What to expect from the next generation of online security

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.washingtonexaminer.com/what-to-expect-from-the-next-generation-of-online-security/article/2560920

The Senate's landmark hearing on the Internet of Things last month
attempted to define the government's role in ensuring individuals' privacy
as the world's connectivity increases every day. It has also raised the
question of how future generations of lawmakers will handle an undoubtedly
more complex Internet and the necessity for privacy that comes with it.

Internet of Things devices "can collect sensitive consumer and business
data; therefore, privacy considerations should be at the forefront as we
consider this great technological wave," John Thune, R-S.D., chairman of
the Senate's Commerce, Science and Transportation committee, said at the
hearing. "Security will also be a critical concern of the Internet of
Things due to the scope and sensitivity of the data collected and the
interconnection of devices and networks."

The rise of the Internet of Things means that consumers will soon have the
luxury of controlling many aspects of life by being able to access
everything — from coffee makers to sprinkler systems — via their
smartphones. Yet this convenience also opens up a higher risk of having
large stores of data compromised.

Herb Lin, a senior research scholar for cyber policy and security at
Stanford University's Center for International Security and Cooperation,
predicts that the growth of interconnectivity will lead to more frequent
instances of hacking. Despite the Internet of Things' inherent
vulnerabilities, the apparent lack of foresight that seems to characterize
recent privacy invasions, such as the hacking that crippled Sony Pictures
Entertainment in November, is a shortfall Lin laments.

"The way we have traditionally regulated past laws is we wait for some
disaster to happen and then figure out legislation ... But before the
disaster happens, everybody says, 'Oh, that couldn't happen. I don't want
to be burdened with unnecessary regulation if it hasn't happened yet,'" Lin
said. "I've spent a large amount of my time trying to make that happen … a
proactive rather than reactive [approach]. But history is not on my side."

With the Internet of Things' skyrocketing growth showing no signs of
slowing down, lawmakers are scrambling to create policies that crack down
more firmly on cybercrime and enable entrepreneurs to develop further smart
devices without fear of having their security compromised, whether by the
government itself or hackers. In January, Suzan DelBene, D-Wash., and
Darrell Issa, R-Calif., joined forces to form the Congressional Caucus on
the Internet of Things. The goal of the caucus is to examine the role of
the government in matters of online privacy and security.

"Advances in technology and the Internet have dramatically changed the way
we communicate, live and work. In this constantly evolving world, Congress
must be a good steward of policy to ensure our laws at least keep pace,"
DelBene said in a statement. "We need to pass measures that protect
consumers' private information while also encouraging new technological
innovations."

But the question remains if those measures will continue to hold up under
the future leadership of lawmakers born in the throes of the digital age,
whose opinions on privacy differ from those of older generations. A 2013
study by American defense contractor Raytheon showed that Millennials have
cultivated some dangerous online habits, leading to security pitfalls.
Nearly one-quarter of people between the ages of 18 and 26 have shared an
online password with someone outside of their family in the past year.
Twenty-six percent have never changed their mobile banking password.

However, other studies have pointed to young people as the most likely age
group to take steps to conceal their identities online through methods like
encrypting emails or browsing under a temporary username. A 2013 study
conducted by the Pew Research Center showed that 74 percent of Internet
users in the United States between the ages of 18 and 29 had cleared
cookies and a browser history at least once. That percentage dropped to 70
percent among users 30 to 49 years old and 56 percent among 50 to
64-year-olds, a decline possibly explained by a lack of tech-savviness in
older Americans.

Many who grew up in the connected generation seem to have taken a more
liberal approach to online privacy than their parents, but the same cannot
be said for how they view the importance of online security, Lin says.

"They certainly have a different sense of privacy; that is, most kids are
willing to post a lot of personal stuff that I, as an adult, would never
dream of posting," he said. "I suspect that our kids are just as concerned
about having their credit card information stolen as anyone else. They
don't like the fact when they get screwed by a security breach or something
like that."

Jennifer Granick, director of civil liberties at the Stanford Center for
Internet and Society, anticipates that while younger generations are
primarily responsible for trying to keep their information safe, the future
of online security will eventually become even more of a capitalist
commodity.

"Young adults are more likely to take steps to protect their data online
than older people are," she said, "I suspect that trend will continue, but
that individuals will be aided by the Internet services we use as security
becomes something that companies use to distinguish themselves from the
competition."

It is impossible to predict exactly where personal online security
legislation will be in the next generation or so, but if young people
continue to take the lead in regulating their own Internet use to prevent
security breaches, perhaps that mindset will bleed into future laws, as
well.

"I think we can safely say that lawmaking will be greatly impacted by law
enforcement, the NSA, and by companies with lots of lobbying dollars that
don't want to be regulated and would prefer to see someone else pay for
improving computer security," Granick said.

Although the Senate continues to debate the exact approach it should take
to address cybersecurity in the future, it is likely that the burgeoning
Internet of Things industry will add more water to an already unstable
security situation.

"As the Internet of Things gets to be more prominent … the likelihood of a
disaster goes up," Lin said.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!