Internet attacks that are able to bring organizations to a full standstill, are no longer new to us. At the same time, we don’t seem to be aware of the vulnerability of the ICT infrastructure and of the privacy aspects of the information we share. Government organizations spend billions of euros on finding security leaks, but it would be better if they also invested in the development and maintenance of crucial Internet software. This is the view of Aiko Pras of the University of Twente in The Netherlands, in his inaugural address as a Professor of Network Operations and Management, November 13.
While intelligence services spend billions on tracing security leaks, the maintenance of crucial Internetsoftware –needed for a protocol like OpenSSL/TLS- is sometimes in the hands of a small group of volunteers. At the same time, intelligence services spend part of their budget on infiltrating of computers of organizations and individuals. Those activities are no longer limited to ‘script-kiddies’ or organized crimes, government organizations take part in them as well. In his inaugural speech, Prof Pras makes a plea for new regulation and for government investments in vital software.
The newly appointed Professor sees that people don’t realize the ease of blocking the internet access of an entire organization. This can be done using distributed denial of service (DDoS) attacks, for example. By using multiple servers in a clever way, someone with a very simple internet connection can cause an avalance of DDoS traffic without being exposed as an attacker at all. In his research group at the University of Twente, Pras monitors these types of network traffic, for tracing vulnerabilities and finding new remedies.
Naïve about privacy
New technology is one thing, the attitude of the user is another. ‘I have nothing to hide’ is a widely spread motto, but this is very naìve according to Pras. Users don’t bother to share information that is worth a lot of money for commercial organizations, for example. Our internet surf behaviour is very privacy-sensitive. The idea that you can protect this by blocking or deleting cookies, is outdated: several techniques are available for uniquely identifying the end user. Apart from new approaches to ICT investments and new technology, creating awareness thus stays vital, is the conclusion of Aiko Pras.
Aiko Pras' inaugural address (in Dutch) takes place November 13 at 16h00. Full text is available.