Friday, June 29, 2012

Is the Future More or Less Secure?

The Economist online is currently hosting a debate about cybersecurity and specifically the question of whether we are headed for a more or less secure world as interconnectivity increases. My vote is "no" for the following reason which I posted to their debate site:
It would be quite difficult to compromise security if we each existed entirely in our own hermetically-sealed network like an egg in a carton or a standalone PC on a desk. Each connection with the outside world creates a perforation in the egg shell and creates a security risk in the form of a point of potential compromise. The perforation can be compromised or the "tube" connecting me to the next "egg" can be compromised. Further, the "egg" I'm connecting to can be compromised. Or an "egg" connected to the one I'm connected to can be compromised. As you can imagine, hyperconnectivity increases the number of points of potential compromise exponentially with time. 
Our current risk-mitigation approach tries to hermetically seal all the perforations, joints, and pipes by wrapping them in a "fortress firewall." This becomes exponentially more difficult with the increase in points of potential compromise. Attacks are inevitable, as are compromises until and unless our approach to risk mitigation shifts from a "fortress firewall" approach to one in which we can examine, wrap, and filter actual bytes of information as they float around cyberspace. 
While I don't know what this approach will look like in practice, I predict it will include a strong focus on data provenance. Imagine an "HTTPS 2.0" in which we not only wrap packets of data in an encrypted security layer, but also give that packet the ability to either reveal its contents or self-destruct based on who/what/where/when/WHY it is accessed. 
Until then, data security risk shall continue to increase.