In my last post I talked about the broken trust in the Internet. Now let’s talk about steps we need to take to restore that trust.
First, we need to realize that trust is regained by proving we are trustworthy. There is nothing we can do, or say, that will instantly restore trust; it is earned by actions. A liar is not instantly believed when he starts telling the truth. Only through consistent truthfulness can his statements be believed.
Second, we should note that even if we are objectively 100% innocent and trustworthy, the mere fact that others are questioning our trustworthiness means we have to act in a manner to prove and regain that trust. Regardless of our objective status, the actions we take will either solidify the fact that we have been, and remain trustworthy, or they will help to regain trust that was lost. The actions are the same.
With that said, there are three main principles that should guide our actions: honesty, transparency, and accountability. Honesty is first because it is necessary to establish the truth. Transparency is required because without it we cannot know the truth. And accountability is required because it provides a disincentive for lack of honesty and transparency.
In order to regain trust in the Internet it must be approached from multiple angles using those principles as our guide. We cannot do it alone. It needs to be approached from legal, societal, and technical angles. All of those angles incorporate the three principles above (honesty, transparency, and accountability) though to varying degrees. Legal actions, for example, will have a heavy focus on accountability. Here I want to focus on the technical angle. The others, while extremely important and serve as checks and balances, are outside the scope of this article.
We, as IT professionals, are the ones designing, implementing, and maintaining the Internet. The power to make great technical change is in our hands. In many cases below I speak to improving “security” because that is the fundamental outcome. Improved security is an end result which can be audited and verified over time. If we do a good job improving security, we build the trust with the end user.
Embrace Open Standards
The greater the visibility, the greater the chance to make the technology as robust as possible. Cryptographic algorithms, for example, undergo massive amounts of scrutiny by many parties before being widely adopted. The more people look at a solution, the more likely we are to discover and fix problems. Open and robust standards also prevent new products from “reinventing the wheel.” If a problem has been solved before, let’s reuse that same tried and true solution. Open standards should also provide transparency so that anyone may inspect how the technology works without needing to trust someone else’s claims. This goes for routing protocols, encryption algorithms, file formats, and much more.
Encrypt by Default
Many companies are already doing this and more will certainly follow. Everywhere possible we must encrypt data by default, at rest and in transit. Encrypting as much as possible also had the side effect of raising the noise floor. If only the most sensitive data is encrypted, it is easy to filter out. If all data is encrypted, it becomes much harder to determine what is “valuable” and what is not. Certainly this does nothing for metadata, but the goal here is to make any data collected nearly unusable and make that “valuable” data harder to find.
Properly Implement Encryption
Simply put, implementing encryption properly is hard and the consequences of doing it wrong can be devastating. There is no shame in using existing standards, libraries, or software and seeking expert advice. Realize that proper encryption is more than just the protocols used, it includes how the keys are stored, how the system interacts with the user, how the entropy is gathered, how the clear text is handled, and much more. Users depend on us doing it right.
Make Defaults Secure
The path of least resistance should be a secure path. Many products require users to go into advanced settings or select obscure options to better secure them. How many users take the time to learn about and apply those settings? Most probably take the lazy path and only set what is required during setup. We need to make sure that products, by default, enforce an appropriate level of security out of the box. On the spectrum of low to high security, let’s raise the default setting higher than it is today. If every phone, for example, required a passcode during setup, that is a step in the right direction. We should always give users the option of disabling security features to better tailor the product to their environment (such as a lab or testing), but make them conscious of their choice and explain to them the risk in clear terms.
Use Existing Security Mechanisms
Hopefully products will raise the bar of “default” security, but during implementation we must investigate, understand, and apply additional features as appropriate. Do you authenticate IGP (OSPF/EIGRP) sessions? How about BGP? Why not? If you are a service provider, do you filter your customers’ BGP advertisements to make sure they are only advertising their allocated netblock? Both of these things are easy wins for security and have very few adverse side-effects. The configuration is simple enough and the cost is low. Sure, retrofitting an existing network will take time, but a greenfield scenario is an easy win. Even in a deployed network, I can think of many other changes we do that are harder than enabling IGP authentication.
Reinforce the End-to-End Model
Anytime we break the end-to-end model of the Internet we effectively weaken it. Many security products depend on what amounts to a man in the middle attack (i.e. proxies and SSL inspection). The vendors will argue that the end result is greater security. I argue that greater security is relative because the very same methods that they use for “good” can be used by attackers for “evil.” The attack on the infrastructure is the same. Remember, protecting privacy should also be a goal of restoring trust. Let’s not try to secure the Internet by breaking it, let’s secure it by making better protocols that resist interception and modification.
Purge What Isn’t Required
Simply put, if there is nothing of value to get, there is no point in trying to get it. Don’t store what you don’t need. The minute that data becomes useless, purge it. This goes for customer records, routine log files, transaction history, credit card numbers, etc. With more and more data breaches in the news, it sure would be a lot easier to say that while hackers broke in, no credit card data was stolen because it is not stored.
Think Like a Hacker
Take a step back and look at the situation or technology from another angle. Knowing what you know, how could you break it? How could you trick it? How could you make it fail? What is the weakest link? How can you exploit that link and get further “down the chain?” A little bit of time and brainstorming will probably lead to many improvements. Perhaps you can close those vulnerabilities. Or maybe they cannot be completely closed, but they can be detected and the user alerted when triggered. Either way, implement those steps to improve security and build trust with the user.
Ask the Tough Questions of Vendors
Here is where we have the ability to hold our vendors, service providers, and other third parties to task. At some point we have to engage third parties to provide software, hardware, or services which we ourselves cannot provide. These will likely include proprietary items which we cannot validate. We must ask for details on how their products are secure and why we should trust them. Then, challenge them with some of the same principles above. Delve deep into their implementations to better understand the product. This will help determine if the product should be trusted and also help you learn what things you can do to better secure it. We must also be ready to place a value on that trust and security. If a vendor cannot deliver we must be ready to vote with our wallets or budgets.
Do What’s Right
Perhaps the biggest overarching thing we can do to restore trust is to always do what is right. While each person’s moral compass may differ slightly, I think deep down every sane person knows what is right. When faced with a decision, step back and take stock of what is right. Pick the choice you can defend with your morals and champion that cause. This isn’t to say that it will be easy, or even possible in all situations, but doing what you can in your power means that you can hold your head high. Don’t confuse this with “the ends justify the means.” We must do what is right and defensible at all points along the way and not compromise our principles and morals just to reach the goal. We should expect to be held accountable for our actions and let that guide our decisions.
Even if we do all of the above, which is only a start, we still cannot guarantee success. We must constantly be improving and refining our security posture. As the threats change so too should our defenses and mitigation. But I do believe that if we approach things with an eye toward security from the start, we can arrive at an infrastructure that is fundamentally more secure.
As I stated in the start, to restore trust we must act in a trustworthy manner. If we act in an honest, transparent, and accountable manner, then everyone can objectively determine if the end result is truly worthy of that trust.
What else do you believe we need to do to restore trust?