Can a parallel be drawn between freedom to cross the Berlin Wall and the freedom to post on a Facebook wall? Can such borderless liberty be defined in a 140 character Twitter feed or does it require an updated Declaration of Independence? There’s no question the proliferation of technology around the globe has opened new portals for expression to those otherwise silenced by their governments and as a means toward equality for the oppressed. Call it Freedom 2.0.
Yet while this expressive new flame flourishes, our collective failure to protect such channels threatens both the integrity and usability of online forums. Last month’s hacking of Google’s source code – the secret instruction manual, if you will, of the search engine’s inner-workings – should serve as a warning sign to the international community of cyberspace’s next stage of growth. First built as a tool for convenience, the Internet is simply not equipped to ward off today’s sophisticated attacks. If this modern marvel is to continue to thrive and serve as a beacon for all things innovative, security must now be our top priority.
The Google attack was not an isolated event. As the global recession drags on, sensitive information only becomes more valuable - and more vulnerable. Former employees, upset over a recent layoff in these hard economic times, have insider information that can be used to access company networks and obtain corporate data. Depending on how big their axe to grind is, now it’s all too easy for the disgruntled former staffers to plaster sensitive intelligence all over the cyber-world.
Corporations are hardly the sole victims. Consumer records can be left uncovered in the process of a breach, and the virtual identities of millions are left for the taking. In 2008 alone, 285 million consumer records – or nearly one per American - were compromised.
Is the problem intractable? It is -- if we continue the same, static approach to fixing it.
For centuries, humans secured data primarily through two methods of identification: what you have (house keys, car keys, key fobs) and what you know (the combination to a lock, your Social Security number, your password). These methods typically work in limited and controlled environments. However, with the proliferation of the Internet and the abundance of data sharing sites, such identification tools are hardly secure.
Today, the Internet has 1.7 billion users, a number that is increasing at the rate of nearly 1 million per day. Facebook itself would boast the third largest population on Earth if it were an autonomous nation. Ashton Kutcher tells his 4.25 million Twitter followers what he eats every day for breakfast. Our world has moved into a virtual dimension, and as such, security requires an upgrade.
To do so, we must examine what makes an item “secure” through an entirely different lens, moving from simple identification to complete authentication. In addition to what you have and know, network access points must be able to authenticate who you are. Your palm, your face, and your typing pattern are all unique characteristics that cannot be replicated, lost or stolen as more traditional methods of identification increasingly can. Instead, you become the key to your data. You become the password.
While it may surprise some, these advances are no longer the subject of sci-fi movies and are ready to be applied today. The question is how do we use them?
Must retinal scanners be immediately installed on every computer? Probably not. However, new ways to secure login portals should at least be considered. More importantly, we all should take the initiative to become better educated on the state of cybersecurity. As we gain more exposure to cyberspace resources through e-mail, Facebook and online banking, for example, it becomes easier to trust the security and privacy of such applications. It is critical we resist this, however, remaining continually aware the information could be intercepted somewhere between send and receive.
Further, this new paradigm of security where users become their passwords is only effective if the concept is ingrained system-wide. Google is the latest example of the many American businesses under cyber-attack. As the Internet matures into the primary forum to exchange sensitive information, we will probably enter into a cyber-arms race of sorts – a race not only between private-sector competitors, but also foreign governments and agents (Al Qaeda) who would seek to collapse Freedom 2.0. We didn’t choose this ground, but our banks, critical infrastructures, and government agencies now line the battlefield of an iGen Cold War. We must face opponents as one united front – with both private and public sectors aligned.
That means greater recognition that government and the marketplace have equal parts in advancing good ideas. The go-it-alone approach by either side has proven ineffective. Now more than ever, we need a partnership between the federal government and private industry. Each must have a seat at the table, and each party must realize it doesn’t possess a monopoly on workable solutions.
The online universe is successfully tearing down the walls that have, until now, separated and confined vast populations of the globe. Yet in its openness, danger lies. Too much money, too much proprietary information, and indeed, too many freedoms hinge on too little security. The Internet is moving forward. Will we?
Tom Helou, a frequent lecturer on information technology and cybersecurity policy, is the president and COO of Authenware.
Fox Forum is on Twitter. Follow us @fxnopinion.