Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Internet not designed for security, warns international expert

Shahida Sweeney | March 3, 2015
Security features "bolted" onto the Internet, warns Finish security expert, Mikko Hyppönen.

Tackling internet security

The Internet still remains vulnerable to security breaches, warns a Finnish security expert.

The problem with the internet is that privacy and security has been "bolted on," according to Mikko Hyppönen, a globally-acknowledged computer expert with the Helsinki-based company, F-Secure.

Hyppönen, in Sydney at a recent security forum told CIO Australia the internet - with 2.4 billion users - was never designed to be a secure system. "The internet was designed to be an open and fault-tolerant system," he said.

"We will never get rid of vulnerabilities. Vulnerabilities are basically bugs, and we will always have bugs, as the programs we use are written by human beings. And human beings will always make mistakes."

Hyppönen, who has helped law enforcement in the US, Europe and Asia tackle cybercrime, noted that a lack of planning leaves the internet vulnerable to continued breaches.

He added that cyber-security is now taking centre stage. But that when the web came around in 1990s, governments had ignored this phenomenon for many years.

"Eventually they realised just how important it is, he said. "Governments now see too many concrete examples where cyber-attacks can affect a whole society. They're now starting to take action."

No perfect security
When planned properly, encryption does works, he said. "We have the technology to do secure end-to-end communications. But being able to encrypt traffic doesn't yet mean perfect security. If the communication is perfectly secure, the attacks move to target the endpoints."

However, there's a continued disconnect between security and open information access.

"We all like privacy. We don't want anybody to monitor us at all times: that's not what a free and democratic society is about. At the same time, we have a clear need for law enforcement and security agencies to be able to work in an online world."

The conundrum lies in balancing government transparency with securing communication channels.

"They key issue here is transparency. Citizens need to know what their government is doing, and how successful their privacy-breaching operations are. This could mean, for example, annual transparency reports from governments."

Life of online crime
In a transparent information-sharing environment, cyber-crime is gaining a foothold. "Out of all IT sectors, nothing is growing as fast as IT crime," added Hyppönen.

And it's easy to see why: there are millions being made by organised online criminals with tools like banking trojans, ransom trojans, mining trojans or keyloggers.

"In many ways, this is not a technical problem but a social problem: when you have lots of people who have skills, but who don't have the opportunities, some of them will use their skills to do online crime to earn their living."

 

1  2  Next Page 

Sign up for Computerworld eNewsletters.