Government Cyber Security Policies Do More Harm Than Good

We’re not saying that your government is out to get you.

What we are saying is that many of the latest cyber security policies instituted by government agencies around the world, ostensibly for the good of the nation, cause more harm to their citizens than good. Especially in the long run.

We look at three of these recent government cyber security policies in more detail below. We examine the stated goal of each security measure against their potential negative consequences.

About Information Security

Cyber security, known formally as information security, has been thrust into the limelight as of late.

Information security is the process of protecting important information from unauthorized access and use. In the last few years, governments around the world have put policies in place that give them more control over information security than ever before. While these policies are generally well meaning, they often leave citizens vulnerable to cyber-attacks.

Now this isn’t meant to lambast the role of government in cyber security. It’s obviously necessary in certain situations, such as espionage or to protect their countries. Yet it’s the way that many of these governments are going about it that is the problem.

Most governments aren’t upfront about their security measures. Instead, they mask all of the information security steps they take as a means to improve cyber security in general. As you’ll see from the examples below, this isn’t always what ends up happening.

Government Malware = More Criminal Malware

Governments have incredible resources to put into the creation of malware. They have the time, money, and experts to create highly effective malware viruses.

Case in point: Stuxnet. Said to be created by the American and Israeli governments to attack Iran’s nuclear plant, the computer worm is one of the most expensive, powerful, and dangerous ever created.

Though the goal of Stuxnet had nothing to do with inflicting harm on American or Israeli citizens, that’s exactly what it helped accomplish. Thanks to criminals that always stay one step ahead of the competition, the processes behind Stuxnet were quickly exploited for criminal use.

In short, dissecting the Stuxnet threat allowed online criminals to replicate its best tricks for their own use. A chief example of this is the Zeus trojan, a type of malware created shortly after Stuxnet was leaked that aids criminals in stealing bank information among other things.

There is no real way to prevent this from happening again in the future. Cyber criminals are incredibly intelligent and use any information available to improve their systems. When that information comes from a powerful resource like a government, all the better for the criminals involved.

Simply put, government malware translates into more sophisticated criminal malware.

Government Support of Zero-Day Black Markets 

Zero-day vulnerability is one of the biggest ways that hackers and cyber criminals exploit holes in software. It’s basically a hole in the software that the software company doesn’t yet know about. Once they learn of it, they’ll work quickly to fix the problem.

Zero-day black markets exist that exploit this vulnerability even further. Instead of notifying the software companies of the problem, these black market companies find zero-day holes and then sell them. Buyers are then able to weaponize these holes if desired, without the knowledge of the software company, before they can be fixed.

Zero-day vulnerability is extremely powerful, making it lucrative to many government agencies. While most governments will buy these zero-day exploits for a “good” cause, all this does is support these black markets.

Using these zero-day exploits instead of disclosing them leaves their citizens vulnerable to cyber criminals that find out about the same zero-day holes. It just makes these black markets even stronger.

Government Restriction and Backdoor Access of Encryption 

Data encryption is one of the best ways to keep online data safe and secure. Yet many governments are threatening this right to privacy.

Chief among them is the United States. Follow the news and you’re sure to have heard about the FBI arguing for companies like Apple and Google to make backdoor access of encrypted data easier.
The stated aim of these efforts is to make it easier for intelligence and security agencies to catch criminals, including terrorists, in the act. Yet giving them permission to access criminal data, naturally opens the doors for them to access the private information of individuals.

Backdoors don’t just leave these systems vulnerable to government interference, they also give criminals an easy path in. As we’ve seen time after time again, online criminals are rarely very far behind top government agencies. In fact, they’re often waiting, one step ahead.

Restricting encryption isn’t good for anyone. While it might help slightly in the quest to catch more criminals, it does much more to increase the vulnerability of citizens. It all but eliminates the rights of people to encrypt their private data.

Even if you’re not doing anything nefarious, it’s your right to use encryption to keep your personal information private. Why would you want to do this? Common examples include keeping bank information and passwords away from prying eyes.

Final Thoughts

Once again, the latest efforts by governments to update their cyber security policies are not meant with ill intent in mind. Yet the vast majority of them do just as much to make these problems worse as they do to fix them.

A better approach focuses more on defense. Instead of planning offensive attacks, such as creating government malware or policing encryption, energy should be spent on defensive tactics. Changing their efforts from offensive to defensive would benefit everyone involved.

Staying up to date on the latest changes is the most important thing you can do to stay safe. Keep your eyes open for the latest information regarding government cyber security. Update your online threat protection system today.

Do all you can to keep your private personal information safe online – because there’s no guarantee your government will do it for you.

We will be happy to hear your thoughts

Leave a reply

*