The Darwinian Challenge of Cybersecurity

The adaptive nature of threats to information security has proven to be one of the greatest challenges to personal, business, and government adoption of computing in general, and communication of digital information over the public Internet, in particular. Today we are not only concerned with theft of private or sensitive information created and stored on ubiquitous personal computing and communications devices, we also have to be concerned with the security of our information while it is in transit and when it is in storage at its destination. So, how we send information and who we send it to become critical parts of the total security challenge. Since digital packets don’t care whether their content is a March Madness basketball video, digitized voice, a Tweet from our stock analyst, the current geospatial location of our significant other, or a digitally-signed legal document, IP networks are rapidly becoming the main arteries of our society.
  • The military has adopted a net-centric strategy and an “Everything over IP” approach to transmission of digital information.
  • Business and customers have tacitly agreed to continue to accelerate the exchange of information and transactions via the public Internet for convenience, choice and cost savings.
  • The cost advantage of voice-over-IP versus legacy voice networks is taking market share from the traditional Telcos.
  • By law, our most private health records and laboratory test data will soon be exchanged over these same IP networks.
In the last two decades society has found that the benefits of the Internet are tainted by the malicious intent of clever, network-savvy thieves and sophisticated, state-sponsored information warfare specialists. Is there a logical path to a goal of information security through this unlighted maze of cyber threats, or are we destined to play “Whack-A-Mole” well into the future? Setting aside the security problems posed by military or intelligence threats, which few of us are likely to see in our personal or business activities, I believe that we can achieve an adequate level of protection if we assume personal responsibility for our own information security and work in our professional lives to support, rather than ignore or circumvent, the security policies of our employers. In so doing we may not be totally secure in our ‘digital lives’, but we can raise the bar for penetration or compromise to the point where the effort required is not worth the illegal gain. For both personal and business security this implies a layered defense where the most valuable assets are protected with the most stringent measures, for example:
  • Using strong passwords on personal social media accounts.
  • Becoming knowledgeable about email scams.
  • Dealing with a personal bank or broker who will transact with digital certificates.
  • Protecting corporate email systems with state-of-the-art anti-virus, anti-phishing scam filters.
  • Adopting an enterprise information security policy that can be enforced through a comprehensive security platform.
  • Protecting corporate network passwords within a secure cyber vault.
Since little can be done after you have sent money to a scam artist, or revealed key personal financial information via some computer malware, full participation as a responsible peer in the digital society requires that you educate yourself on appropriate security measures. If you do not, you will be the one who pays the price. Expect little sympathy and less empathy.