Can Security Stay Ahead of the Threat?

I often sit back and reflect on whether we are really winning the war against malicious security threats. The answer of course is “Yes”. Otherwise we’d already be in dire straits. But it’s sometimes a case of one step forward and two steps back. And two stories in this weeks press suggest that we might have lost a few battles.

The first was the BBC story about the emerging commercial market in hacking kits (with full technical support) and boutique virus writing services producing malicious software to order. Of course there’s nothing new in the capability on sale. It’s always been available to those in the know. But commercialisation of powerful offensive software at affordable prices brings it within reach of any interested individual or organisation.

The second story was the announcement that the US Homeland Security Department has scrapped their ambitious $42 million anti-terrorism data-mining tool after investigators found it was tested with information about real people without the required privacy safeguards. No doubt many people will be pleased to see the abandonment of a programme that threatens the pricay of citizens. But this technology will not go away. It represents the future of intelligence gathering. We need more research, not less, into these technologies in order to minimise the risks to individuals.

So one step ahead for the offensive capabilities of our potential enemies, and one step back for the technology we will need to defend against their attacks. Let’s hope we can swing the pendulum back the other way.