[This post contains text I’m trying out for a new writing project on cybersecurity in the mobile age. I might be posting more such stuff in the future]
In an ideal world, we share with other people directly. We speak quietly face-to-face, gesture, and draw occasional images.
In the real world, most people are too far away to hear our words. We use cell phones and other mobile devices to carry our words farther.
Today’s mobile devices try to solve the deceptively simple problem of sharing text, images, and words. The natural world restricts the power of our voices and the range of our messages. Misunderstandings that already happen face-to-face are multiplied when we restrict our messages to text, images, and sounds.
Human error also limits communication. Early systems relied on couriers relay messages between stations. In the late 1700s, the first “telegraphs” appeared. These optical systems transmitted the message’s contents instead of message’s paper. A telegraph station sent a message one letter at a time by setting signal flags. Nearby stations observed, transcribed, and then relayed messages using their own flags.
The electric telegraph spawned a high-speed communications network that spanned the globe. It pioneered solutions to many problems in long-distance communications. For example, the “electric relay” automatically transformed a weak signal from one telegraph wire to a strong signal on another wire. This moved messages faster and more reliably.
Our information and data faces its biggest risks while traveling in messages. People have always tried to copy, forge, or block import or valuable communications. Automated systems eliminated many opportunities for error or interference, but people still managed to attack communications.
Sources of Risks
Communications may fail through either natural or human interference. The laws of physics and other properties of the natural world interfere with communications technologies as well as with human speech. Like the human voice, electromagnetic signals fade over distance. Electric motors and other technologies can scramble signals, just like background noise makes voices harder to hear.
The first challenge in communications technology is to handle natural forms of interference. The evolution of telegraph, telephone, and radio systems was originally driven by these problems. [ give examples ]
Modern mobile systems face a broader range of interference risks. A mobile smart phone or similar personal device faces threats from attackers – people. [expand] [Explain how security technology has changed].
The word “security” can have several meanings. In cybersecurity, effective security provides confidence that a system operates as expected. Effective security prevents unexpected or undesirable behavior.
We can’t block all possible attacks and still use our mobile devices. We make trade-offs between the mobile features we want to use and the risks we face.
The decision is like travel in a large city. No city is 100% safe. Some streets are safer than others, but the most interesting areas may be in riskier neighborhoods. City natives and visitors alike take risks when the benefits seem justified.
Companies that sell mobile products or services try to address the major risks. Testing and other quality assurance procedures seek major problems and ensure they are fixed. These efforts are limited by cost. Effort spent on testing and problem resolution raise the product’s cost. Lower-priority problems remain unfixed to save money.
How do we know that an unfixed problem will cause us harm? We don’t. We must accept the risk of unfixed problems to purchase less-expensive mobile devices.
The CIA Properties
Information and communications systems have three security-oriented properties, called the CIA properties. They reflect things to protect and directions to attack:
- Confidentiality – restricting the flow of our information to people and environments we choose.
- Integrity – ensuring that our information is stored, transmitted, and used without unexpected changes made to it.
- Availability – ensuring that we can use and communicate our information when we want.
Attacks and defenses are often classified according to which properties they affect. Eavesdropping affects confidentiality, and encryption can block eavesdropping attacks. Distributed denial of service attacks affect availability, and geographical redundancy often mitigates such attacks.