Cyber Insecurity is Destroying Innovation

March 6, 2009 by ADMIN
Share |

From The Cyber Security Institute

Imagine a day when you no longer need to carry money with you-everything you need to buy groceries, make investments, pay your gas bill, apply for a mortgage, move money around the world, put cash into your child’s college account, all of it is contained on a microchip embedded in your next generation communications device.

Imagine a day when all your vital information is on the same device and instantly at the finger tips of the emergency room doctor in whose hands your life hangs in the balance after a bad car accident-your blood type, your prior bad experiences with anesthesia, your allergies, your cardiac history, and even your living will.

Imagine a day when that same device can suggest a new restaurant based on your prior history (determined by your past searches and purchases, or even by the shows you watch, the movies you rent and the books) and that of your friends (as determined by your most frequent contacts from the same device’s memory), which is located just a block from your current location (as pinpointed by an embedded GPS chip).

Imagine a day when you come up with a new proprietary supply chain innovation for your company while walking down a street in Beijing, you go online, research the innovation, ping your company’s logistics team about how it might be implemented, receive IM responses immediately, exchange data and diagrams to begin the innovation process, and make arrangements for an in process design review via a web conference (which you will participate in via your device) for later that day.

Imagine a day when you drive your car with your thoughts down a smart road that prevents your car from crashing into the car in front of you, or driving off the road, and which sets the optimal speed based on road conditions, energy efficiencies, and whether you are late for a doctor’s appointment or just taking a leisurely drive on a Sunday afternoon.

All of these things are here now or are technologically within the realm of the possible soon.
However, the two greatest obstacles to these and other advances are security and privacy (which is really another manifestation of security concerns).

In January the public learned of a data breach at Heartland Payment Systems that experts say has comprised tens of millions of credit and debit transactions.  Heartland processes roughly 100 million transactions a month for more than 250,000 companies.  Some are saying this is the largest breach ever.  The breach was caused by a malicious software inserted into the payment processing network.  To make this breach truly troubling the company has no clue how the software got on its system or who put it there.  Also Heartland not only has no idea what transactions were comprised, but they can’t even tell whose accounts were breached and information stolen.  As a result, basically any American could find that they their accounts have been defrauded in the future.  And, just to increase the distrust factor, even though the breach occurred last year, Heartland elected to inform the public on Inauguration-a strategy guaranteed to draw as little attention to the information as possible.

A recent study by the world’s largest market research firm, Research and Markets, determined that, “Security concerns are the single biggest factor inhibiting consumer acceptance of mobile banking.”  Seventy-three percent of respondents feared that a hacker would be able to remotely access their accounts through a mobile-device system.  Similarly, 47 percent said that they did not sign up for available mobile banking services specifically because of security concerns.  The study surveyed a representative and random sample of 2,350 U.S. households.

The New York Times online closed out 2008 by reporting that a team of U.S. and British researchers were able to use “a cluster of several hundred Sony PlayStation 3 video-game machines to exploit a basic weakness in the software system used to protect commercial transactions made via the Internet . . . The flaw would make it possible for a criminal to redirect a Web surfer to a fake bank or online merchant without being detected by the security mechanism embedded in today’s Web browsers.”  This security flaw exists only because a few entities that issue the digital certificates that secure Internet transactions have continued to rely on outdated MD5 algorithms, despite repeated warnings about their vulnerabilities.  This vulnerability-or more precisely the inability of the entities that are supposed to make online transactions secure to secure their own operations-calls into question the integrity of ecommerce, especially for anything beyond consumer goods.

A November 2008 study of mobile device (e.g., laptops and PDA’s) use by of over 1,000 healthcare professionals found that 93 percent of the devices were at risk.  The study found that 49 percent of the healthcare professionals surveyed downloaded sensitive patient data on their devices.  The study further found that over 71 percent of respondents protected their devices and sensitive data with just a single password.  Additionally, at least 13 percent of these healthcare professionals had lost one or more devices containing such sensitive information.  No wonder that numerous studies find upwards of 70-80 percent of Americans are concerned about the security of their electronic medical records and their personal privacy.  A 2008 Institute of Medicine study found that almost 60 percent of Americans believe that personal medical information is not adequately protected by federal and state laws or organizational practices, despite new safeguards under the Health Insurance Portability and Accountability Act.

If people don’t trust the security of digital information the enormous gains that the digital revolution can bring will never be realized.  Smart devices have little value if smart people won’t use them.  Markets won’t move beyond online videos and books if ecommerce increasingly becomes “eswindled.”

Insecurity is the greatest impediment to innovation.

And this hurts America most of all. The United States simply cannot win in an economic race based almost exclusively on lower costs of production.  We cannot compete on that footing against other nations where wages and benefits are vastly lower, standards of living for the majority of the people are abysmal, and health care is the ultimate luxury good of the elites. Other nations are uniquely able to re-engineer and make at a lower cost the things that Americans and others around the world need.  If we run that race to the bottom we lose-win, lose or draw.

America’s competitive advantage has always been, and should always remain, our ability to innovate.  It was Henry Ford, an American, who invented mass production and brought the automobile to the masses.  The Wright brothers of North Carolina created the first airplane.  American innovation gave rise to skyscrapers and with them the modern city.  America has brought the world four successive generations of the information age, first with the telephone, then the television, then the computer, and then the Internet (whether you agree Al Gore invented it or not).

