There’s something wrong, big time, with privacy and security around the Internet, and the security industry needs to step up or risk losing it altogether, Dan Kaminsky, chief scientist and founder of White Ops, said in a keynote speech Wednesday at Black Hat 2016 in Las Vegas.
“We have work to do. We’re going to go ahead and get the Internet fixed because we’re risking losing this engine of beauty altogether,” Kaminsky said.
The problem centers around one of trust where users are backing away from the Internet due to security and privacy concerns, Kaminsky said, citing a Pew Research study. However, he said the security industry is failing to remedy this problem by not learning from the past and just patching vulnerabilities one-by-one, rather than fixing the underlying issues.
If the security industry fails to do this, the Internet of today, which Kaminsky called “this Internet,” could become irrelevant, as it did under AOL and AT&T in the past.
Kaminsky said the security industry needs a “germ theory of cyber,” which enforces a focus on how data is moved, is stored and persists, similar to how a doctor would trace an infection. The question, he said, is if the security industry has a way of disinfecting the Internet.
That doesn’t necessarily mean increased regulation or software vulnerability mandates, Kaminsky said, saying that we “didn’t heal illness by making sickness a crime.” Instead, Kaminsky said the medical industry learned to heal illness by learning to deliver medicine and safety.
To solve the problem, Kaminsky suggested the security industry needs to launch a National Institute of Health for cybersecurity, an organization with funding and stability to help build standards and objectively study the industry.
“I want an organization dedicated to the extensive study of our field, that can fund and implement the hard and really boring work that fixing all these problems will take,” Kaminsky said.
Beyond policy, Kaminsky said engineers need to step up and create better software and approach security problems in a better way, because today’s host of solutions “just aren’t good enough.” Kaminsky proposed an emphasis on technology approaches such as isolation as one way to do that.