Economic instability. The explosion of cloud computing. The swift growth of e-commerce and online financial transactions. The rapid spread of mobile devices loaded with digitized information. The spread of social networking.
These are just a few of the technological forces wreaking havoc with commercial and personal security. With the digitization of more and more elements of our social fabric comes a parallel heightening of vulnerabilities. Splash economic turmoil onto the mix and the challenge becomes acute.
“There is no silver bullet,” says Erin Nealy Cox, executive managing director and deputy general counsel in the Dallas office of Stroz Friedberg, a New York-based digital forensics and technical consulting firm. “There is no application. There is no tool. There is no one thing that can guarantee that you are safe. It’s a process.”
To paraphrase software engineer Morrie Gasser, author of Building a Secure Computer System, securing proprietary information has traditionally been a battle of wits: the penetrator tries to find holes, and the designer tries to close them. And those holes take many forms.
Virtually every area of life is swirling with digitized data ripe for hacking, and a number of companies in North Texas are working to thwart the wrongdoers.
Daniel Engels, chief technology officer for Addison-based Revere Security, says the proliferation of radio frequency identification technology, for example, has created a layer of risks that previously didn’t exist. Wireless devices such as smart meters, RFID tags, medical devices, and toll tags are largely insecure and without authentication. These devices can be tampered with or counterfeited with ease. A hacker who penetrated a smart meter, for instance, could alter billing information or shut down power.
“Without security, it is my belief that the abuses of these systems when they become ubiquitous will be so great, that they will impede their adoption and probably cause a huge backlash,” he says.
The emergence of wireless networks and device mobility is why Addison-based Credant Technologies zeros in on securing data as opposed to systems. A laptop can be worth $800, says Credant founder Bob Heard. But the data on that laptop can be worth millions if it falls into the wrong hands. Credant develops encryption technologies to ensure that lost, stolen, or hacked data files cannot be accessed without proper authentication.
“Organizations now have data that is leaving the enterprise on computing devices ranging from a laptop, to a smart phone … to thumb drives,” says Heard. “People are using them in airports and hotels and taxis. That data is now outside the firewall.”
Celebrated physicist Stephen Hawking once lamented that computer viruses are the only form of life humans have created so far—and they are purely destructive. Dallas-based Entrust, a mid-’90s spinoff from Nortel Networks, seeks to protect against such malicious infections through sophisticated authentication and fraud-detection technologies. Entrust develops everything from digital credentials for Interpol officers to software applications that protect against cyber attacks.
One of the most potent emerging threats, says Entrust Chief Marketing Officer David Rockvam, is a piece of malware called Zeus. Zeus is essentially a cyber crime kit used by thieves to defeat the security tokens commercial banks employ for online banking. Because it’s able to evade up-to-date antivirus software, Zeus has successfully infected millions of computers in the U.S. It has also compromised numerous websites such as those for Bank of America, Amazon, Monster, and the Department of Transportation.
“What we’re seeing is an epidemic of attacks on small and medium businesses,” says Rockvam. “There’s generally more money in these accounts” than in consumer accounts. Entrust has developed a software solution for banks to defeat the virus by monitoring transactions and scanning for anomalies.
Malware threats keep evolving, Rockvam says. In December 2009 a new crime ware toolkit called SpyEye started appearing on underground Internet forums. Rockvam says SpyEye is a stronger, more pernicious strain of malware.
Digitized data vulnerabilities aren’t the only threats to social and economic security. Supply chains and governments regularly confront threats to the integrity of products and currency through counterfeiting schemes. Addison-based Authentix engineers exotic technologies to protect the authenticity of everything from currencies and fuels to pharmaceuticals and tobacco.
“Organized crime spends lots of time and money to overcome anti-counterfeiting efforts,” says Craig Stamm, Authentix president and co-founder. “We design markers that are difficult to remove and very difficult to uncover and defeat.”
Authentix creates chemical markers that can be blended with inks used in pharmaceutical packaging, for example. The inks can then be detected by an electronic device, some smaller than a cell phone, authenticating drugs down to the unit level. To protect its electronic detection devices against hacking via reverse engineering, Authentix developed firmware that melts when exposed to light or oxygen.
To help governments guard against excise tax fraud via smuggling, Authentix deploys nano markers in fuels and in inks used on tobacco packaging to establish authenticity. “A lot of times those dollars end up in the hands of some pretty nasty criminal elements,” says Stamm, pointing out that terrorist organizations such as Hezbollah and Hamas were involved in illegal tobacco smuggling. “Counterfeiting is a growth industry.”
Technology is also being used to ensure personal safety. Through a program dubbed iWatch, the Dallas Police Department is creating a virtual crime-watch system via a dispersed web of anonymous tipsters. The crux of the program is a smart-phone application that facilitates the transmission of crime information via short text messages to police in non-emergency situations.
“There are many things [in crime reporting] that go unsaid,” says Dan Elliott, founder of Addison-based iThinqware, the company that developed the smart-phone application. “If you see something, you should say something. And that really is the cornerstone of how the system works.”
Anonymous text message tips are channeled into a police department tactical intelligence center that mines and sorts the information into potentially actionable data. “We’re seeing these tips in near real-time,” says Brian Harvey, deputy assistant chief of police.
A month after the program went live in early October, more than 1,000 iWatch smart-phone applications had been downloaded. During that same period, the department received more than 100 actionable tips, 39 of them drug-related. Harvey says his goal is to have 75,000 iWatch applications downloaded into the community as of Jan. 1, 2011. The program will also facilitate photo and video tips in the future.
“There is a cell phone in every car on every front seat,” says Elliott. “That is a convenient connection between our lives and law enforcement.”
The breadth and depth of the region’s security industry demonstrates that the sector has evolved far beyond securing enterprise perimeters. Effective security comprises a layering of defenses that focus both on human and technological elements, both inside and outside the organization.
To be effective, security measures demand unrelenting, flexible processes. “The computers that we use were never designed to be secure, says Jim Stikeleather, chief innovation officer for Dell Services. “The software, databases, operating systems, and networks were never designed to be secure. It’s amazing that things are not worse than they really are.”