Cryptography, Encryption, Cloud, RSA, Security, Bruce Schneier
A group of pioneers in the security field, whose work in encryption is used to protect internet data and communications every day, spoke about the state of security at a cryptographer's panel at the RSA security conference in San Francisco on Tuesday.
They tackled various questions about cybersecurity in general, but the topic that dominated was cloud computing.
"Cloud computing is a challenge to security, but one that can be overcome," said Whitfield Diffie, chief security officer at Sun. "I believe cloud computing will get to [the point] where no real program... will be done anymore on the computers of the company that's doing it," he said.
"I'm worried about cloud computing," said Adi Shamir, a computer science professor at the Weizmann Institute of Science in Israel. He explained that while a virus or other problem on a desktop computer can be a big annoyance, computation centres in hosted computing could spread problems more widely.
Bruce Schneier, chief security technology officer at BT Counterpane, said: "I'm kind of bored with it." Scneier said that although cloud computing is presented as a new paradigm, fundamentally he did not see a lot of differences between it and client-server and dumb terminals. "It's still all about trust," he added.
Ronald Rivest, a computer science professor at MIT, predicted that cloud computing "will really be a focal point in our work in security." "I'm optimistic about cloud computing," Rivest said. "I think a lot of us have hard work to do."
Asked about their thoughts on the likelihood of a 'Digital Pearl Harbor', the researchers concurred that the threat is hyped.
The talk about risks of a cyberattack on the magnitude of a Pearl Harbor strike is overblown, said Schneier. The real threat "will be boring things" such as viruses, identity theft and buffer overflows. "We're better as an industry if... we look at the more common risks... that cost [people] money."
"We're more likely to suffer a digital 9/11," said Diffie. Pearl Harbor was an attack by a known entity as opposed to an unknown threat from a mysterious source, as cyberattacks tend to be, he said. "I think we could suffer some astounding event," he added, noting that there was an electricity blackout in the 1990s and a severe telephone outage in the 1980s due to a bug.
Shamir said cyberattacks should be put in perspective and compared with other events that can have even more serious consequences. "If the government has extra money to spend they should spend it on regulating the financial markets and not spend it on regulating cybersecurity," he said.
Martin Hellman, professor emeritus at Stanford, said he has been focusing on nuclear weapons security lately and looking at how risky nuclear deterrence is with his NuclearRisk.org site. It is "at least 1,000 times riskier than having a nuclear power plant located near your home", he said.
Technology "has given human beings power that has historically been reserved for the gods; the ability to create new life forms, the ability to destroy civilization, and the potential for creating unbelievable co-operation or unbelievable chaos," Hellman said.
"Our species is like a 16-year-old with a new driver's licence who somehow gets his hands on a 500-horsepower Ferrari," Hellman said, adding that people need to learn to control their impulses or risk destroying everything.
In order to post a comment you need to be registered and logged in
Log in or create your ZDNet UK account below
By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy. Questions about membership? Find the answers in the Membership FAQ
Online Fiber Optic Certification Join a talented group of professionals, who are dedicated to Fiber Optic Networking technology. The online course...
2 hours ago by chaycon1 on BT launches 40Mbps fibre-based broadband Online Fiber Optic Certification Join a talented group of professionals, who are dedicated to Fiber Optic Networking technology. The online course...
2 hours ago by chaycon1 on Google to build gigabit broadband to the home
Hi Dava, I'm glad to hear from you, and glad that you see things from the other side. I think that is the most important point of the whole...
2 hours ago by J.A. Watson on Ubuntu 10.04 (Lucid Lynx) and the Latest Tempest
please please please please please please kill that spam bot.
3 hours ago by dava4444 on ZDNet UK: faster, smarter, still IT all the way it didn't post the link it's 'Ubuntu 10.04 Lucid Lynx Beta-1 First Look' on youtube :) Dava
6 hours ago by dava4444 on Ubuntu 10.04 (Lucid Lynx) and the Latest Tempest Hi James I disagree, Ubuntu needs a GUI update and this one IMO is quite good. your pics show a low res. here's a high res. on YouTube* The...
