Information Technology Reference
In-Depth Information
about time that we declare simplicity. The trend until very recently was first of all
security. Let it be secure because you know what will happen to our infrastructure if
someone penetrates it. And security was given the highest priority and the result was a
complex system that on-one used and therefore left everyone exposed. What I am trying
to propose is that we put simplicity on the agenda with the highest priority so that it is
more affordable for the defence of all organisations. And certainly, through the subject
matter of this workshop, the focus should be on the various infrastructure organisations
that have been mentioned.
Handy
: Fifteen to twenty years ago, when we had the Cold War, I think we were all
on risk avoiding systems. But now I think you are saying that risk avoidance is the better
way to go, and from a banking perspective, it might be profitable to only lose ten million
dollars a year while you making a hundred million. But from the NATO and national
security points of view, do we accept the risk of losing or compromising some of our
national secrets using this digital signature type of strategy?
Aharoni
: I agree completely and I will give you an example that I always give when I
went to sell our security solutions in the US. By the way I do not know how aware you
are of this, but the approach to security in the US is very different than it is in Europe and
very different in the Far East. Things that the US look at are completely different from
Europe. But when selling security products in the US, I received a sort of well-
cooordinated attack; I was shown a cell phone and asked what was my security good for?
Did I know that in the Los Angeles area one in every three cell phones is a clone? Why
in the LA area and not in other areas? I did not know. But the point is that cell phone
companies know in advance the risk that they take every year and the expense that this
puts on their budget. And they know that in the danger area they make a lot of money
and in other areas they do not make a lot of money. But it is all under control and the
risk is calculated economically and they can budget this in. When you talk about
sensitive security organisations, when you talk about compromising data of national
importance, how do you actually perform this economic calculation or its equivalent?
Someone must be making these calculations because they are putting a limit on the
amount of resources that they put into security; of course this highlights the need for this
calculation even more so for financial organisations.
Vellone
: We began with digital signature but now we are discussing security. I think
that we should keep digital signature and security completely separate. They use the
same tools of asymmetric encryption but they are completely different finalities. If I
send a bill I do not care about security, only about confidentiality. But I have to be
secure in the knowledge that my signature will not be counterfeited. This could be the
same requirement for the digital signature. I appreciate very much that you mentioned
authentication of digital signature and security in three diferent channels. These channels
should remain, in my opinion, completely separate. So we could consider the mechanism
for digital signature as an application at a different level from security. When we talk
about authentication and authentication using the digital signature, in this case we are
talking about security and we are entering another field. So if you talk about digital
signature you must remain with the two main requirements of integrity and a possibility
for a third party to attribute the responsibility of the assigned competent people. Is this
correct?
Search WWH ::
Custom Search