Kaminsky: Infosec must innovate, or we may lose the Internet as we know it
Dan Kaminsky, co-founder and chief scientist of fraud detection firm White Ops.
Noted cybersecurity expert Dan Kaminsky called upon members of the information security community to more openly share innovations, ideas and code in order to preserve the Internet and its inherent freedoms before they are “regulated into destruction.”
Kaminsky, the co-founder and chief scientist of fraud detection firm White Ops, warned in his Black Hat keynote presentation on Wednesday that technology providers are breaking their security promises at an alarming rate, and that the general public is losing faith in their ability to keep users safe. “We can lose this Internet,” he cautioned. It's not a rule of the universe that we get to keep having all this fun.”
To preserve and protect the Internet, technology developers and security experts must not compete on cybersecurity but rather create a united front, explained Kaminsky, citing the banking industry, whose members regularly share cybersecurity information through such means as the Financial Services Information Sharing and Analysis Center (FS-ISAC).
To that end, Kaminsky urged software developers in all walks of industry to “start releasing your code,” making it available for the greater security community to review, fix and improve. Rather than software developers asking its employees to repeatedly repair the same security issues that surface in code, “it might be cheaper and [more] cost effective for you to just give it to the world,” he asserted.
Kaminsky also dared technology developers and information security experts to not get “wrapped up in security nihilism” and instead strive to innovate and design better systems that deliver on security in the way the user expects.
In his own personal display of innovation, Kaminsky detailed Autoclave, his new cloud-based, containerized Chrome browser solution that runs in a virtualized sandbox-type environment that isolates important online activities from potential bad actors. Kaminsky also touted the adoption of machine learning as a means to more effectively detect and understand cyberthreats through big-data analysis.