Tech ‘falls behind’ in security war
www.asiacomputerweekly.com Tao Ai Lei, Mar 10 2003
On the Side Combating the slide Singapore: Technology today has fallen behind compared to the scale and spread of security problems, with insufficient action in the areas of R&D and people training.
Yu Chien Siang, IT director, Ministry of Home Affairs, Singapore, made this observation at the Security Conference Summit 2003 held in Singapore recently.
He explained that it takes skill to design, create and implement IT systems that are secure and robust, so “we need to go back to the basics, to training and good people”.
This is in the light of the fact that companies today face “newer and quite lethal [security] attacks”, as technology gets increasingly pervasive.
He cited the example of embedded systems, such as high-end photocopiers and colour laser printers that have hard disks, which can be hacked. The GSM SIM cards can also be attacked by cloning kits, and next-generation viruses can attack cell phones.
To tackle these challenges in today’s complex knowledge economy, companies need a sophisticated array of security defences as part of its eco-system, said Yu.
These technologies include: integrity protection, antihacker intrusion detection system, data backup systems, physical access control, network security, and emergency disaster recovery systems.
IT systems that have security problems tend to be poorly designed and cannot scale.
Therefore, they cannot be enhanced, and are “fighting technology obsolescence from the day that they were implemented”, said Yu.
On the other hand, security, when implemented well, can save money, he said.
Yu also pointed to certain “money-saving” security techniques, which include using a network address translation (NAT) to stop Trojans from taking over corporate PCs; setting Read-only to normal .dot and email.dot files to stop infections by macro viruses; and taking advantage of the Win2000 security capabilities, like ActiveDirectory, IPSec, Kerberos and router, NTLM 2.
On a positive note, Yu said that not only IT vendors, but also governments and universities, are beefing up and promoting security.
He highlighted key security initiatives by IT vendors, such as Microsoft’s Trustworthy Computing initiative; Sun Microsystems’ JavaCard, SunOne and Liberty Alliance; and Oracle chief Larry Ellison’s pledge to make his company’s database programs “unbreakable”. Smart-card technology has also made considerable headway recently, where cryptography for smart cards has “improved dramatically”, with AES replacing DES.
Governments worldwide are also implementing or committed to a smart national identification or national healthcare card within a PKI infrastructure, such as Finland, Spain, Sweden, Belgium, Slovenia, Venezuela, Malaysia and the US.