Security in Organic Computer Systems

By Seth James Nielson and Daron Barnes of Ironwood Experts.

As a younger man, and long before I knew anything about computer security, I was quite a fan of Star Trek the Next Generation.  One episode in particular, Contagion, captured my imagination.  In this episode, an alien computer virus infects the ship’s systems, resulting in various malfunctions.  The virus eventually triggers the ship’s self-destruct sequence but is stopped by shutting down all the systems.  The ship is then, essentially, restored from back-up.

It amuses the Star Trek Fan still within me that this type of approach is actually recommended by Trend Micro for dealing with a CryptoLocker Ransomware infection.

Read more

When You Pick Up The Encryption Stick, You Pick Up Both Ends

By Seth James Nielson and Daron Barnes of Ironwood Experts.

Many Americans in the technology space are aware that their government is pushing to install “back doors” into cyber security. Apple, for example, makes their iPhone in such a way that even the company itself can’t decrypt the contents of a user’s phone. The government can subpoena Apple all they want, but Apple simply has no way of unlocking the protected data within. That doesn’t make law enforcement, and others, happy.

Just last month, Tim Cook went to the White House and had a heated exchange with the Attorney General about this very issue, then went on 60 minutes to discuss it again. This particular battle between security and privacy has been on-going since last year, when terrorist attacks in California prompted a renewed call, in some quarters, for back doors.

The crux of the government’s argument is that there must be “balance” between a person’s right to protect their data and the government’s responsibility to protect its citizens (e.g., through police investigations and so forth). To the U.S. Attorney General and the Director of the FBI, there should obviously be some way to get to the data.

It is unsurprising that many dislike the idea of government having backdoor access to their data for personal and political reasons. But to security experts, the problems go far beyond balancing rights and responsibilities. The core truth is this:

If you make a back door, the bad guys will find it.

Read more

The Crushing Weight of Automation

Software is a very difficult concept for humans to understand because it isn’t physical. We are physical beings that gain all of our intuition and judgement based on input from our senses. Inherently, we struggle with things we can’t experience physically.

Engineers have known for a very long time that mechanical devices eventually wear out. Entropy is a very physical thing, and humans have intuitively understood that nothing lasts forever long before the second law of thermodynamics was formulated. But when software was introduced, it took engineers and their managers some time to learn that software wears out too. This shocked them because software cannot be physically damaged, and can be copied infinitely. Only after painful experience did the industry learn that software cannot be maintained and modified forever.

Similarly, I think that humans understand that physical systems have limits and most people understand that an ever increasing building would eventually collapse under its own weight. Nevertheless, we have greater trouble, I think, in recognizing that our increasingly automated society could eventually suffer the same fate.

Read more

Learning to Think Zero-Day

As I’ve been preparing to teach Network Security at Johns Hopkins this semester, I made the decision to change my assigned reading from The Cuckoo’s Egg to Countdown to Zero Day by Kim Zetter. I think that, in many ways, this is symbolic of the changes in the computer security world itself. Security, is growing up. Cuckoo’s Egg represents childhood, while Zero Day represents the teenager.

Young, impetuous, but also becoming very deadly. The adult form emerges but with so little wisdom and judgement that nobody knows quite how it will turn out. Read more