Information security research and hacking are creating positive developments for the public and private sectors.
Hacking is often seen as having a largely negative impact on society. However, the hacking ethos and the broader security research community can be, and often are, forces for the greater good.
At a panel at the Black Hat USA conference in August, IT security experts described how individual “white-hat hackers” and IT security industry groups are using their skills to improve digital security in the public and private sector.
"Engaging in the public interest is deeply embedded in our [cybersecurity] culture," long-time cybersecurity expert Bruce Schneier said. "We wish it would spread to the greater technology community.”
Security researchers help verify the claims public- and private-sector organizations make. “The notion of adversarial research is something we’ve used over decades,” Schneier said.
The Electronic Frontier Foundation essentially operated as a law firm through its early years, but it has evolved to become a broader activist organization, said EFF Director of Cybersecurity Eva Galperin. She described the organization as “an ACLU for the internet” and "the closest thing to religion" in cybersecurity, as seen in its work to root out stalker-ware and help domestic violence victims online. “The jobs to be done are frontline," she said. "IT security work is the scut work of IT.”
“When we talk about security, we have to ask, ‘security for who?'” Galperin asked. “It’s usually for governments or corporations. We don’t talk about security for individuals, particularly individuals who don’t have a lot of spending money.”
To address with these issues, Galperin said the security industry needs ethical hackers and technologists who have both creativity and empathy that can be applied to cybersecurity in the context of social causes. “We need someone to hold the hands of people who have been abused or harassed by partners or governments, and that doesn’t require a computer science degree,” she said. “You need to understand your population first and what they need.”
Indeed, the EFF is also involved in Human Rights Watch and runs a Congressional Fellowship Program, where the organization hires a technology fellow to work with senators for a year.
“Government institutions are being dragged into this century,” Schneier said. Technologists can "make a difference," helping people better understand how to protect themselves. For example, corporate and home-based automation and the growing internet of things ecosystem will introduce new threats – pacemakers or other medical devices that could be hacked, or connected car vulnerabilities, as well as intrusions that affect larger organizations and the critical infrastructure. Members of the cybersecurity community are stepping up, collaborating with journalists and government officials, to explain the threats and investigate potential solutions.
The security industry is also playing a larger part in reviewing human rights threats through partner organizations such as the Human Rights Watch and Amnesty International. “We need to help defend organizations that are doing public good," Schneier said. "We don’t do enough [to praise] those in IT… working for those around the world being attacked by governments.”
NEXT STORY: 3 ways DOD can plug security holes