Smartphones Boosting Global Computing Power, Vulnerability to Attacks
GENEVA -- Telecom security concerns are increasing based on the rise in sheer computing power available for conducting cyber attacks and other malevolent acts, officials said Tuesday during an ITU-T workshop on new challenges for telecom security standardization. One problem for dealing definitively with cybersecurity is that government, industry and users each describe the problem and what exactly is needed differently.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
The number of virus signatures of malicious programs in Kaspersky Labs’ products spiked from fewer than 100,000 in 2004 to about 1.5 million last year, said Magnus Kalkuhl, a senior virus analyst on the company’s global research and analysis team. A steep rise began when computers became always-on Internet devices, he said. The “Shadow botnet” of about 100,000 computers, which last year led to arrests in Brazil and the Netherlands, had half the computing power of European supercomputer Jugene, one of the world’s fastest for civilian applications, Kalkuhl said.
Android’s open platform for loading any software likely will drive the entire mobile phone market toward more openness and more threats, Kalkuhl said. Few viruses now exist for old- fashioned phones running Java programs, Kalkuhl said. Botnet administrators are becoming more interested in smart phones with always-on features because they're little computers, Kalkuhl said.
The Obama administration has an increased interest in cybersecurity, said James Ennis, director for advanced network technologies in the Department of State’s International Communications and Information Policy group. The high-level policy makers aren’t technical experts, but they know there’s a problem, Ennis said in response to a question about what the short pitch on cybersecurity would be to the administration. Network people see threats to the transport layer as potentially catastrophic, Ennis said. Others focus on the malware problem and dangers caused by application vulnerabilities, he said.
Cybersecurity embraces much more than responding to and defending against attacks, said Tony Rutkowski, VeriSign vice president, regulatory affairs and standards. Cybersecurity also encompasses telephony and cellular wireless networks, subject already to some signification regulation in most jurisdictions, Rutkowski said. “Most regulatory bodies have cybersecurity provisions that are in place or being put into place,” he said.
Swing from Deregulation to Regulation Predicted
Regulatory mechanisms are a lesser alternative to criminal penalties for illegal attacks and other malevolent acts, Ennis said. “The question is what is a good regulatory mechanism,” he said. Best practices and market-based solutions need to be considered, he said. “We are going to see, I think, a swing in the cycle from deregulation to regulation over the next few years, I suspect.”
“We need to do something against denial of service attacks,” Kalkuhl said. The problem could come to a head when computer systems become more ubiquitous in about ten years, Kalkuhl said. Alarm and other home systems controlled by a computer could be hacked for instance to prevent an occupant from leaving, possibly resulting in harm, injury or death, he said.
Separating the Internet into different layers is one way to avoid this, Kalkuhl said. Companies will only allow people with registered IPs or identities to connect to their Web sites, not allowing connection for those not sharing their identity, he said. “Virtual islands and more control” will lead to a fragmentation of today’s Internet, he said. “I think this is the price that we have to pay for security,” he said.
“We will probably see international cyberspace police who are able to act quickly in cases of emergency,” Kalkuhl said. The aim should be to facilitate work among various national police units and authorities around the world, he said. “Interpol is very aware of the cybercrime issue,” he said. “At the end, it will be Interpol who will be responsible for establishing better connections between the cybercrime fighters in all their countries probably,” he said.
Once everyone has a unique ID for connecting to the Internet, the authorities will be able to discover a user’s name, Kalkuhl said. Privacy will be one of the most important future topics, he said. A German government project called “De-Mail” provides each citizen an official e- mail address that can also be used in combination with encryption for certain e-government services and possibly in the future, e- voting, he said.
“I would fundamentally oppose” the notion of a single unique ID, said a Microsoft official, who instead characterized digital identity as “a trusted identity for many uses.” Trust is wanted with a bank, an employer or government, the official said.