Posts Tagged ‘Computer security’

In our prior post (“The Evolving Promise of Unbreakable Computer Security”) we suggested that the evolution of quantum computing would make it possible to create virtually unbreakable computer security due to its ability to create almost absurdly difficult encryption through the use of complex prime number “decompositions” that even today’s super-computers could not solve.

As a counterpoint today we offer the opinions of editors at The Economist, offered in the April 8, 2017 issue, in which they suggest that “computers will never be secure,” and that “to manage the risks, [we need to] look to economics rather than technology.”

We’ll let you be the judge as to which opinion might ultimately prevail.

The Economist editors suggest that “computer security” itself is a contradiction in terms.  Hardly a day passes that we don’t read about the latest cyber-attack (we’ve helped several of our ERP clients after they were harassed or held hostage through ransomware attacks).  Recently the central bank of Bangladesh lost $81 million… Yahoo almost torpedoed its sale to Verizon due to massive data breaches… and allegations persist about Russian hacking of the U.S. elections.

Today, there is a huge black market for data theft and extortion tools, including hackers for hire.  And soon enough, the Internet of Things (of which we’ve written frequently) will present even more devices that never expected to be hacked, but are ripe for attack.  The bottom line is “there is no way to make computers completely safe.  Software is hugely complex.”

And perhaps common sense would dictate that when you have millions of lines of code, like Google or Microsoft, errors are inevitable.  The Economist states that “the average program has 14 separate vulnerabilities, each a potential point of illicit entry.”  And after all, we are reminded, there’s the internet, where security was pretty much an afterthought.

So, what to do?  According to the Economist’s editors, it’s all about managing the risk.  Their suggestions include:

  • Start with regulation. If you can’t weaken encryption for just the bad guys, then make sure encryption is strong for everyone.  “The same protection that guards messages in WhatsApp also guards bank transactions and online identities.”
  • Set basic product regulations. They suggest promoting “public health” for computing, with solutions ranging from “internet-connected gizmos” that are updated when flaws are found, to forcing users to change passwords and user names often.  Enforce reporting laws already in place that make companies disclose when they are hacked.
  • Overall, says The Economist, incentives to take security seriously are weak, and the long-established disclaiming of liability by providers may soon bump up against traditional protection and liability laws, especially where computer products become embedded in devices traditionally protected by established liability law. In other words, the courts may one day force the liability issue.  And there’s nothing like the government to come down hard with new rules.
  • Cyber liability insurance. It’s a small but growing market for protecting consumers.  Product companies may soon find buying it preferable to the destructive consequences they might otherwise assume in liability cases.

Finally, they note that when the internet was new, no one took security seriously, and no one objected.  But today’s internet is ubiquitous, and not taking security seriously, given the known risks and consequences, is no longer forgivable.  As the editors conclude, “changing attitudes and behavior will require economic tools, not just technical ones.

Read Full Post »

The idea of “quantum computing” has been around for a while, but lately, some very blue-chip sorts of companies have begun investing in it seriously.  Names like HP, Google and Microsoft, to name a few.

Quantum computing is best thought of as the ‘next generation’ of computing technology, in which the weird and dazzling properties of the atomic and sub-atomic worlds govern what a computer is capable of.  Quantum theory was born about a century ago, but its practical use has long been out of man’s reach.  But the day is coming. Everything in the natural world can be described by quantum mechanics – but it operates on a very different plane from the natural order of things we humans have come to know.  And sometimes, quantum properties can act downright… weird.

For example, in computers, the fundamental notion of a “bit” of information is defined by a flow of electric current that, like a switch, is either “on” or “off.”  There’s no confusion, and that foundation allows computers to work from flowing electrons, and software programmers to create code that depends on it.  But in the quantum world, things aren’t so simple.

Without veering off into strange properties and the famous Heisenberg Principle which says that the mere observation of an atomic particle or event can change its very nature (you can determine a particle’s direction of movement or its location, but not both at the same instant)… the bottom line is that a quantum bit can be both on and off simultaneously.  As scientists learn to harness the power of this notion of a ‘qubit,’ it promises to unleash phenomenally more powerful hardware and software than ever seen before.

