A panel discussion involving a group of experts held during DEMO ‘06 in Phoenix last week concluded that the state of security today is not where it should be. But the panelists also had suggestions on how to improve it.

During the conference, which is owned by Network World, former IBMer and consultant John Patrick called together a panel of industry and academic figures to try to answer the question, “Will the good guys be able to stay ahead of the bad guys?” But first Patrick asked the panel to assess the current state of security, and the responses showed that the good guys aren’t necessarily ahead of the bad guys to begin with.

“The state of security is terrible… absolutely abysmal,” said Hilarie Orman, former research scientist and onetime member of DARPA’s Information Technology Office; now CTO and vice president of engineering with Shinkuro, which makes file-sharing software. “It’s difficult to argue there’s a good state of security right now.”

Another panelist reminded the audience that there’s no such thing as perfect security. “It’s a cat-and-mouse game” that the industry plays with hackers, “but we need to bring [the threat] down to a level where we can live with it,” said Partha Dasgupta, an associate professor with Arizona State University’s Fulton School of Engineering.

The good news, according to another panelist, is at least the industry and users are beginning to think about security, yet it is harder to retrofit security onto hardware and software that’s already been built. Nonetheless, both enterprise and consumer products need to find a balance between being secure and being useful, said Charles Palmer, manager of the security, networking, and privacy departments at IBM’s Thomas J. Watson Research Center.

“If [security] makes the system really hard to use or is done wrong, you’ve got a brick,” he said.

One possible solution to the rash of identity theft that has broken out of late is biometrics, where computers scan a finger, face, retina, or other part of the body and save that image for authentication. The problem with biometrics, agreed the panel, is that once a thief learns how to reproduce a fingerprint, the owner can’t change the original.

New technology is being developed that doesn’t actually take a picture of the finger, but some small measurements of the finger’s characteristics, said Palmer, who added that 4% of the population can’t produce good fingerprints and that pineapple juice can temporarily remove a person’s fingerprint.