comments

The yin and yang of cybersecurity

December 21, 2009: 10:00 AM ET

Howard (right) and Prince (below) say online peace can only come when corporations achieve "cyberbalance." Photos: Perimeter

On  the Internet, the good guys and the bad guys are inextricably connected. But what happens when one side gets the upper hand?

By Doug Howard, chief strategy officer, and Kevin Prince, chief technology officer, Perimeter E-Security

(The following is an edited excerpt of the forthcoming book, Security 2020, scheduled to be published next year.)

Since the inception of computers and more specifically, our global reliance upon them, the number, severity, complexity, and source of security threats have all increased exponentially many times over.

Why do threats emerge? Sometimes a developer wants notoriety (that was the primary motivation in the late 90's and the first few years of the new millennium) but today the main force behind digital threats is the hope of monetary gain.  Political and religious motivations are coming on strong, too.

At the same time, threat mitigation solutions and tactics constantly are developing to deal with these threats.  These solutions evolve over time and balance out each each new threat. The problem comes when threats emerge faster than solutions, and companies lose their balance.

The "white hats" (the good guys that help develop and implement solutions) and "black hats" (cyber criminals) have a relationship not unlike yin yang in Chinese philosophy.   Seemingly opposing forces are interconnected giving rise to each other in turn.

Yin and yang are thought to arise together from an initial quiescence or emptiness and continue to move in tandem until quiescence is reached again.  For example, dropping a stone in a calm pool of water will simultaneously raise waves and lower troughs between them.  This will radiate outward until the movement dissipates and the pool is calm once more.

According to Chinese philosophy, Yin and yang will always have the following characteristics (And so, too, do "white hats" and "black hats":

  • They are opposing.  The good guys are always trying to stop the bad guys.  The bad guys are always looking for the next way to outsmart the good guys.
  • They are rooted together.  For example, the discovery of a critical vulnerability will simultaneously start a flurry of development for patches and fixes by the good guys and malware and scripts to exploit it by the bad guys.
  • They transform each other.  New technologies and tactics are developed to counteract the effects of previous technologies and tactics.
  • One cannot exist without the other.  If all the cyber criminals disappeared tomorrow, you would have no need for security professionals.  (Without cybercrooks, our firm, Perimter, and many others would be out of a job. )

But there is one characteristic of information security that is not always true.  Yin and Yang are always balanced, but information security is sometimes out of balance.

What causes these forces to become out of balance? For starters, new threats can emerge and evolve so quickly that mitigation solutions are not available timely enough.  Sometimes companies balk at spending money on new solutions, or they simply don't have the expertise or understanding to deploy, manage, or monitor barriers to cybercrime.

Any of these elements individually can cause problems in the information security space.  (When all of these elements are true at the same time, you have a perfect storm for massive, worldwide impact that causes catastrophic damages and enormous economic loss.)

It's terrible to say, but sometimes it takes a cyberbreach of significant size to educate companies and consumers about the threats and to get them focused on solutions. After the first denial-of-service attacks (attacks that block legitimate users from accessing sites or applications) in 2001, a number of upstarts and existing security firms rushed to market with technologies to thwart so-called DOS attacks, and companies quickly moved to implement them.

Are we on the verge of a cybercatastrophe? Certainly the black hats are looking for new ways to cause chaos. With hard work, good cyberslething and a bit of luck companies like ours will keep pace with the bad guys' attacks – but companies need to do their part and get smart about the potential threats. If not, that stone dropped in a pool of water could turn into a tsunami, and it will take a lot of technology, manpower and time to achieve digital quiescence.

Howard is chief strategy officer of Perimeter E-Security, a Milford, Conn.-based provider of information security systems to companies of all sizes. Prince is chief technology officer.

Posted in: , ,
More from Fortune Tech
View all
Join the Conversation
Featured Newsletters
Today in Tech

Every morning, discover the companies, deals and trends in tech that are moving markets and making headlines.

The Term Sheet

Receive Fortune's newsletter on all the deals that matter, from Wall Street to Sand Hill Road. SUBSCRIBE

Big Tech

Covering the digital giants of Silicon Valley and beyond, an in-depth look at enterprise companies, and the startups disrupting them. Written by Michal Lev-Ram and emailed twice weekly.

Ask Annie

Anne Fisher answers career-related questions and offers helpful advice for business professionals.

See all Newsletters
Markets
Company Price Change % Change
Bank of America Corp... 8.07 -0.11 -1.34%
Cisco Systems Inc 19.90 -0.10 -0.52%
Ford Motor Co 12.44 -0.25 -1.97%
General Electric Co 18.88 -0.26 -1.33%
Microsoft Corp 30.50 -0.28 -0.89%
Data as of Feb 10
Index Last Change % Change
Dow 12,801.23 -89.23 -0.69%
Nasdaq 2,903.88 -23.35 -0.80%
S&P 500 1,342.64 -9.31 -0.69%
Treasuries 1.97 -0.08 -3.81%
Data as of 7:53pm ET
Most Popular
Stocks: Greece threatens to derail the rally
 
Top 10 counterfeit goods
 
First Premier's $400-a-year credit card
 
12 greenest cars of 2012
 
Apple goes after Motorola and Google with legal guns blazing
 
Market indexes are shown in real time, except for the DJIA, which is delayed by two minutes. All times are ET. Disclaimer LIBOR Warning: Neither BBA Enterprises Limited, nor the BBA LIBOR Contributor Banks, nor Reuters, can be held liable for any irregularity or inaccuracy of BBA LIBOR. Disclaimer. Morningstar: © 2012 Morningstar, Inc. All Rights Reserved. Disclaimer The Dow Jones IndexesSM are proprietary to and distributed by Dow Jones & Company, Inc. and have been licensed for use. All content of the Dow Jones IndexesSM © 2012 is proprietary to Dow Jones & Company, Inc. Chicago Mercantile Association. The market data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved. FactSet Research Systems Inc. 2012. All rights reserved. Most stock quote data provided by BATS.
© 2012 Cable News Network. A Time Warner Company. All Rights Reserved. Terms under which this service is provided to you. Privacy Policy. Ad choices .
Powered by WordPress.com VIP.