Sunday, May 24, 2015

"In cyber fight, the strongest does not win"

Interview with Manel Medina, organizer of Symposium on Electronic Crime Research, Barcelona, May 25th to 29th, y co-author of book "Cibercrimen" (cybercrime).

Manel Medina is a quiet man who does not imagine himself raising his voice. Lifelong Professor, with its eternal bow tie, he is a sort of Indiana Jones of computer security. In 1994 he created the first Spanish Computer Emergency Response Team (CERT), at the Polytechnic University of Catalonia (UPC), and became inmersed into cybersecurity when no one else were around the subject.

With age comes wisdom and thanks to his seniority, Medina has very clear and personal ideas about this world, that he catches with eagle eye. He is scientific coordinator of Anti Phishing Working Group (APWG) in Europe, has founded pioneer enterprises as the one dedicated to Safelayer digital certification, and in recent years has worked for the European Security Agency (ENISA), from the beautiful island Crete. We do not have room enough for reviewing his curriculum, so we better talk to him.

How did you get into this?
Slowly. A student wanted to do a PhD in computer security, then another one, then I wanted to help them to work in what they liked and I discovered that they Society need them (us), as soon as they (we) were well prepared professionals to face the new challenges that Internet criminals arose.

And what is your motivation to keep on?
Today there are many competent professionals, but companies still need many more, and the opportunity to train them with masters such as we have created at the UPC is a nice reward.

Do you have a hero?
I've never liked having to choose, so I could not do among the professionals at the technical direction of esCERT-UPC. They have made it sustainable for 20 years and it is downright heroic.

What worries you about cyber security?
Undoubtedly, the lack of resources. We still find more investment in physical security than in cybersecurity, but economic losses caused by cybercriminals are already higher than those incurred by traditional methods. Cybercriminals are more efficient to invest in developing cyber attacks, than businesses and organizations in their own defense.

And what do you like about it?
Cybersecurity has "sex appeal" and that is a strong point of attraction. But if we want to get serious, in cyber fight the strongest does not win, but the smartest; and the intelligence has always been very attractive to me. Among cybersecurity professionals there are very smart people and I love being around them.

Are governments really aware about computer security or they just like to play cyberwar?
Governments and legislators are too slow and shy in tackling the problem. It will require that any "western" country is left in the dark over 12h, as happened to Turkey to smarten up. Some governments, like the US or UK, which are investing heavily in enhancing cybersecurity for their industries and companies, in exchange for having them ready to repel potential cyber attacks nationwide. Other governments just fine on those who suffer an attack... to finish them off.

Do you share what they say in America: that Europe uses privacy laws to restrain competition and not by real awareness?
No. I believe that privacy is a fundamental right and we must fight to prevent multinational marketing companies to invade our privacy for business. But if we the citizens were aware and better trained, it possibly would not be necessary to over-legislate.

Have you ever suffered virus?
Fortunately only advertising virus or "adware", although the virus concept is outdated. Now we've "spyware" and you should ask me again in four or five years if I am infected, for that is what it takes to discover infected PCs. We have moved from influenza type virus programs, to AIDS type, with very long periods of "incubation" or latency.

Will AI finish human race?
Who says it? Giving power to people without "real" intelligence is what will finish human race.

Is there any sentence, not from your passwords, guiding your footsteps?
I am not guided by any particular sentence. I am happy making happy those who are on my side, learning from them, and helping the needy ones (for tech support).

Author: Mercè Molist


Post a Comment