An emerging target for cyber attacks: Trust
A European Union study of the evolving cyber threat landscape identified a handful of emerging areas that are likely to be high-profile targets in the immediate future, with mobile computing topping the list.
Hardly a shocking conclusion, and the rest of the list also contains few surprises. There are social technology (usually referred to as social networking in this country), critical infrastructure, cloud computing and big data.
But there was one area flagged in the report that doesn’t get much attention here as a separate IT segment: Trust infrastructure. This is defined as "any information system that provides strong authentication and aims at establishing a trusted, secure connection between two end points."
In the United States we usually lump this function in applications or networks as identity management. But the EU study takes a broader view, which reflects a stronger emphasis on privacy and the idea that identity resides with the individual, not with the resources being accessed.
Maybe the concept of a trust infrastructure will gain traction here under the National Strategy for Trusted Identities in Cyberspace, a multi-pronged, public/private effort headed by the National Institute of Standards and Technology.
Among the programs under way, the administration is launching an initiative to use commercial cloud services to authenticate third-party credentials for accessing government sites, called the Federal Cloud Credential Exchange. The U.S. Postal Service will be operating an FCCX pilot.
A successful citizen-to-government identity bridge could help replace the outmoded password paradigm with strong, manageable credentials so the United States could have its own trust infrastructure. Considering it’s apparently an emerging target for cyber criminals, it seems a bridge worth crossing.
The EU study was conducted by the European Network and Information Security Agency, which analyzed more than 140 reports from the security industry and other organizations.
The study broke down the top threats by six areas: mobile computing, social technology, critical infrastructure, trust infrastructure, cloud computing and big data, and listed whether those types of threats were increasing, remaining stable or decreasing in each area.
Mobile computing, for example, faces increasing threats from drive-by attacks, worms and Trojans, exploit kits, botnets and phishing, among others. The current threats to the trust infrastructure include denial-of-service attacks, compromised confidential information, targeted attacks, physical theft, loss or damage of equipment, and identity theft.
Mobile users do get one small piece of good news from the report. Among 16 threats across six computing areas, only one threat is decreasing: spam in mobile computing.
Posted by William Jackson on Jan 10, 2013 at 2:07 PM