6 hours ago by dava4444 on Ubuntu 10.04 (Lucid Lynx) and the Latest Tempest Hi any news on the comment bot? knocking me back from my own blog is a bit cheeky lol *Mulder to Scully* "I think it has an agenda.." I know, I...
7 hours ago by dava4444 on ZDNet UK: faster, smarter, still IT all the way if you look at the Brentwood exchange on samknows it servers 21,000 residential propertiesm, Lowestoft serves 31,000! Come on BT sort yourselves...
7 hours ago by benny boy on BT fibre broadband coming to 69 more towns
[programming] H.264 - a sting in the tail http://reddit.com/bfu4q [zdnet.co.uk]
8 hours ago on Twitter by pbreddit
H.264 - a sting in the tail [programming] 13 points, submitted by zigzag [zdnet.co.uk] http://reddit.com/bfu4q
9 hours ago on Twitter by reddit
Malware infects second Vodafone HTC phone: [zdnet.co.uk] A second Android-based HTC Magic from Vodafone has been... http://dlvr.it/KhKx
11 hours ago on Twitter by cybfor
Chatter preview http://www.zdnet.co.uk/news/application-development/2010/03/17/salesforce-opens-up-chatter-developer-preview-40088348/
12 hours ago on Twitter by miyabi81 US gov t considers undercover social networking: [zdnet.co.uk] The Obama administration has considered sending... http://dlvr.it/Kh3L
12 hours ago on Twitter by cybfor Please give me chance in the vodafone essar Ltd as back office executive
14 hours ago by sudipta_vodafone on Vodafone culls 375 'mainly back-office' jobs I want to get a back office job in vodafone direct payroll
14 hours ago by sudipta_vodafone on Vodafone culls 375 'mainly back-office' jobs
I also find it harder to use. It used to scale properly in Firefox. Text would size up and down without dragging all the right edge debris with it....
18 hours ago by Xwindowsjunkie on ZDNet UK: faster, smarter, still IT all the way that comment bot is a nutter, it just referred me to the moderator on my own blog. shocked look. please help thank you Dava I'm afriad to...
21 hours ago by dava4444 on Welcome to the new ZDNet UK community! Hi Rupert! Don't think I could fill the above shoes... but if your ever looking for a consumer rights Tech blogger..tip me the wink lol peace Dava
22 hours ago by dava4444 on Fancy working for ZDNet UK?For multi-store outlets, including retail, banking, grocery, gas, hospitality, convenience stores and others, reducing (or avoiding) the cost of in-store system support and maintenance while maintaining compliance with PCI and other requirements has become a strategic challenge.
Speaker: Dr. Chenxi Wang, Principal Analyst, Security and Risk Management, Forrester Research, Inc. As Enterprises are increasingly connected to the Internet and as hard organizational boundaries are fast disappearing, security professionals are facing fresh challenges in Enterprise computing.
This tutorial is for new MindManager users and teaches you how to get started, by creating maps, reading maps and organizing your information.
Talkback
The Internet was designed as a high resiliency system built out of strategically disposable components. Each element was envisaged as a self contained, autonomous unit that could look after itself, and/or talk to as many of the rest of the elements as possible. The Cloud however, as an approach, is exactly the opposite.
Andrew Meredith 27 Apr 09 19:11 Reply99.9......% of the time there will be no national outages or wars, and the majority of the time there will be no outages of any kind. Under these circumstances either system can be as functional as the other. That's not the point. If you design computer systems with the assumption that nothing will ever go wrong, you will design systems that will probably get you sued!
We now have the technology to extend the Internet system resiliency approach up to the application layer in a high quality, low cost way. We've been able to do this for a while, but only more recently has the cost come down to the point that households and SMEs can afford it.
The question is Self Hosting vs. The Cloud.
I see no good reason to trust the usual big boys with my private and business information. They have no overwhelming reason to treat my case as anything other than a nuisance if something goes wrong.
The choice is your I guess folks :-)