The Sad Truth about Cyber Security
“The sad truth is that as hard as we may try, as often as we patch what we can patch, no one knows how to build secure software for the real world,” said Matt Blaze and Susan Landau in Wired. In the world of technology today, there is nothing more important than developing software that works well in the real world. But it’s much easier said than done, especially when it comes to security.
Security attacks have long been a major issue, and with the rapid evolution of Internet-connected devices law enforcement has struggled to stay on top of cyber threats. According to Wired, the FBI has been suggesting a wiretap-friendly Internet mandate could be the solution:
Whether we like them or not, wiretaps—legally authorized ones only, of course—are an important law enforcement tool. But mandatory wiretap backdoors in internet services would invite at least as much new crime as it could help solve. Especially because we’re knee deep in what can only be called a cybersecurity crisis. Criminals, rival nation states, and rogue hackers routinely seek out and exploit vulnerabilities in our computers and networks—much faster than we can fix them. In this cybersecurity landscape, wiretapping interfaces are particularly juicy targets. Every connection, every interface increases our exposure and makes criminals’ jobs easier.
Blaze and Landau add that we’ve been here before—in 1994 when all telephone switches were mandated to include FBI-approved wiretapping capabilities:
They want to massively expand the wiretap mandate beyond phone services to internet-based services: instant messaging systems, video conferencing, e-mail, smartphone apps, and so on. Yet on the internet, the threats—and consequences of compromise—are even more serious than with telephone switches.
This crisis can be minimized in other ways, but the one thing we know for certain is that developers and consumers need to get better at security. Since the beginning of “software time,” as Wired puts it, Internet-connected devices have had security vulnerabilities. According to Jon Evans of TechCrunch, our biggest flaw is that we simply don’t worry about security enough.
Security is, by its very nature, something most people generally hardly worry about at all—until or unless that one awful day comes when it’s the only thing they worry about. By then it’s usually too late to start taking it seriously.
Does your company take software security seriously? Let us know with your comments below.