It is unusual that I actually include a hot link to another website; after all, if you are reading this, I assume you are interested in what I have to say. But this morning is an exception. The title for this blog was also the title for this article. It appears as commentary on Dark Reading, a terrific site for connecting information security professionals.
Kevin Bocek begins by emphasizing something different happened last week—something really disconcerting. He describes four major news stories about successful attacks and campaigns with a common theme—we can no longer presume the trustworthiness of cryptographic keys and digital certificates.
DarkHotel, Heartbleed, Wirelurker, MD5 and Flame—these are not Hollywood film or digital game titles. These are the names of the new weapons being used to exploit vulnerabilities and gain access to systems, information, and data.
Bocek accurately states the following: “The foundation of trust of our digital systems — from banking, to the cloud, to mobile apps, to your business — is all based on keys and certificates, and it’s under attack. It may appear that the world is coming to an end. Some have wondered, is the cryptoapolcalypse upon us? No, it’s not. But the threatscape has changed, and we all need to respond.”
“Threatscape” is a wonderful term—far more graphic and visual than “threat inventory”. Imagine looking from the bow of the ship you are navigating toward the horizon and all you see is a threatscape—filling the edges of where you may sail with threats.
As I noted a couple of posts ago, it is not a question of rebuilding trust in technology. Instead, we must, for the first time, define and execute our rules for enabling trust to be achieved, and be sustained.
There is no question the war on trust has now begun. As Jurgen Warmbrunn said in World War Z: “Most people don’t believe something can happen until it already has. That’s not stupidity or weakness, that’s just human nature.”
The question is what will we do, as governments, as economies, as markets, and as individuals, to fight back and achieve trust for the first time?