Six Lines

Asymmetry and Security

Posted by Aaron Massey on 04 Apr 2011.

John Markoff of the NY Times Bits blog has a post up about the asymmetry of computer security. I particularly liked this part and the quote from Spaf:

Also last month, RSA, a Massachusetts-based firm that sells software to corporations and governments that is used to keep digital secrets, was forced to admit that it had been the victim of what the firm described as a mysterious “Advanced Persistent Threat,” potentially undermining crucial encryption technology that protects millions of computers around the globe.

Each incident underscored the potential power of an individual or a small group in cyberspace — from destroying a company’s reputation to fundamentally undermining the digital security of millions of Internet users.

“There is asymmetry in resources, in time, in response, in cycle time, in information sharing, and maybe even in other areas as well, depending on the kind of attack and attackers,” said Eugene Spafford, a computer scientist and computer security specialist at Purdue University.

Asymmetry is one of the most fundamental aspects of computer security today. If you lose sight of this, then the impact will be seen in every security decision you make.