A fifth, man-made domain serving as a great force multiplier for commerce and free expression, cyberspace has also made us more vulnerable. We have intertwined nearly every aspect of society including critical infrastructure, business, and communication to internet technology, all of which was not initially designed to be secure in this hyper-connected world.
The internet has survived as the critical backbone of our democratic process and free market because we are continuously strengthening our online connectivity's immune system, which protects us from global pandemic threats including computer hacks and viruses. Cryptography is our digital immune system which authenticates and protects data, money, the health and safety of people and reputation.
During the past few years, the explosive proliferation of digital connectivity—from smartphones to widespread adoption of connected consumer products comprising the Internet of Things—has strained the most commonly used methods of encryption and authentication.
Without cryptography, correspondence, which is sent or received electronically and the links we click on would serve as a contagion agents for virus, attack, threat and data breach.
Solutions abound
For decades, cryptography has been launched piecemeal and without the agility to make necessary changes and updates. Going forward, three key elements will impact how we protect the data, money, and reputation, on which commercial success relies.
First, we should not expect a global, universal adoption of stronger cryptographic protocols and processes. In fact, we should expect the global trend of countries wanting their own cryptographic standards and protocols to increase. Each enterprise must deal with this challenge individually. Businesses should make it a priority to know their risk exposure, as well as the cost and consequences of an attack—for employees, customers, and partners. Compliance, regulations and policies will become stricter for the private sector and the fines associated to companies with things like GDPR (General Data Protection Regulation) in the U.K. will push enterprises to prepare for stronger data protection.
Second, the aftermath of the 2015 San Bernardino attack demonstrated a potential schism between the U.S. government's and the private sector's approaches to cryptography. The advanced cryptographic and encryption that has been used in the government sector is now required for the private sector. While the FBI sought to collect counterterrorism intelligence, Apple was understandably loathed to degrade the security of its device.
U.S. national security relies as much on conducting forensics following a terrorist attack as it does on protecting encryption and by extension security in cyberspace in which we entrust our intellectual property and sensitive data. Cognizant of the importance of encryption to protect its own sensitive communications, the U.S. government should support the same strategy for our private sector.
Third, with digital technology now connecting people around the world instantaneously, we should recognize cryptography is the essence of our immune system. Cryptography and its life-cycle management are critical to countering the growing number of nefarious state and non-state actors who seek to do us harm.
Daniel Hoffman, VP at
SPG, is a retired Chief of
Station with the CIA.
Claire Trimble is the
Chief Strategy Officer at
InfoSec Global.