Tag Archives: cyber-security

Encryption with Pencil and Paper

1984Given that George Orwell was English, one might think the British would be all too aware of the dangers of a police state. Despite being one of the most surveilled countries in the world with one security camera for every eleven people, politicians in the UK have put forward plans to record the online activities of people in the UK and force companies like Google and Apple to break the encryption on gadgets and apps. It’s clear from both Snowden’s revelations and other sources that the UK’s security services have been routinely collecting large quantities of phone data with little legislative oversight.

As expected, the powers-that-be trot out the usual scaremongering tactics from terrorists to paedophiles, and while politicians aren’t known for their intelligence, the current proposals around encryption seem particularly stupid and at odds with experts in the fields of security and mathematics.

Encryption isn’t always that easy to understand, so this video shows a very simple but secure method for encrypting and decrypting messages using nothing more than paper and pencil. The process is a bit laborious but it illustrates how easy it is to be secure even without a computer and that any attempt to put a back door into digital encryption will only compromise the integrity of the internet for everyone.

The BBC’s “In Our Time” radio programme tackles “P v NP” this week and part of the discourse involves prime numbers and their role in encryption. It’s available as a podcast so it’s recommended listening too.

Be seeing you!

CISPA: The Next SOPA? Maybe Not

One of the biggest threats to both businesses and governments in today’s world are cyber attacks not only by lone attackers but also by state sponsored attacks especially from China. The CISPA (Cyber Intelligence Sharing and Protection Act) is a bill being proposed in Congress to help fight such attacks. The Act allows businesses and federal agency to share information about cyber threats they have received. The bill would allow them to share this information between each other without informing the public or in the case of businesses their stockholders. The Director of Nationals Intelligence would be in charge of setting up how the information would be shared. All participating companies would have to pass a security clearance and the information would be shared on a need to know basis. The information that is shared cannot be used to gain an advantage. Cyber threats are defined in the bill as any “effort to degrade, disrupt or destroy vital networks or ” to threat or misappropriation“ of information owned by the government or private business” such as intellectual property

Although everyone agrees that cyber attacks are a major problem in today’s world the opponents of this bill including the EFF believe this bill’s definition of cyber attacks is too broad. They are especially concerned that the bill could be used to dampen free speech and to go after sites such as Wikileaks or NY Times under the misappropriation of information owned by the government or private businesses part of the act. Opponents of the bill also think that the Director of National Intelligence is the wrong person to head the effort, that it should be under a civilian agency.

Although there is some comparison between this act and SOPA, there is also a key difference. While SOPA was opposed by major tech companies, many companies including Facebook, Microsoft, Intel have already sent a letter supporting CISPA. Under this bill they would be protected from being sued when they share our information with the government if under good faith they share the information under the CISPA. That means the passage of the bill is to their advantage. Also unlike SOPA, CISPA opponents don’t have any bogeyman like the MPAA to attack. In other words unlike SOPA the money is behind the passage of this bill instead of against it. Hopefully between now and passage, the definitions can be made more narrow. There needs to a balance between the fight against cyber attacks and individual rights.

The War in Cyber Space

Symantec's report on a recent wave of cyberattacks includes the geographic breakdown of computers used in the attacks.

What do these four articles have in common.

They are all signs that cyber espionage is growing as a threat in today’s increasingly interconnected world. Not only for the U.S but for other countries and groups around the world. Many believe that most attacks are coming out of China and Russia. Countries like the U.S., Israel also use cyber espionage when it is to their advantage. The use of infected machines by hackers often makes it difficult to know where the attacks actually originate from.  Attacks maybe either done by nation-states, private groups or individuals and telling the difference is very difficult. Some hackers may try to attack defense targets, but most target businesses and involve attempts to steal intellectual property, including design documents, formulas and various manufacturing processes. How many attacks occur yearly is unknown, since many companies do not report such attacks publicly.

The critical importance of the fight against cyber espionage was underscored by retired four star Marine Corps general James Cartwright, in an interview with Reuters. He believes that we should be more public when it comes what general deterrents we have and are willing to use. He said “You can’t have something that’s a secret be a deterrent. Because if you don’t know it’s there, it doesn’t scare you. Many experts believe that a deterrents policy needs to be created to indicate the threat of possible action without being too specific. For now U.S officials are silent on the type of deterrents that the US has, however it is assumed that it has both defensive and offense ones it can use.

The Obama administration is currently crafting rules of engagement in cyber space after releasing its general policy earlier this year. Many see cyber space as the fifth pillar of defense, which had been land, sea, air and space. The one thing that is clear cyber espionage is only going to increase in sophistication and intensity as cloud computing becomes more popular.