Cybercriminals still have the upper hand on the Internet despite nearly two decades of technological advancement, and Carnegie Mellon University professor William Scherlis (pictured) says the cybercrime problem is being exacerbated by three information technology (IT) trends. These trends include a migration from functional system silos to interconnected, enterprise, and cross-enterprise systems; decentralization of IT responsibility; and the very rapid propagation of actions throughout networks and systems.
Cornell University's Fred Schneider believes a much more effective cybersecurity approach would concentrate on accountability rather than prevention, whereby cybercriminals would be kept in check if they could be apprehended and held accountable rather than blocked. The realization of this concept is being impeded by a widespread expectation of online anonymity, and by inconsistencies of local law and custom that could complicate the prosecution of cyberattackers outside the United States.
Microsoft's Scott Charney argues for a fundamental revision of cybersecurity, first by the establishment of end-to-end trust that supports strong authentication at every boundary and tier in computing. Microsoft's Steve Lipner says many components of the end-to-end trust model already exist, such as the tamper-proof Trusted Platform Module. Also needed is the implementation of a mechanism for auditing events to deliver accountability.
Scherlis says users also can take action. He recommends that users "be absolutely rigorous about configuration management and configuration integrity, both during development and ceaselessly during operations."
View Full Article
Abstracts Copyright © 2009 Information Inc., Bethesda, Maryland, USA
No entries found