I recently participated in a panel at the BASC conference that was held at the Microsoft New England Research & Development (NERD) building at One Memorial Drive in Cambridge. One of the questions that surfaced inspired me to write this article.

While there are more security solutions available today than ever before, are we actually becoming more secure or is the gap growing? The short answer is yes.  The security industry is reactive in that it can only respond to threats but it cannot predict them.  This is because of threats are defined by malicious hackers and technology savvy criminals and not the security industry.  Antivirus technology for example, was created as a response to viruses that were being written by hackers. So yes, security is getting better, technologies are advancing, and the gap is still growing rapidly.  One major part of the problem is that people adopt new technologies too quickly.  They don’t stop to question those technologies from the perspective a hacker…

A prime example of this problem is clearly demonstrated within the automotive industry. Computer systems that are in automobiles were not designed to withstand any sort of  real hacker threat.  This wasn’t much of a problem at first because automotive computer systems weren’t Internet connected and at first they didn’t have direct control over things like breaks and the accelerator.  That all changed as the automotive industry advanced and as people wanted the convenience that computer technology could bring to the table.  Now automotive computer systems directly control critical automotive functions and a hacker can interface with the computer system and cause potentially catastrophic failures.  Despite this the problem wasn’t perceived as particularly high risk because accessing the computer system required physical access […]