Kevin Bocek, a security expert from Venafi, commented on the news about George Osborne’s planned speech on cybersecurity spending. He has summarised the problem as he sees it below.
Kevin Bocek, a Security Expert from Venafi said :
“It’s good to see the government increasing funding and making cybersecurity a top priority. In reality there is there is a clear and present danger that terrorists will hijack parts of the internet, and even more worryingly use the internet to take control of physical assets ranging from cars to planes to power plants and even the slew of devices that are now starting to control our homes.
A major part of the problem is that the fundamental way in which we trust the internet has not changed in over 20 years. Whether we are logging into email or an Airbus A380 running code, the way we trust we are connecting to someone, the way we trust apps, the way the world economy operates is based on the trust from digital certificates and cryptographic keys. They might be obscure to some, but are well known to the NSA, GCHQ, and an emerging set of cyber-adversaries from China to terrorists. Criminals and terrorists are now starting to use these keys and certificates against us. In some cases they have actually learnt from the actions of our governments.
Just look at Stuxnet, which was developed by the US and Israeli governments to target Iran’s nuclear program; a stolen certificate was used to actually get the malware to be completely trusted by Iranian facilities. Now we must consider what happens when our government or business networks or even the emerging Internet of Things can be hijacked, ransomed, or even worse destroyed. At best this leads to chaos, at worst it will cost lives. The foundation of the Internet security is over 20 years old. It is critical that government and business now look to strengthen the foundation, building in an immune system to protect”
[su_box title=”About Venafi” style=”noise” box_color=”#336588″]
Venafi is the Immune System for the Internet™ and protects the foundation of all cybersecurity—cryptographic keys and digital certificates—so they can’t be misused by bad guys in attacks. In today’s connected world, cybercriminals want to gain trusted status and remain undetected, which makes keys and certificates a prime target. Unfortunately, most security systems blindly trust keys and certificates. Venafi patrols across the network, on devices, and behind the firewall, constantly assessing which SSL/TLS, SSH, WiFi, VPN and mobile keys and certificates are trusted, protecting those that should be trusted, and fixing or blocking those that are not.
As the market-leading cybersecurity company in Next Generation Trust Protection (NGTP) and a Gartner-recognized Cool Vendor, Venafi delivered the first Trust Protection Platform™ to protect keys and certificates and eliminate blind spots from threats hidden in encrypted traffic. As part of any enterprise infrastructure protection strategy, Venafi TrustAuthority™, Venafi TrustForce™, and Venafi TrustNet™ help organizations regain control over keys and certificates by establishing what is self and trusted on mobile devices, applications, virtual machines and network devices and out in the cloud. Venafi protects Any Key. Any Certificate. Anywhere™. From stopping certificate-based outages to enabling SSL inspection, Venafi creates an ever-evolving, intelligent response that protects your network, your business, and your brand. Venafi Threat Center also provides primary research and threat intelligence for attacks on keys and certificates.
Venafi customers are among the world’s most demanding, security-conscious Global 5000 organizations in financial services, retail, insurance, healthcare, telecommunications, aerospace, manufacturing, and high tech. Venafi is backed by top-tier venture capital funds, including Foundation Capital, Pelion Venture Partners, and Origin Partners.[/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.