The impact of spycraft on how we secure our data – ComputerWeekly.com

§ June 2nd, 2020 § Filed under Quantum Computer Comments Off on The impact of spycraft on how we secure our data – ComputerWeekly.com

By

Published: 01 Jun 2020

The cyber security industry has come a long way since its inception. The ancestors of cyber were the men and women working at Bletchley Park during the Second World War, long before the introduction of what we would consider modern cyber security practices but even before then, humans used codes and ciphers to keep information safe for millennia. Even Julius Caesar popularised a cipher which was named after him.

More recently, developments have been driven by the intelligence and defence sectors, which have a real need to uncover as well as keep sensitive intelligence safe. Some of these innovations were showcased recently at the Science Museums Top Secret exhibition, which ran from July 2019 to February 2020 to coincide with the 100th anniversary of GCHQ, the UKs intelligence, security and cyber agency.

It also gives us the context as to where developments have originated, and the ways in which they will subsequently impact how businesses keep their data safe from cyber criminals in the future.

The threats organisations face today are varied from organised crime groups to nation-state hackers, as well as individual hackers. One of the ways organisations try to defend themselves is through encryption.

Ciphers have been around for centuries in one form or another from non-standard hieroglyphs in the walls of tombs built in ancient Egypt almost 4,000 years ago, to substitution ciphers developed 1,200 years ago by Arab mathematician Al-Kindi. The rise of electronic communications during the Cold War led to monumental developments in ciphers and encryption technology, which were used to keep phone conversations secure.

Today, the focus for many organisations and businesses is the use of encryption on mobile devices, enterprise networks and cloud services. Given the impact of mobile devices and digital communication on how organisations conduct their business with partners and customers globally, this has been a key development ensuring conversations remain private while enabling fast and secure communication.

Today, encryption is used in all sectors for medical data in healthcare, customer information in banking, and much more. This highlights the importance of all areas of industry, outside of tech and IT, learning from the intelligence communitys experience developing advanced solutions to secure communications and data.

Many technologies initially developed by the intelligence community have become commonplace in keeping our everyday communications secure, according to Elizabeth Bruton, curator of the Science Museums Top Secret exhibition.

Randomness has always been used to disguise messages, she said. Though the technology today is radically different, the basic principles of encryption using long strings of random characters letters and numbers have changed very little over the past 100 years. The Top Secret exhibition features letter tiles used by the Government Code and Cypher School staff at Mansfield College, Oxford, during the Second World War.

GC&CS staff pulled these tiles out of a bag to create long strings of random numbers or letters, she said. They were used to make encryption keys and one-time pads to keep British wartime messages secure. Today, randomness underpins some of the encryption systems we use to keep our communications secure.

Also featured in the Top Secret exhibition is a chaotic pendulum used by the internet security company Cloudflare to help keep online messages secret. Cloudflare uses readings from devices such as this pendulum and a wall of lava lamps to make long strings of random numbers, said Bruton. These random numbers help create keys that encrypt the traffic that flows through Cloudflares network.

Although its interesting to see how todays cyber security solutions have been influenced by the past, emerging technologies can also help us gaze into the future. One of the exhibits in the Top Secret exhibition consists of parts from a quantum computer. This new computing paradigm has the potential to rewrite how we use technology.

Quantum computers could significantly weaken our cyber defences by processing information in a manner completely different to that of traditional computers. Work is already underway to develop quantum-resistant encryption that is likely to become a common business practice in the next decade.

Breakthroughs such as quantum computing are a reminder that organisations should constantly be thinking about how the threats they face evolve. After all, cyber crime is set to cost businesses over $2tn this year alone. Todays new tech could be tomorrows threat, and bad actors such as organised cybercriminals and nation-state attackers will always look to exploit the latest and greatest tech.

Cyber criminals are often quick to use new technologies. Since they dont operate in regulated industries or need to consider customers and users, they can be more efficient at harnessing these technologies for harm than organisations are at harnessing them for good.

The cyber security sector is experiencing tremendous growth, driven by our dependence on technology. Global cyber security spending is expected to reach $248bn by 2026.

As such, its prudent for all organisations to look at both the past and the future if they want to remain safe from cyber criminals and invest wisely. The crossover between what technologies the intelligence sector has developed and how these have been adopted into mainstream cyber security solutions highlights the many years of research it takes to keep data safe.

As organisations face ever more threats, they should look to learn as much as they can from every sector and be open to sharing best practices to ensure robust defences.

Subject to the anticipated reopening of the UKs museums as Covid-19 pandemic restrictions ease, the Top Secret exhibition is scheduled to open at Manchesters Science and Industry Museum in October 2020.

Mark Hughes is senior vice-president of security at DXC Technology

Let's face it, cloud security can be done very wrong. Let's learn to do it right. Regular Computer Weekly contributor Peter Ray Allison explores this issue, weighing up the questions organisations should be asking of their cloud service providers, and whose responsibility cloud security should be.

Follow this link:

The impact of spycraft on how we secure our data - ComputerWeekly.com

Comments are closed.