Network and information security in Europe today
by Mirko Zorz - Monday, 29 September 2008.
One of the hot topics for privacy advocates in the UK is certainly that of national ID cards. Lord Harris demonstrated the erroneous way in which the government is "selling" them to the public. No, they won't be a good counter-terrorism tool and they offer limited benefits when it comes to illegal immigration and border control. However, they undoubtedly grant citizens the benefit of being able to establish their identity and entitlement. If an ID card was required to open a bank account, they would probably make the identity theft rate go down.

With the strong expansion of broadband and other communication technologies, identity and security matter more every day. People are being increasingly targeted by cyber crooks and they have plenty to worry about: e-crime, data loss and a plethora of malicious attacks. When it comes to e-crime specifically, it's exceptionally problematic to display the magnitude of the problem in the UK since e-crime is still not recorded separately from other types of fraud. Despite not having concrete data at their disposal, UK citizens are more afraid of e-crime than burglary or mugging. According to Lord Harris, ignorance, carelessness and technology flaws are what puts individuals at risk. Once again we're reminded about the fundamental importance of security awareness.

Lord Harris believes that because of a grave lack of security, the UK critical network infrastructure is at risk. Let's just remind ourselves about the crippling May 2007 attacks in Estonia and the recent cyber disruption in Georgia. Governments should have a framework that enables them to see which resources are being attacked and, clearly, a proper set of firm guidelines that make sure every system is up to date and working properly.

We are increasing relying on Internet services but, sadly, they are not dependable. The above-mentioned events have demonstrated the persistent threat of Distributed Denial of Service (DDoS) attacks as an effective instrument of cyber-warfare and they can certainly impact the end user. Overlay-based mechanisms can mitigate the impact of DDoS attacks and their impact on performance is relatively low. The problems that remain are awareness and implementation.

As we move to an intrinsically networked world, the possibility of witnessing terrorists using cyber warfare is growing every day. The question isn't "if"- it's "when". While such an attack may not result in lives being lost, the economic impact may be immense and create a variety of long-term consequences.

The importance of research

One of the principal areas of security research today deals with emerging risks. The motivation is simple - you want to prepare for the future and try to stay one step ahead of the attackers by anticipating what lies ahead. As the learning process improves your knowledge of the problem, you develop a culture of security and that's exactly what every organization should invest into.

By collecting a vast amount of information and applying the correct analysis metrics we can at least in some way anticipate what will drive future threats. We have to take into consideration the development of communication technologies, the evolution of hardware as well as other factors such as online services, the size of devices we use, smartphones, and more.

We live in a world where Web 2.0 applications are gaining momentum. As the Internet user-base grows we can easily foresee a massive adoption of online services. Mobile phones are becoming more complex and able to perform a variety of tasks. With a generation of users that's doing things "on the go" right now, we're bound to see many more services on mobile devices in the future. All of these things have to be taken into consideration when trying to imagine the future.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 4th