Making the Digital World Safer
Dan Greer, a leader in computer security analysis, spoke several months ago at the Black Hat USA Conference in Las Vegas. In his speech, he outlined ten policies he thinks would make the cyberworld safer. Being a person who was raising concern and awareness of computer security before most of the world understood the risks, these are ideas corporations and governments should seriously consider.
- Entities, whether they are governments, corporations or a mom and pop shop, should be required to report cyberattacks against them if they are above a set level of severity.
- Internet service providers (IPSs), he argues, want to have their cake and eat it too when it comes to net neutrality. Greer says that if an ISP wants to price their service on the content they provide, then they need to assume liability for any damage caused by the content. That is, if your computer gets a virus, your ISP should be responsible for it if they are controlling the content you receive. If they do't want to assume responsibility, they should waive any right to inspect, filter or alter the content a user receives on the internet.
- In a similar vein, software should have product liability. Code should be open source so a user can tweak it as they like. Otherwise the software provider should be liable for any damage caused by it.
- It's okay to hit back. If anyone, be it an individual, a government or a corporation, is hit with a cyberattack, they should be allowed to identify the attacker and launch a counter-attack if they're able to.
- Computers that are part of a larger system should be able to be shut down remotely or to at least have the ability to self-terminate.
- The US government should buy up and disclose all zero-day vulnerabilities, even if that means buying from hackers. This could help put a big dent into the amount of software used in cyberattacks.
- Europe has the "right to be forgotten" online. It's a step in the right direction, but Greer thinks it could go farther, and that the US should adopt a similar policy. Further, he says, a person should have the right to misrepresent themselves online in order to make things more difficult for hackers.
- Greer is against online voting since, as with just about any system, it could be hacked and lead to disaster.
- Outdated software should be immediately open-sourced. Think about when Windows XP support stopped. Plenty of people continued to use Windows XP, but since Microsoft was no longer updating it protections against hackers dropped off. If old software were to become open sourced, people would be able to continue patching the software, reducing the amount of hackable software.
- Anything connected to the internet can be accessed and vulnerable to hacking. Backups, Greer reasons, should be designed to be off the grid, which should help keep backups clean from infection.