Which brings us to the future of computing.

One of the most promising possibilities in quantum computing is that of unbreakable security.  The unique properties of this on-while-off status of a qubit gives it the capability of working out prime numbers that, when multiplied together make up ridiculously large primes whose reverse uncoupling (or “decomposition”) is mathematically extremely complex, and is the basis of most modern cryptography in use today.

The new algorithms produced by quantum computing promise to deliver cryptographic solutions that quantum computers can crunch through, but which are well beyond anything that even today’s supercomputers are capable of.

Meanwhile, companies like those mentioned earlier all have research programs for determining how best to harness these quantum capabilities in software and applications.  Early interest has come from governments and defense contractors, not to mention the NSA, as well as a growing number of startups.  These efforts are based on the work of Dr. Peter Shor who, at Bell Labs in 1994, first showed how a quantum computer would be capable of solving the prime riddle.

In the future, that capability would be useful “for all manner of currently intractable problems” notes a recent article in The Economist (March 11, 2017).  Applications including those requiring extremely precise timing, perfectly accurate GPS triangulation and massively complex encryption will likely be among early efforts.

While these machines and software are ultimately among mankind’s greatest engineering challenges, one tends to believe that in the long history of computing, they’re simply the next step on the trail, in the seemingly never ending evolution of the computer.

(Note: In our next post, we’ll present a counterpoint to our “unbreakable security” thinking above, courtesy of the editors at The Economist. Stay tuned…)



Read Full Post »

IoT2While the IoT (“Internet of Things”) promises a plethora of interconnected of devices and a boost to productivity and lifestyle alike, builders of these newly web-connected devices from refrigerators and air conditioners to automobiles and medical devices would be wise to slow the truck down just a tad.

Why?  Security concerns.  Like insulin-interrupters (medical devices) and mobile hackers (automobiles) and a lot of things in between.  A recent article in the July 18, 2015 issue of The Economist on cybersecurity illustrates by example some of the threats that perhaps not enough folks are thinking about.

It starts innocently enough.  Mattel has a new Barbie doll that with a chip that “listens.”  Ask Barbie a question and she uses her built-in wifi connection to connect to a data center that comes up almost instantly with an apt reply.

At home, smart thermostats learn about their owners’ heating and cooling preferences and adjust themselves accordingly.  Insulin pumps are being computerized for diabetics that instantly relay their vital signs to their doctors.

What do these all have in common?  Not a lot of defenses against modern day hackers.

But then, think back not long ago to the original internet: Who was worried about worms, viruses and hackers then?  Now, we worry about cars being hijacked by hackers (witness the recent huge Jeep recall when it was discovered that a hacker outside the car could take over its controls).  People fear diabetics being murdered, as the article points out, by having their pumps disabled remotely (it’s been done, sans the murder part), or thieves hacking a home’s temperature settings to learn when its residents are away.

The issue here is whether manufacturers – with little internet security experience, or even the need for it up til now – can thwart a determined hacker.  Most haven’t even been thinking about it much.  At least not until now.  Most widget-makers have little experience with these things.  They are mechanical engineers by training and, as one European car maker noted, “suddenly we have to become security developers, cryptography experts, and so on, and we have no experience of how to do all that.”

Most computer and software companies have learned that perfectly secure code is a myth.  Often, companies like Google and Apple actually pay hackers to find holes in their security, then patch them.  It’s a never-ending cat chasing its tail problem of course – at least in today’s technology.

But the biggest threat, The Economist article notes, is that “companies have few incentives to take security seriously.”  Just as in the Internet of the early 1990s, most of these threats are still on the horizon.  So getting security wrong today has, for the moment “no impact on a firm’s reputation or profits.”  Expect that to change before long, especially “in industries where the consequences of a breach are serious.”

Just as in the early years of the train era, when it took many boiler explosions and crashes before railways started taking safety seriously, and in the auto industry, which really only started getting serious about safety in the 1970s, safety and security protections will come to the Internet of Things – especially where real safety issues are involved.

But it’s going to take awhile, and a few bumps and bruises – and probably worse – along the way.  Just something to be thinking about…


Read Full Post »