side is correct—and that both methods have drawbacks—depending upon the specific features of a particular user-case scenario.
According to recent press revelations, a variety of back-doors have been built into standard encryption methods. For example, random number generators have been deliberately altered to make them—less than random. Thus, all dependent ciphers are rendered somewhat less than secure (regardless of user passwords etc). It is now commonplace to hear of numerous other systematic data-breaches and encryption-related problems (i.e. deliberate and/or accidental vulnerabilities). It is obvious that the Information Security field is in crisis.
Therefore, we must now re-evaluate the entire field of Information Security—and re-examine its founding principles and core assumptions. At the same time, we must impel system designers to work on more effective solutions for information-security. We put a man on the moon—surely it is not beyond mankind to make secure and private communication a viable option—and for everyone at anytime.
Follow me @ LinkedIn, “The Science of Cybersecurity” group