Herbert Lin, Tribune News Service
The news today often contains reports about cybersecurity breaches that steal our data or threaten our national security. The nation spends billions of dollars on cybersecurity measures, and yet we seem unable to get ahead of this problem. Why are our computers so hard to protect?
Recent experience with a house cat provided insights into the nature of this problem. I am allergic to cats. My daughter came home, cat in hand, for an extended stay, and I had to find a way of confining Pounce to a limited area. However, as many cat parents would have known — though I did not — this was doomed to be a losing battle.
Everything that I tried to confine Pounce worked for a little while but eventually failed as he found a way past my newest security barrier — just as hackers eventually find their way through the cybersecurity barriers erected to stop them.
I have the advantage of unlimited material resources compared to those available to the cat — I am presumably smarter than a cat, I have greater manual dexterity, and I’m a higher mammal who knows how to use tools. So why did I lose this battle so decisively?
Here are some of the cybersecurity lessons that became clear from my ordeal.
To succeed against a determined attacker (Pounce was very determined), I have to be willing to go all in sooner rather than later. Even then, my victory may not be entirely decisive. But what certainly won’t work is to deploy security measures that will minimally do the job because I am too lazy to do the full monty at the beginning.
Pounce has the advantage of unlimited time, and he tries until he succeeds. It may take a few days, but eventually he does. Moreover, Pounce only needs to succeed once to get out. Every one of my confinement measures needs to work to keep him confined.
Greater material resources and more intelligence do not necessarily overcome the huge advantage of Pounce’s ability to make an unlimited number of attempts to circumvent my barriers. If he fails on any given attempt, he incurs no penalty (my daughter would be quite distressed if it did).
Pounce has a powerful protector (my daughter) whose wrath I am unwilling to confront for diplomatic reasons.
Hackers operating out of foreign states often have the backing of those governments, even if they are nominally operating as free agents, and we may not have adequate leverage to persuade their protectors to take action.
My defensive measures succeeded completely until they didn’t.
That is, it looked like I was winning the battle to confine Pounce right up until the moment I saw Pounce outside the confinement area. And this happened repeatedly. So, I was often lulled into a false sense of security.
Being able to take Pounce’s perspective would have helped me immensely in crafting appropriate defenses. But viewing the world from eyes at a 6-inch height from the floor would have been very difficult for me, and so I didn’t do it. He thus saw ways of circumventing or destroying my defensive measures that I did not see. Manipulating people can be more powerful than any technical defenses — what in the cybersecurity world is called social engineering. When Pounce mews plaintively and looks into my daughter’s eyes, my daughter just opens the door to the confinement area and he walks out.
My daughter may have agreed to help me keep Pounce confined, but he was often successful in turning her loyalties. In cybersecurity lingo, my daughter was a “trusted insider” that went rogue.
In the end, I “won” the battle when my daughter moved out, taking Pounce with her. There, too, is an important cybersecurity lesson: Without a computer to be compromised, cyberattacks are not feasible, so don’t use computers when they are not necessary. My toothbrush and refrigerator work just fine without high-tech communications capabilities, thank you, and I would really prefer not to incur any more cybersecurity risks.
Last week was a sobering one for Congress. The second impeachment trial of Donald Trump served as the backdrop, the vivid videos of the angry mob of January 6 underscoring all that could have been lost that day, and all that divides Americans.
The audit highlighted a lack of encryption of personal data at the National Payments Corporation of India (NPCI) which forms the backbone of the country's digital payments system and operates the RuPay card network championed by Prime Minister Narendra Modi.
The family was able to create an understanding between the group of 35 cats and 4 dogs that have been sheltering in their home for nearly 6 years.
Japan’s bitter memories of its decades-long battle with deflation hang heavily over the central bank’s deliberations to take its first modest step away from ultra-loose monetary policy, even as inflation and wages creep up. The appointment of Kazuo Ueda as Bank of Japan (BOJ) governor this year and mounting price pressures have
Imagine you don’t have that much money and live from day to day. You have a 9 to 5 job, don’t own a property but rent and you have the tendency to buy most of your items using a credit card. So you don’t really have money to put down for a deposit on any property. Then on top of that your mother, grandmother and your aunt all
Advanced technology is moving very fast and gripping the world with its magical innovative tools. In the era of advanced technology, the knowledge of information technology has become the most important to deal with new innovations and enjoy new apps introduced by the many social media platforms (“Instagram may soon
As it pushes to renew a cornerstone law that authorises major surveillance programmes, the Biden administration faces an American public that’s broadly sceptical of common intelligence practices and of the need to sacrifice civil liberties for security. Congress in the coming months will debate whether to extend Section 702 of the