10.4 What is the Solution?

WHO? Everybody who relies on cyber technology.

WHAT? Is vulnerable to cyber-attack.

WHEN? The lack of viable solutions means that cyber-attack will remain a persistent threat.

WHERE? Even if hardware is made immune to exploit, people remain vulnerable to phishing attack.

WHY? Because anything that proves that you are you can be stolen or duplicated.

Let us be clear, THERE IS NO CURE FOR CYBER-ATTACK. Let me repeat that, THERE IS NO CURE FOR CYBER-ATTACK. No technology today, or any on the foreseeable horizon, can eliminate vulnerability to cyber-attack. The two most common forms of cyber-attack are exploitation and phishing. Exploitation, as we noted last topic, uses software flaws to take control of your computer. Phishing tries to take control of your computer by stealing your login credentials. In the case of exploitation, as we saw, it’s impossible to eliminate software flaws. However, is it possible to prevent your computer from doing harm? As we said, computers are stupid, they will do as instructed regardless of the consequences. But what if computers weren’t stupid, and could avoid taking harmful action? Some might think that artificial intelligence is the answer. Unfortunately it is not. Artificial Intelligence is not the answer for two reasons: 1) We can’t verify machine logic, and 2) Machine logic is not the same as human judgement. We can’t verify machine logic because it is based on software, and as was demonstrated in the last topic, it is impossible to completely test software, so we can never no how it will always react. Also, machine logic is not the same as human judgement. Despite incredible advances in AI, it still can’t pass the Turing Test. Seemingly simple problems for humans remain intractable to machines. For example, consider the following statement: “The boy saw a bike in the shop and wanted it”. The problem is one of ambiguity. “It” could refer to the bike or the shop. As humans, we understand that “it” refers to the bike; the boy wanted the bike, not the shop. For a machine to come to the same conclusion, it would not only need a vast library of general human knowledge, but also the means to differentiate between contradictory concepts. Despite more than a half-century of research, the Turing Test remains standing. Can we make it so hardware can’t be exploited by software? What about quantum computing? 99% of all computers today are based on the same basic hardware design named for John Von Neumann, a mathematics genius who was a computer pioneer like Alan Turing. The brilliance of the Von Neumann architecture is that it allows both instructions and data to be stored in the same memory, resulting in significant processing efficiencies and cost savings. Because the Von Neumann architecture allows data and instructions to share the same memory, hackers try to substitute false data for real instructions to take control of the hardware. This is the primary objective of most all exploits. Quantum computers fundamentally differ from the Von Neumann architecture. Instead of having a separate memory and processor, memory also serves as the processor in a quantum computer. From a high-level view, quantum computers work by loading a program into memory, thereby inducing an unsteady quantum state, then retrieving the answer after the quantum state settles. Quantum computers are not vulnerable to exploits the same as the Von Neumann architecture. Quantum computers, however, are best-suited for specialized math problems, and ill-suited for common problems handled by most standard computers. Even if you’re willing to accept gross inefficiency to attain security, quantum computers remain no less immune to phishing scams than standard computers. The problem is authentication. Authorized users are distinguished by something they are, something they have, or something they know. Unfortunately, all three attributes are vulnerable to duplication or theft. Sadly it also means there is no solution and therefore THERE IS NO CURE FOR CYBER-ATTACK.