CyberEye

By Patrick Marshall

Blog archive
Chain with string as center link

An emerging target for cyber attacks: Trust

A European Union study of the evolving cyber threat landscape identified a handful of emerging areas that are likely to be high-profile targets in the immediate future, with mobile computing topping the list.

Hardly a shocking conclusion, and the rest of the list also contains few surprises. There are social technology (usually referred to as social networking in this country), critical infrastructure, cloud computing and big data.

But there was one area flagged in the report that doesn’t get much attention here as a separate IT segment: Trust infrastructure. This is defined as "any information system that provides strong authentication and aims at establishing a trusted, secure connection between two end points."

In the United States we usually lump this function in applications or networks as identity management. But the EU study takes a broader view, which reflects a stronger emphasis on privacy and the idea that identity resides with the individual, not with the resources being accessed.

Maybe the concept of a trust infrastructure will gain traction here under the National Strategy for Trusted Identities in Cyberspace, a multi-pronged, public/private effort headed by the National Institute of Standards and Technology.

Among the programs under way, the administration is launching an initiative to use commercial cloud services to authenticate third-party credentials for accessing government sites, called the Federal Cloud Credential Exchange.  The U.S. Postal Service will be operating an FCCX pilot.

A successful citizen-to-government identity bridge could help replace the outmoded password paradigm with strong, manageable credentials so the United States could have its own trust infrastructure. Considering it’s apparently an emerging target for cyber criminals, it seems a bridge worth crossing.

The EU study was conducted by the European Network and Information Security Agency, which analyzed more than 140 reports from the security industry and other organizations.

The study broke down the top threats by six areas: mobile computing, social technology, critical infrastructure, trust infrastructure, cloud computing and big data, and listed whether those types of threats were increasing, remaining stable or decreasing in each area.

Mobile computing, for example, faces increasing threats from drive-by attacks, worms and Trojans, exploit kits, botnets and phishing, among others. The current threats to the trust infrastructure include denial-of-service attacks, compromised confidential information, targeted attacks, physical theft, loss or damage of equipment, and identity theft.

Mobile users do get one small piece of good news from the report. Among 16 threats across six computing areas, only one threat is decreasing: spam in mobile computing.

Posted by William Jackson on Jan 10, 2013 at 9:39 AM


Featured

  • Workforce
    Shutterstock image 1658927440 By Deliris masks in office coronavirus covid19

    White House orders federal contractors vaccinated by Dec. 8

    New COVID-19 guidance directs federal contractors and subcontractors to make sure their employees are vaccinated — the latest in a series of new vaccine requirements the White House has been rolling out in recent weeks.

  • FCW Perspectives
    remote workers (elenabsl/Shutterstock.com)

    Post-pandemic IT leadership

    The rush to maximum telework did more than showcase the importance of IT -- it also forced them to rethink their own operations.

Stay Connected