Since the Christmas Day underpants bomber revitalized our terrorism fears, I have been thinking about the similarities between preventing terrorists from physically attacking us and protecting our digital information from hackers and cyberwarfare groups.
The Department of Homeland Security is reluctant to admit that there are no amount of security measures that can be taken to guarantee 100% safety at all times from terrorist attacks. Security engineers must also be aware of this fact. Cyberdefenses can never fully guarantee protection. What can be done in both cases is to make it as difficult as possible for the enemy to bypass the cyber and physical defenses we do create. We analyze their current attacks and schemes to make sure that existing attacks will not breach defenses. We also attempt to understand what future attacks will look like, always trying to be one step ahead of the enemy.
The enemy in both cases consists of small, agile groups that operate within networks. Whether it is an Al Qaeda branch or the Ukranian Fan Club, both organizations are small and nimble enough to promote faster organization than their adversaries. Most IT security teams as well as the Department of Homeland Security are large, powerful organizations whose greatest weaknesses is their slow response time due to their sizes and internal bureaucracies. As we have seen from the underpants bomber, the DHS has perhaps become too large and slow to connect disparate pieces of information that would have prevented the bomber from boarding the plane.
In both struggles, the main problem is the issue of safety versus freedom, or protection versus convenience. How many airport security measures will people endure in order to improve their safety? IT security professionals struggle with the idea of promoting safety without impeding the freedoms of the business. Social networking and file sharing can be very useful tools for businesses, but they also greatly increase the chances of malware infections and cybercrime hacks.
It would be unreasonable to eliminate freedom entirely for the sake of safety in both scenarios. After all, if you never take your business online then you will never be hacked – just like if you never go on a plane you will never attacked by a terrorist passenger.
Email This Post
Print This Post
You must log in to post a comment.