“The range of things we were worried about was relatively small,” he said. “We were concerned about nation states intercepting communications and possibly acting as a man in the middle. So our goal was to figure out how to design standards that would alleviate those concerns. That was in the good old days, when email was a text message. You didn’t even have attachments that could reach out and bite you. It was before the World Wide Web.”
Now of course, the cybersecurity challenges are “absolutely enormous,” he says, and the Internet of Things is downright scary.
Moving forward, he says, one of the great challenges is figuring out what really is and isn’t a threat.
For instance, he says, when ecommerce first took off, a lot of effort went into developing cryptographic security to protect credit card information as it traveled from a consumer’s computer to a merchant. But most big security breaches today involve hackers getting credit card information after it is stored in merchants’ computers.
“The catch is, if I am sitting at home using the Internet, when I send my credit card information to Amazon, it’s not in a lot of danger of getting intercepted. It’s in the greatest danger once it gets there.
“This is an example of where we developed a solution to the concerns we could address, yet the thing that was outside our ability to address was the really big problem.”