To be successful America needs to constantly push the limits of innovation and efficiencies.  We need to be out in front of the learning curve.  We need to be highly entrepreneurial and technologically driven just to remain competitive, let alone regain some of our lead.

But American innovation can’t take consumers and companies to the next level if they don’t want to go there because they fear the security of their data, money, and personal privacy.  The innovation highway is littered with the wreckage of countless companies with amazing product ideas that have gone too far beyond the limits of consumer confidence.

However, the corporate sector is slow to see this dynamic.  Most companies are loathe to invest more on cybersecurity, especially during these tough times.  Instead corporate “leaders” are quick to take shelter behind a series of rationalizations-we are secure enough (but not secure), we are secure as our competition (which isn’t very secure either), we haven’t suffered a major cyber-attack loss (yet).

To those who preach innovation this inability to respond to looming trends looks a lot like Detroit in the late 60’s and 70’s, and again in the last few years.  Only this time the problem doesn’t threaten a single industry and its dependents; this time the threat is to the prospects for renewed American economic strength.

So, if our future is dependent upon capturing the promise of the digital revolution, and if that future is being compromised by the insecurity of our information systems, it would seem logical that we should do all we can to fix that problem so that we can succeed.

There are innumerable ways that we can seek to address this situation.

We can work to educate and cajole the private sector to understand the problem and hope that these leaders will come around and do the right thing.  This is a worthwhile effort, albeit one that may take some time.  We can also use carrots and sticks to speed this process.

Another thing we can do is to invest in the integrity of our digital infrastructure as a nation.  For years we have ignored our crumbling physical infrastructure.  Now, faced with the current financial crisis, experts and the Obama administration are calling for a massive stimulus package, with much of the money to be spent on infrastructure.  The idea is infrastructure spending will not only stimulate the economy, but also improve America’s ability to compete.  This is inherently smart thinking.

However, America’s infrastructure today is as much digital as it is physical-as much bit and byte as it is brick and mortar.  And, the future of America’s economy requires that both our physical and our digital infrastructures need to be world class.  Thankfully this is not lost on the new President-elect who has pledged to use the stimulus package to boost America’s digital economy.  The President-elect has called for major investments in broadband deployment and increasing the use of technology in education and healthcare.

However, while increasing access and reach are important, access only won’t fix our problem.  Far too many Americans who already have access to these technologies are not using them because these systems are insecure.  Innovations that could create new efficiencies and economic growth are being passed over because of security concerns.

To fix the problem we need to not just expand our information superhighways, but also make them safer, more secure and more reliable.  To achieve this a portion of those digital stimulus dollars should be spent on making our digital infrastructure inherently secure.

Even a small percentage of the stimulus package could have a significant impact if invested wisely on private sector digital critical infrastructure security.  If the total economic stimulus package reaches $1 trillion, as some suggest it will, a mere one percent devoted to cybersecurity would amount to $10 billion.  If that money was used in the form of grants requiring a 50 percent match, then the overall impact would be $20 billion in new cybersecurity spending.

There is a clear parallel with what is planned for and needed with respect to physical infrastructure.  Overwhelmingly, the problem with our physical infrastructure isn’t that we lack bridges and roads-the problem is that too much of this infrastructure is unsafe and/or unreliable.

You can’t trust an unsafe bridge with your life, nor can you trust your life to an unsafe digital superhighway.  Let’s fix both.

The Cyber Security Institute is a newly established analysis and advocacy institute dedicated to serving as the voice for effective cyber security. Our objectives are:

* Raise awareness of the cyber threats faced by the nation, companies, and individuals.
* Serve as a de facto, independent “industry” standard-setting body with the goal of raising cybersecurity standards.
* Advocate for all cybersecurity technologies to be independently validated against widely accepted, internationally and nationally recognized standards.
* Advocate for the deployment of best available cybersecurity technologies to protect governments, critical infrastructure and individual citizens.

Unlike most cybersecurity-focused groups, we are not an industry or trade association. We are also not a think tank per se. While we will be doing high-level analytical work, our purpose is not to solely study issues; our role is to drive awareness and change.

These icons link to social bookmarking sites where readers can share and discover new web pages.
  • TwitThis
  • LinkedIn
  • Google Bookmarks
  • Digg
  • StumbleUpon
  • YahooBuzz
  • del.icio.us
  • Wikio
  • Propeller
  • Facebook
  • MySpace
Share |


Filed under: Breach, Class Action Lawsuit, D&O Liability, Financial, Government, ISR News, Insider Threat, Uncategorized, hackers, malware 

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Comments

One Comment on Cyber Insecurity is Destroying Innovation

  1. sakul59 on Fri, 6th Mar 2009 3:18 pm

    2. I see so I give up my privacy and independence so business can control, excuse me, allow limited choices. Paying cash allows me to control my spending better than saying charge it. And why would I allow myself to be biometriced so I could be your living advertising campaign. I don’t want your suggestions. I want to make my own decisions, based on my research. Oh and stop blaming viruses for security breaches. How about blatant information swaps for cash or bowing to business and government demands. Or the underpaid employee dumping the info to the dumpster.

Tell me what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!