WASHINGTON-As wireless and mobility become more pervasive, cybersecurity is necessary to create a “hassle-free” experience, believes the Computing Research Association.
“Security is like adding brakes to cars. The purpose of brakes is not to stop you; it’s to enable you to go fast! Brakes help avoid accidents caused by mechanical failures in other cars, rude drivers and road hazards. Better security is an enabler for greater freedom and confidence in the cyber world,” said Eugene Spafford of Purdue University.
Spafford was among a group of 50 experts from around the world who gathered last week in rural Virginia to come up with a cybersecurity strategy. They presented their findings on Thursday to Capitol Hill staff at the request of Rep. Sherwood Boehlert (R-N.Y.), chairman of the House Science Committee, and separately to the press.
The first thing that needs to happen is to develop an organized response to cyber attacks, said John Richardson of Intel Corp.
“There is no concept of a centralized organized response. It doesn’t have to be centralized, but it does have to be organized,” said Richardson, noting that right now we don’t know what to do if an attack occurs.
Another issue linked with security is privacy. “Once you lose our privacy you can’t get it back,” said Annie Anton of North Carolina State University.
Experience has shown that it is more costly to add on security than to develop security from the beginning, said Anton, noting that class-action lawsuits are cropping up against companies that violate their own privacy policies or that have lax security and allow access to personally identifiable information.
Security needs to be a partnership with many players, including policy-makers, researchers and end users. However, at each level within each of those entities is a different level of security and computer knowledge, said Anton. “There are different levels of experience among our users,” she said.
Regarding whether it is really possible to create a utopia where computer security specialists are as happy with a system as the end user, Dan Geer Jr. of TheWorld pointed out that it is necessary to get there because tomorrow’s applications cannot come to pass without adequate security. “To get it where it is more simple to use, you have to make it more trustworthy,” said Geer.
