Rob Housman, Executive Director of the Cyber Secure Institute, a research and advocacy firm announced that the Institute is launching the Cyber Secure Institute Albert Einstein Prize in Cyber Security.
Housman said, “Einstein once defined ‘Insanity’ as ‘doing the same thing over and over again and expecting a different result.’ The award will go to the company or entity that best personifies Einstein’s definition in its approach to cyber security.”
Housman added, “Our approach to cyber security today is the old ‘hack and patch.’ We do the same thing over and over: they hack in; if we find the hack we patch it; we add new layer of inadequate, bolt on security to an already flawed approach; then they go around it, under it, through it; and, the cycle starts anew. We do the same thing time and time again and hope for a different result. It is insanity and it proves Einstein’s genius. Hence the award.”
The Institute’s new Einstein Prize was prompted by the announcement by the Justice Department of charges against Albert Gonzalez, who along with two unknown Russian co-conspirators is charged with the theft of over 130 million credit and debit card numbers—the largest case of computer crime and information theft in history, according to prosecutors.
Housman said, “To be sure, Mr. Gonzalez is a sophisticated cyber criminal and the approach that he and his co-conspirators utilized was somewhat advanced. However, what is truly frightening is that sophisticated attacks are now the norm not the exception. Government and major company CIO’s and CISO’s constantly tell us that they no longer worry about the vanity hacker, but instead face hostile, advanced, well resourced threats on a daily basis.”
“Yet the systems we rely upon to deal with these sophisticated attackers are not designed to be able to defend against them, nor are they capable of doing so,” he added. “In fact they are actually certified as only secure against non-hostile, inadvertent, unsophisticated attacks—the proverbial teenager in the basement. They are no match for today’s threats, like Gonzalez and his co-conspirators and untold numbers of others like him,” Housman said.
Housman added, “If we want a different result. We need a new approach. There are systems today, such as the Integrity Global Security operating platform and the Tenix Interactive Link Device, that are certified against even the most sophisticated attacks, including by insiders with the source code. They just aren’t widely deployed yet.”