The next generation of cybersecurity specialists must look at ways to ensure better security for our whole lifetime.
Speaking at Bsides Belfast, Duo Security advisory CISO Wendy Nather looked at the concept of “how do we live securely from cradle to grave.” In her closing keynote, Nather recalled the efforts she had to go to educate her family on internet use, and her parents on gaining power of attorney over their estate.
“We are conditioned by the interface and this can be exploited and leveraged against us,” she said, explaining that some of us have only used computers at work, and now we are “exposed from birth” and are given accounts from school to college to work. “We get more logins and government accounts and bank accounts, and online shopping,” she said, adding that “the stupidest thing we did as technologists” was to determine that credentials can be stored in the brain.
“As you get old you get incapacitated, and people may be disabled and may need assistance – how can you let someone run your life for you?” Nather asked, arguing that this is something we have to think about now, and that this is something we need that “goes across all accounts from birth to death.”
She called on delegates to consider this, and to create an “intermediary to cover the digital lifespan.” She praised the uptake of password managers and Webauthn “and the emerging root of trust that is the phone,” but this is expensive and fragile, “and not what we need to cover our entire lifespan.”
This has “got to be more than authentication, and help with security decisions like delegating tasks” and it needs to be granted and revocable, and work with everything you have and be age appropriate to start at school.
“More than identity, we need something that encompasses regulations across the globe and is regulated by a trusted entity with no other agenda than providing this service – it cannot sell data or promote anything else – and it has got to work at speed.”
Nather concluded by urging the audience to do this, adding that this is “the greatest challenge of our generation.”
Source: Infosecurity Magazine