Quick Study

By Brian Robinson

Blog archive

In cybersecurity, our greatest enemy may be...

When it comes to cybersecurity, we are constantly reminded of the threats posed by external adversaries, or about the inadvertent problems we sometimes cause because of our own lax practices. But what if the greatest damage comes from a deliberately designed weakness?

As security guru Bruce Schneier points out in a recent opinion piece for CNN, the recent and widely publicized hack of Google sites by the Chinese was due to a “back door” that Google itself built into its systems to comply with U.S. government requirements.

This is an old sore in computer security. Programmers since way back when have been building these back doors so that they can easily get into the program they built when they need to tinker with the code. At one time, it was presumed that only they would know how to do so.

Well, surprise! Smart hackers – and there are legions of them – also discovered those back doors and learned how to manipulate them. It’s now one of the first things hackers do to try and gain access to any software system.

Unfortunately, as Schneier also points out, “An infrastructure conducive to surveillance and control invites surveillance and control, both by the people you expect and by the people you don't.” If the FBI, National Security Agency and others insist on being able to monitor the infrastructure, then these kinds of back doors probably will always exist, and hackers — Chinese or others — will always have a way into our cyber systems.

There are some intriguing things being put forward to improve cybersecurity, both from a policys standpoint and through technology. For example, take a look at this Defense Advanced Research Projects Agency's proposal for a “Cyber Genome” program. However, what use is all of this, when our very own surveillance obsession lays us so open to penetration by whoever can find and open the back door?

Posted on Jan 26, 2010 at 12:19 PM


Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.