SoS Musings #10 - 2018 Internet Security and Regulations
SoS Musings #10
2018 Internet Security and Regulations
Around the new year articles predicting internet security start popping up. 2018 is not different.
Govtech offers “The Top 18 Security Predictions for 2018”. The article lists predictions from eighteen sources and includes their links. A substantial amount of these are amplifications from last year’s predictions, returning in a larger way. The coming General Data Protection Regulation (GDPR) requirements from the European Union in May is also a factor and has mixed assessments as to its possible effectiveness. It requires businesses to protect personal data and privacy of EU citizens for transactions within EU states; as well as regulation of exportation of data outside of the EU. The UK also has a new Internet Safety Strategy. It is focused on protecting citizens rights and well being online. The U. S. White House Strategy, posted on the VO, is another take.
For the most part these all call out areas that need to be addressed without mentioning the details needed to achieve their goals. Forbes goes a little farther creating 11 Cybersecurity resolutions for 2018 aimed to increase security from 11 members of their tech council. A Harvard Business Review article states that the Internet of Things (IoT) is a game changer. Removing the human risk component, IoT and other security issues aren’t user interaction problems; they’re device and system interaction problems. It states that it is time to take the human factor out of the equation and hand those problems to intelligent systems.
How do we respond to the predictions and regulations? The devil is ALWAYS in the details. The internet is a global phenomenon whose interconnectivity we have come to need and expect. What assurance do we need for products/programs which claim to mitigate some piece of the puzzle? Do we accept the claims of industry or governments? What evidence is needed? What repercussions, actions, restitutions occur if the claim is found to be untrue?
One way to help bolster trust is to “open source” all solutions including assumptions, research and proofs so that they can be studied, verified, and built on. The Science of Security Virtual Organization is an attempt at this. It is unlikely that companies will freely divulge their intellectual capital which serves to generate their revenue. Should there be an international board that verifies (without disclosure) claims? Can it work together in a timely manner? How would it be funded?
Lacking some agreed to equilibrium that balances security, privacy, and revenue the Internet will contain some safe and unsafe upgrades/solutions. Believing in fixes that don’t work is worse than no fix as that flaw will no longer be studied with as much scrutiny. Perhaps the most urgent order of business is agreeing on the ground rules or we will be improving some security features but continuing to chase our tails.