In cybersecurity, our greatest enemy may be...
When it comes to cybersecurity, we are constantly reminded of the threats posed by external adversaries, or about the inadvertent problems we sometimes cause because of our own lax practices. But what if the greatest damage comes from a deliberately designed weakness?
As security guru Bruce Schneier points out in a recent opinion piece for CNN, the recent and widely publicized hack of Google sites by the Chinese was due to a “back door” that Google itself built into its systems to comply with U.S. government requirements.
This is an old sore in computer security. Programmers since way back when have been building these back doors so that they can easily get into the program they built when they need to tinker with the code. At one time, it was presumed that only they would know how to do so.
Well, surprise! Smart hackers – and there are legions of them – also discovered those back doors and learned how to manipulate them. It’s now one of the first things hackers do to try and gain access to any software system.
Unfortunately, as Schneier also points out, “An infrastructure conducive to surveillance and control invites surveillance and control, both by the people you expect and by the people you don't.” If the FBI, National Security Agency and others insist on being able to monitor the infrastructure, then these kinds of back doors probably will always exist, and hackers — Chinese or others — will always have a way into our cyber systems.
There are some intriguing things being put forward to improve cybersecurity, both from a policys standpoint and through technology. For example, take a look at this Defense Advanced Research Projects Agency's proposal for a “Cyber Genome” program. However, what use is all of this, when our very own surveillance obsession lays us so open to penetration by whoever can find and open the back door?
Posted on Jan 26, 2010 at 9:03 AM