BreachExchange mailing list archives
What to expect from the next generation of online security
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Mon, 2 Mar 2015 19:16:20 -0700
http://www.washingtonexaminer.com/what-to-expect-from-the-next-generation-of-online-security/article/2560920 The Senate's landmark hearing on the Internet of Things last month attempted to define the government's role in ensuring individuals' privacy as the world's connectivity increases every day. It has also raised the question of how future generations of lawmakers will handle an undoubtedly more complex Internet and the necessity for privacy that comes with it. Internet of Things devices "can collect sensitive consumer and business data; therefore, privacy considerations should be at the forefront as we consider this great technological wave," John Thune, R-S.D., chairman of the Senate's Commerce, Science and Transportation committee, said at the hearing. "Security will also be a critical concern of the Internet of Things due to the scope and sensitivity of the data collected and the interconnection of devices and networks." The rise of the Internet of Things means that consumers will soon have the luxury of controlling many aspects of life by being able to access everything — from coffee makers to sprinkler systems — via their smartphones. Yet this convenience also opens up a higher risk of having large stores of data compromised. Herb Lin, a senior research scholar for cyber policy and security at Stanford University's Center for International Security and Cooperation, predicts that the growth of interconnectivity will lead to more frequent instances of hacking. Despite the Internet of Things' inherent vulnerabilities, the apparent lack of foresight that seems to characterize recent privacy invasions, such as the hacking that crippled Sony Pictures Entertainment in November, is a shortfall Lin laments. "The way we have traditionally regulated past laws is we wait for some disaster to happen and then figure out legislation ... But before the disaster happens, everybody says, 'Oh, that couldn't happen. I don't want to be burdened with unnecessary regulation if it hasn't happened yet,'" Lin said. "I've spent a large amount of my time trying to make that happen … a proactive rather than reactive [approach]. But history is not on my side." With the Internet of Things' skyrocketing growth showing no signs of slowing down, lawmakers are scrambling to create policies that crack down more firmly on cybercrime and enable entrepreneurs to develop further smart devices without fear of having their security compromised, whether by the government itself or hackers. In January, Suzan DelBene, D-Wash., and Darrell Issa, R-Calif., joined forces to form the Congressional Caucus on the Internet of Things. The goal of the caucus is to examine the role of the government in matters of online privacy and security. "Advances in technology and the Internet have dramatically changed the way we communicate, live and work. In this constantly evolving world, Congress must be a good steward of policy to ensure our laws at least keep pace," DelBene said in a statement. "We need to pass measures that protect consumers' private information while also encouraging new technological innovations." But the question remains if those measures will continue to hold up under the future leadership of lawmakers born in the throes of the digital age, whose opinions on privacy differ from those of older generations. A 2013 study by American defense contractor Raytheon showed that Millennials have cultivated some dangerous online habits, leading to security pitfalls. Nearly one-quarter of people between the ages of 18 and 26 have shared an online password with someone outside of their family in the past year. Twenty-six percent have never changed their mobile banking password. However, other studies have pointed to young people as the most likely age group to take steps to conceal their identities online through methods like encrypting emails or browsing under a temporary username. A 2013 study conducted by the Pew Research Center showed that 74 percent of Internet users in the United States between the ages of 18 and 29 had cleared cookies and a browser history at least once. That percentage dropped to 70 percent among users 30 to 49 years old and 56 percent among 50 to 64-year-olds, a decline possibly explained by a lack of tech-savviness in older Americans. Many who grew up in the connected generation seem to have taken a more liberal approach to online privacy than their parents, but the same cannot be said for how they view the importance of online security, Lin says. "They certainly have a different sense of privacy; that is, most kids are willing to post a lot of personal stuff that I, as an adult, would never dream of posting," he said. "I suspect that our kids are just as concerned about having their credit card information stolen as anyone else. They don't like the fact when they get screwed by a security breach or something like that." Jennifer Granick, director of civil liberties at the Stanford Center for Internet and Society, anticipates that while younger generations are primarily responsible for trying to keep their information safe, the future of online security will eventually become even more of a capitalist commodity. "Young adults are more likely to take steps to protect their data online than older people are," she said, "I suspect that trend will continue, but that individuals will be aided by the Internet services we use as security becomes something that companies use to distinguish themselves from the competition." It is impossible to predict exactly where personal online security legislation will be in the next generation or so, but if young people continue to take the lead in regulating their own Internet use to prevent security breaches, perhaps that mindset will bleed into future laws, as well. "I think we can safely say that lawmaking will be greatly impacted by law enforcement, the NSA, and by companies with lots of lobbying dollars that don't want to be regulated and would prefer to see someone else pay for improving computer security," Granick said. Although the Senate continues to debate the exact approach it should take to address cybersecurity in the future, it is likely that the burgeoning Internet of Things industry will add more water to an already unstable security situation. "As the Internet of Things gets to be more prominent … the likelihood of a disaster goes up," Lin said.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- What to expect from the next generation of online security Audrey McNeil (Mar 06)