Can cybersecurity be too secure?

Can cybersecurity be too secure?

This post is also available in: heעברית (Hebrew)

cyber security picture

DHS, is finalizing plans to open a “satellite office” in Silicon Valley, intended to work with tech companies as well as improve cyber security. According to Security DHS Secretary Jen Johnson said the department wants to “strengthen critical relationships in Silicon Valley, and ensure that the government and the private sector benefit from each other’s research and development.”

There is a sense that Washington wants very much to work on the issue of cyber security more closely with private sector companies. The question remains, however, whether the private sector wants to work more closely with government and legislature.

“In order to improve cyber security, it is critical to facilitate the sharing of cyber attack information,” said Sen. Ron Johnson from Wisconsin at a Republican party address. “By sharing threat signatures, vulnerabilities and other indicators of network compromise, within and between the private sector and government, many cyber attacks can be prevented.”

President Obama has already signed two executive orders concerning the matter, one that calls for the creation of voluntary standards to bolster the security of computer networks in critical industries, and another, last year, to protect consumers from identity theft. According to the Washington Post last month Obama proposed legislation that would shield companies from lawsuits for sharing threat data with the government. The president seems to be very concerned.

However, both privacy groups and Silicon Valley companies have said they would oppose the proposed legislation, unless reforms are first made to the NSA’s, the National Security Agency’s surveillance program. These government surveillance activities are seen as a potential liability for tech companies operating globally.

In December of 2013, major tech companies including Apple, Google, Twitter, Facebook, Microsoft and Yahoo joined together in the Reform Government Surveillance coalition, urging the President and Congress to impose restrictions on U.S. spying programs, and although the President agreed, progress on reforms has been too slow for some.

In the meantime some tech companies have taken the initiative into their own hands, by strengthening and expanding their deployment of encryption. This, in order to secure users’ online activities. All of which, we suppose, would make all proponents of cyber security happy, but strangely it doesn’t.

DHS Security Secretary Johnson, shortly moving to the Silicone Valley to demonstrate the higher authorities’ good wishes towards the industry, says that the government’s “inability to access encrypted information poses public safety challenges.” This, translated into laymen’s terms means, that there is a limit to how secure cyber information should be. Government bureaucracies do not appreciate technologies that prevent them from accessing the information themselves.  Or, in the words of a member of the civil liberties group the Electronic Frontier Foundation, Andrew Crocker, “I think it’s fair to say that changes on the technology front have outpaced governmental and legislative efforts.”