SANTA CLARA, Calif.—The short term outlook for security is bleak, but a combination of better engineering and more spending should reap long-term benefits, said Paul Kocher, a security expert in a keynote at DesignCon here.
The growing number and complexity of devices will continue to outstrip our ability to secure them for the next few years during which time “we’ll see a lot of failures,” said Kocher, the chief scientist of the cryptography research division of Rambus.
“We’ll have a rocky road ahead for the next decade” given the combination of the emerging Internet of Things with “offensive cyber programs just about every country has,” he said. International Data Corp. predicts within two years 90% of all IT networks will have an IoT-related security breach, he added.
At some point, adding a new feature to a product could reduce its value because it creates more complexity and less security. As an extreme example, he noted that after the Edward Snowden leaks, the Russian guard and the India High Commission both switched from using PCs to typewriters.
“We have to have stronger foundations for security and correct assumptions about software quality,” Kocher said, noting engineers must assume all products —software or hardware — will have bugs. “The ability of the tech industry to change the world depends on solving these problems,” he said.
Kocher predicted the industry’s spending on security will grow faster than other areas, just as aviation and pharmaceutical industries have focused on safety.
The good news is a wider variety of security components are becoming widely used from SIM cards to trusted platform modules. And the costs of adding good security are declining from a few dollars for discrete chips to a few cents for blocks on an SoC.
“I’m most optimistic about doing things in SoCs better” such as supporting multiple secure domains, he said.