What the Apple vs. the FBI Case Indicates for the Future of Encryption & InfoSec
By Brianna Flavin on 03/08/2016
The news has been swarming with updates on the “Apple versus the FBI” case. A company publicly resisting the FBI is catnip for news media. Regardless of which side of the debate you align with, you can’t deny the major implications for the future of encryption, information security (InfoSec) and personal privacy.
Whether you’re up-to-speed on the latest details or not, you’re probably curious about the impact this case will have on the tech industry. It’s hard to predict moments of great historical change before they happen, but for many professionals in information security, this face-off between a private tech company and the federal government might be one hinge the future of data security swings on.
What’s all the hype about, anyway?
People often change the locks when they move into a new house because they aren’t sure who might have a copy of the key. You don’t want any ambiguity about who can unlock your front door and access your home at any moment.
Concern mounts over this case because the only way for Apple to comply with the FBI’s request, as BSSi2 CIO Nick Espinosa explains, is to create code that will crack the personalized UID (unique identifier) encryption they created. That code then exists as a weapon against all phones of the same processing system.
FACT: InfoSec jobs are expected to increase by 18% through 2024.
“A big issue is the power of Apple’s current encryption system,” Espinosa explains. A processor in each phone randomly generates a UID code to protect personal data. As added security against a brute force attack (throwing every possible password combination at the phone,) the data will wipe clean after 10 failed attempts. As you can see, the product is extremely secure.
Apple’s compliance with this request would give the FBI (and whoever else could steal or replicate it) a way to access information on any iPhone. “It’s unreasonable for Apple to make that happen,” Espinosa says. “They are essentially being told to break their own product.”
He believes Apple’s goal is to delay this issue long enough so that it becomes irrelevant. If they break their current system, there is no repairing it. In order to sell secure encryption again, they’d have to significantly re-patch or start over from scratch.
Technically speaking, Apple is on the wrong side of the law. But Espinosa believes their stance has prompted serious calls for new legislation in privacy.
“I think lines are going to be drawn,” Espinosa says. We’re either going to have a government that will allow us to mandate our own privacy or a government with the tools and legal power to invade privacy when they see fit.
The cyber Wild West
Privacy and InfoSec aren’t new concepts. But as the online world evolves and becomes more integrated with our daily lives and interactions, the need for data protection is gaining awareness.
“Even major leaders don’t understand how this security works,” Espinosa says. “It’s this crazy Wild West thing and people just don’t understand how insecure everything is.”
"The next generation of security professionals will be entering an environment even more hostile."
Important systems with valuable or sensitive information are under cyberattack every minute of every day, according to Espinosa. One weak moment of defense can destroy an entire company. In order to protect his clients, Espinosa pits himself against the most vicious, aggressive and creative malware out there to learn its strategy.
“We buy malicious code, play with it and learn how to configure a client’s security stance to stop it,” he explains. “Security is constantly evolving.”
Espinosa emphasizes the need for competent allies in the war against cybercrime. There are no room for egos in cybersecurity. “You want to make each other smarter and more secure,” he says. “The next generation of security professionals will be entering an environment even more hostile.”
The future of encryption & InfoSec
You can see why information security is not only full of excitement, but full of career opportunity as well.
“Security is just coming into its own as an independent discipline and the job market is wide open,” says Ken Smith, associate principal analyst at Secure State. He predicts powerful growth ahead for the industry and the U.S. Bureau of Labor Statistics (BLS) agrees. InfoSec jobs are expected to increase by 18 percent through 2024, which is more than twice the national average for all occupations!
“We’re going to see more aggressive encryption systems,” Espinosa foresees, adding that 2FA (two factor authentication) is already a trend likely to become the new norm as it vastly mitigates your ability to be hacked.
Espinosa says he’s already noticed high demand for InfoSec specialists and awareness is only dawning. “Information security has always been important, but companies are seeing that they can’t just ‘set it and forget it’ when they are constantly under attack.”
Do you want in on the action?
There’s no denying the ample opportunity in the world of InfoSec, and the ‘Apple versus the FBI’ headlines are only highlighting it more. There’s no better time than now to pursue a career in information security, according to Espinosa.
His advice to aspiring InfoSec pros is to keep close tabs on new trends and technologies in the field. The best way to keep a pulse on the industry is by following blogs. Start by checking out this list: 21 Cyber Security Blogs that Keep IT Pros in the Know.