The Internet Is Out To Get You

President Joe Biden’s cybersecurity executive order, signed May 12, 2021, calls for the federal government to adopt a “zero-trust architecture.”

This raises a couple of questions. What is zero-trust security? And, if trust is bad for cybersecurity, why do most organizations in government and the private sector do it?

One consequence of too much trust online is the ransomware epidemic, a growing global problem that affects organizations large and small. High-profile breaches such as the one experienced by the Colonial Pipeline are merely the tip of the iceberg.

There were at least 2,354 ransomware attacks on local governments, health care facilities and schools in the U.S. last year. Although estimates vary, losses to ransomware seem to have tripled in 2020 to more than US$300,000 per incident. And ransomware attacks are growing more sophisticated.

A recurring theme in many of these breaches is misplaced trust – in vendors, employees, software and hardware. As a scholar of cybersecurity policy with a recent report on this topic, I have been interested in questions of trust. I’m also the executive director of the Ostrom Workshop. The Workshop’s Program on Cybersecurity and Internet Governance focuses on many of the tenets of zero-trust security by looking to analogies – including public health and sustainable development – to build resilience in distributed systems.

Security without trust

Trust in the context of computer networks refers to systems that allow people or other computers access with little or no verification of who they are and whether they are authorized to have access. Zero Trust is a security model that takes for granted that threats are omnipresent inside and outside networks. Zero trust instead relies on continuous verification via information from multiple sources. In doing so, this approach assumes the inevitability of a data breach. Instead of focusing exclusively on preventing breaches, zero-trust security ensures instead that damage is limited, and that the system is resilient and can quickly recover.

1 2 3
View single page >> |

Scott Shackelford is a principal investigator on grants from the Hewlett Foundation, Indiana Economic Development Corporation, and the Microsoft Corporation supporting both the Ostrom Workshop ...

more
How did you like this article? Let us know so we can better customize your reading experience.

Comments

Leave a comment to automatically be entered into our contest to win a free Echo Show.