• Encryption and segmentation: These operate on the assumption some fraction of the network is already compromised. Restricting the reach and utility of any captured data and accessible networks will mitigate the damage even on breached systems.
• SBOM documentation: Regulatory compliance can be driven by industry organizations and the government, but it will take time to establish standards. SBOM documentation is an essential foundation for best practices.
If “democracy dies in darkness,” and that includes lies of omission in reporting, then cybersecurity suffers the same fate with backdoors. The corollary is “don’t roll your own crypto” even if well-intentioned. The arguments for weakening encryption to make law enforcement easier falls demonstrably flat, with TETRA just the latest example. Secrets rarely stay that way forever, and sensitive data is more remotely accessible than at any time in history. Privacy and global security affect us all, and the existence of these single points of failure in our cybersecurity efforts are unsustainable and will have unforeseeable consequences. We need to innovate and evolve the internet away from this model to have durable security assurances.
Comments are closed.