We Have to Find Ways to Reinforce Trust

Saturday, March 29, 2014

Jarno Limnéll

76e662e7786bf88946bd6c010c03ac65

We are losing the battle for cyberspace. Not because malicious actors are taking over the digital world, but because we are forgetting what is the element that makes us feel safe and secure in any world: the ability to trust.

There is an urgent need to address trust questions in cyberspace, if we want to slow down, or preferably reverse, the ongoing slide towards omnipresent suspicion. Trust that bases on realistic estimations needs to be actively built and upheld.

According to the EU statistics only 12 per cent of European internet users feel completely safe online. In the US, an AP‒GfK poll found that 58 per cent of people have deep concerns about the safety of online shopping; 62 per cent about spending money via smart phone applications. Sixty per cent of people say they value privacy over anti-terrorism acts, and less than a third trusts others much in everyday encounters. Yet, trust is the factor that makes society work where cyberspace is the backbone of its contemporary model.

Trust is a basic building block of all security, including cybersecurity. Yet particularly trust in digital products and services is underpinned by cybersecurity. As cyberspace is something very new ‒ commercial internet only emerged in 1995 ‒ we are still learning to live with it. People do not have the time or interest to familiarize themselves with complex information and communication technology for which reason they can trust or distrust it blindly. Misplaced trust easily leads into compromised security. This is where ICT manufacturers and vendors, as well as law enforcement, governments and international organizations come to play a role. Cyberspace needs to be what it is promised to be and function as expected for realistic trust only emerges from experience.

You May LIkeBroken Trust - Exposing the Malicious Use of Digital Certificates and Cryptographic Key

Still the question of trust is often neglected or only partially understood. As today we are experiencing the dawn of cyber era it is natural that both distrust and blind trust coexist. When being asked people say they do not trust cyberspace, yet their daily lives are fully dependent on it. Society’s critical infrastructure is controlled through cyberspace, multiple services we are used to only exist there, and information needed to run our daily businesses is stored and exchanged online. The world is tightly interconnected ‒ not to mention that the “internet of everything” is just emerging.

Over the past few years states have become active players in cyberspace. This has raised the weight of digital issues on the agenda of (inter)national politics. Administrations and companies are also waking up to the dangers of cyberspace, yet sadly often forgetting its vast opportunities. At the beginning of the 1990s the situation was very different: globalization and ICT revolution were seen to help overcome almost any difficulty in life. There was plenty of trust on ICT (even if sometimes exaggerated). Gradually this trust has crumbled or, at least, become more reserved. Malicious actors have learned to use cyberspace, companies have not been prepared for this development, there is a lack of transparency and states are defining the digital world as an arena of power struggle and warfare. Rivalry and covering of security breaches only reinforce mistrust.

What we need to do is to turn this development around. We need to find ways to build trust in cyberspace. Alongside ICT companies this is the task of states, international organizations and corporations. Reinforcing digital trust, that is developing technological solutions to induce trust, is one of the means. In addition, there is a need for regulation that addresses the manifold questions of cybercrime or cyberwar, but does not hinder the development of ICT sector. No single actor can overcome omnipresent digital problems alone but cooperation and information sharing are a necessity.

The EU is building its digital agenda on the aforementioned abutments. For example, its Horizon 2020 programme aims at developing “trustworthy ICT solutions ensuring a secure and reliable digital environment in Europe”. It is both to promote innovation and economic growth and to protect society, economy and people’s rights. In the US, for example, the National Science Foundation has similarly reasoned research programmes.

Alongside innovation enhancing transparency is a way to induce trust. Instead of denying intrusions, companies and administrations should be honest about them. Highlighting what has been done to address problems and prevent security breaches in the future should become the yardstick of trustworthiness. They also need to be resilient enough to continue operating under cyber-attack. This is the sole approach to build trust in a world in which everyone knows that anyone can be breached at any time. In addition, ICT manufacturers and operators need deliver what they promise, help customers in making the right decisions, and also take the responsibility when something goes wrong. Security should become a built in feature in cyberspace.

Cybersecurity ‒ and trust as an integral part of it ‒ is a topical issue right now. We are just learning to live in societies penetrated by cyberspace. Both today and tomorrow actions in digital world have consequences in physical world that we have to deal with. This changes our traditional understandings of, for instance, war, peace, security and privacy. There is a need to re-organize our conventional world view ‒ the decisions we make today have long standing influence and consequences. We have to find ways to reinforce trust as it is the thing holding societies together – today and tomorrow.

Related Reading: The Cost of Failed Trust Report

Reading ReadingBroken Trust: Exposing the Malicious Use of Digital Certificates and Cryptographic Key

Possibly Related Articles:
8816
Cloud Security General Privacy
State/County
Trust cybersecurity
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.