Hidden Dangers Behind the Rapid Advances in Technology; AGENDA It's Brought Us a Brave New World but the Advances in Information Technology Have Also Created Security Problems, Even to Personal Safety, Which Need to Be Tackled, Says Lord Kumar Bhattacharyya, Head of the Warwick Manufacturing Group

Article excerpt

Byline: Lord Kumar Bhattacharyya

As a society we are becoming increasingly dependent on technology and particularly the internet and communications networks.

We use them at home, at work, throughout commerce and governments across the globe.

Risk is less tangible in cyberspace. People know what it means to lock their front doors, but they do not have the same knowledge when online.

It isn't intuitive; we cannot use the senses upon which we depend in everyday life to help us. For example, a large online gambling company was recently discovered to have had "superusers".

Certain players were able to win large sums of money at poker by knowing the cards their opponents held. Those familiar with card games will recognise that this is a significant advantage.

This only became public knowledge because customers of the company became aware of unusual play by such "superusers".

This triggered an online investigation by members of internet forums and as a result the company concerned has so far repaid some EUR6 million to consumers who lost money at their site. There are some interesting lessons here.

First, the company was incorporated under the jurisdiction of a Canadian Indian tribe, the Kahnawake.

The company was a respected and trusted brand. It was regulated in the same way as its competitors, and consumers' only regulatory remedy was to the Kahnawake gaming commission.

This is not satisfactory to say the least.

Millions were effectively stolen, yet there is no clarity about who benefited, where the money went and no data trail on who lost out. Most remarkably of all, after having announced that their software contained holes that allowed the winning of millions of dollars through underhand means, the sites concerned are still trading and still prospering.

We require a multi-layered approach to addressing these problems. This will involve building technology of higher integrity not pervaded by vulnerabilities to be exploited by those with malicious or criminal intent.

In turn this means we must make security solutions easy to use, not so difficult that users simply turn them off because they are unaware of the protection they offer.

The final step is providing the necessary regulation and checks and balances so we can deter misuse.

One can look at the helpful analogy of the road networks to describe a shared burden of responsibilities. While great responsibility rests with the road users, their safety also relies upon those who design and maintain the road network, with its signs, lights and markings.

Online, I am concerned by the fundamental lack of security education on the part of software and hardware developers, business managers, civil servants and all those that have to interact with digital information.

I believe we need to investigate the programmes developed by the United States.

They have made it a priority to develop centres of national excellence to provide a framework and guidance for students and institutions in information assurance education.

Consider the road example again; we provide awareness campaigns on specific issues and educate principles through driving lessons.

There has been very little work to understand how the internet user comprehends the risk that they are taking and what their actions or inaction can actually mean.

Alongside dealing with the problems of today, now is the time to design in security for the future.

Traditionally, research on e-security has been focused on specific solutions for individual problems which results in individual products for each problem. …