Infosecurity Europe 2010: Trust is the next IT security nut to crack, says Lord Erroll

Working out how to trust people in the cyberworld is the next big challenge in IT security, says independent peer Lord Erroll.

This is an extremely...

Working out how to trust people in the cyberworld is the next big challenge in IT security, says independent peer Lord Erroll.

This is an extremely difficult problem to solve using technological means, says Erroll, who is to be inducted into the Infosecurity Europe Hall of Fame at the 2010 event in London on 27 to 29 April.

The problem is that every set of credentials is issued for different purposes and it is therefore very difficult to use them for a universal system in cyberspace.

"You can never be sure that another organisation issued credentials for similar enough purposes to you to have verified the bit that you are concerned about," Erroll told Computer Weekly.

Government credentials, for example, would be concerned with security and access, but would not be concerned with contractual liabilities as would be required by business, he said.

Trust is also an important issue when it comes to electronic voting systems because it will be difficult to trust someone enrolling online as much as someone who has registered in person.

"You can have the most reliable method of identifying someone, but it cannot tell you whether to trust that person. Identity is separate from trust," he said.

But, while trust is important, said Erroll, it has to be achieved in a way that does not create a strictly controlled society in which nobody can do anything, such as that found in North Korea.

"We have to look at non-technological means of building up trust like eBay's feedback system, which enables users to trust sellers based on the feedback score from other buyers," he said.

The issue of separating identity from trust is one of the IT security challenges Erroll will address is his Hall of Fame presentation on 28 April.

The controversial Digital Economy Bill and the government's G-cloud for delivery of applications and shared services are other topics likely to feature.

"The Digital Economy Bill goes completely against the government's efforts to put everything online," he said.

Disconnecting people from the internet for downloading copyrighted material will completely kill all the ideas a ubiquitous, mobile internet around the UK, Erroll said.

"We need to revisit copyright in the digital age. We need to re-write copyright laws to take the digital world into account," he said.

The government's G-cloud project is a good idea, said Erroll, because if done properly, it will remove many of the problems of not knowing where data is located, of who is handling it, and how securely.

"Just because you are using a web interface does not mean you cannot control who logs, where they are when they log in, and whether the machine they are using has proper security," he said.

Along with Lord Erroll, other Infosecurity Europe 2010 Hall of Fame inductees include Stephen Bonner, managing director for information risk management at Barclays and Eugene Kaspersky, founder and chief executive of Kaspersky Lab.

Read more on IT risk management