Recent security alerts say your car isn’t secure and can be remotely controlled. Your house isn’t secure and can let the bad guys unlock the doors. Your watch isn’t secure and can let your confidential information out. Where does this end?
As anyone in the security world will tell you, there is no such thing as a completely secure system. There are just levels of securing a system. If the target is big enough, hackers/crackerswill find a way to hit it.
This situation presents unique safety and ethical questions for manufacturers. If a company does not respond directly to a publicized attack, it runs the risk of a tarnished reputation as an irresponsible vendor and it potentially leaves customers vulnerable.
If a company does respond, is this type of action rewarding the attacker? If hackers/crackers know you will react (pay), they have achieved a desirable outcome. Chrysler reacted with a 1.4 Million vehicle recall. Does this paint a target on their back?
To what extent do we go after the hackers/crackers and punish them? Eric Burns who admitted responsibility for some of the most sensational attacks on corporate and government internet sites is only facing 15 months in prison and $36,240 in restitution. Is that enough?
Obviously I don’t have all the answers, but it doesn’t look like any system is off limits for the hackers/crackers. The threat of prison time and restitution doesn’t appear to be enough of a deterrent. Vendors have no choice but to react, and each time they do the hackers/crackers win and the vendors have an even larger target on their back. Obviously, we can apply technology to help reduce our risk, but we still need to make some changes so that malicious attacks are socially unacceptable. Without this change, we are going to continue to chase our tail.
What is your take on the recent flurry of publicized cyber attacks? Are we doing enough to deter these attacks, or are we just chasing our tail?