Security is about trust. Companies that don’t have complete faith in the vendors or supply chains they use are taking huge risks as businesses and passing those risks onto their customers.
The Common Criteria for Information Technology Security (IT Security) Evaluation aka Common Criteria (CC) provides international standards (ISO/IEC) for computer security certification and has the following objectives:
- to ensure that evaluations of Information Technology (IT) products and protection profiles are performed to high and consistent standards and are seen to contribute significantly to confidence in the security of those products and profiles;
- to improve the availability of evaluated, security-enhanced IT products and protection profiles;
- to eliminate the burden of duplicating evaluations of IT products and protection profiles;
- to continuously improve the efficiency and cost-effectiveness of the evaluation and certification/validation* process for IT products and protection profiles.
CC in the United States
In the United States, the National Information Assurance Partnership (NIAP) is run by a partnership between the public and private sectors and seeks to help validate the security of products made by US manufacturers. The CC provides a framework that government agencies and private companies use as guidelines for technology product security and trustworthiness.
Like any major technology, IT and Internet security remain works in progress and always will be. The teams (“white hats” and “black hats”) change from year to year, but the struggle is eternal.
New Technologies & Paradigms Making Information More Secure
One new potential front in the war against hackers is the use of block chain technology, known as “ledger protocol” that is used by BitCoin and other cryptocurrencies. Block chain is a system that, according to experts, hasn’t been hacked in its short history of eight years.
Another technology that can improve security is Radio Frequency (RF) sensors that are being integrated into communication and Information Operations equipment and Electronic Warfare (EW) Systems.
According to the Threat Information Office at the Center for Security, those in the “shadow economy” who attack IT systems have developed surveillance technology delivered by malware that collects information about a computer system so that the tax can be made on the most vulnerable systems.
Better Information Sharing Needed
Some IT security watchers believe better information sharing between organizations, better-educated people, and better communication would have the greatest impact on stopping security attacks. Technology also has a role to play such as the use of automated machine learning which leverages massive amounts of data, the use of more reliable and secure networks, and faster information flows that would make it difficult for hackers to disrupt computer networks.
Reversing Offshoring of Design, Development, Manufacturing & Support
On a macro scale, the long history of off shoring of critical steps in product development has led to widespread tampering, reverse engineering, and hacking. While offshoring was taking place, the same companies failed to hire experienced and expert talent needed to detect tampering.
New Security Models Needed for Emerging Technologies
Finally, due to the emergence of cloud computing and mobile devices, new security models are needed to deal with the inevitable rise in security problems associated with these platforms.
The following video explains Common Criteria.