UNDER ideal conditions, military commanders gather all intelligence to gauge the strengths, weaknesses, weapons and deployments of the enemy. War gaming and simulations are run to test strategies that minimise casualties. Only when everything has been thoroughly assessed will action commence. In total contrast to this, organisations suffering IT attacks do none of this. They do not consolidate resources and intelligence to act in unison, but respond individually and share nothing.
To their great advantage, those on the ‘Dark Side’ consolidate resources. They also enjoy the upper hand of surprise while defenders have no such luxury. The Cold War mindset is one of need to know, but that world of secrets is now outmoded. In terms of investment and ability, hacker teams, organised crime and rogue states can outgun individuals, companies and most governments by ten to one. But if the ‘White Forces’ cooperated and amalgamated their efforts that ratio would be a hundred to one in the opposite direction. Sharing experience, tools and strategies with the broadcasting of early warning and updates are the hallmarks of a secure future.
So we are entering a future of cloud networking knowing that firewalls don’t work and malware protection is not enough. We will magnify the attack surface and vulnerabilities by orders of magnitude, and the old approaches to security will not do. We can exploit all the new degrees of freedom in clouds, but we need more. If we do not up our security game, today’s ‘identity threat’ epidemics will be eclipsed by ‘ownership theft’ on a bigger scale. With your car, home, TV and everything else online, electronic dispossession will become yet another uncontrollable epidemic.
To secure the future, we need to apply security at every level, and it all needs to share, not just between people and organisations, but between devices. It has to be proactive in detecting, isolating and destroying malware while repelling hacker attacks. But can we engineer such a future? We have already proved biological exemplars in the form of auto-immune systems. These stand guard looking for threats and respond to change – they are not passive or retrospective; they are pro-active and mostly ahead of the game.
We can envisage hardware and software traps on every chip, card, suite, building, network and device powered by AI with intercommunication spreading new detection updates and security algorithms in real time. The key here is to detect all forms of attack as early as possible to stem any propagation. To do this, any new learning and intelligence has to be embedded in all entities. This is not a science fiction proposition; we have all the components to engineer this future today.
Another advantage is the release of manpower required for war gaming and analysis of ‘Dark Side’ activities and developments. In this context, sharing works to the disadvantage of the ‘Dark Side’. We have to move on from ‘band-aid’ fixes to a scenario of anticipation. Today, it is easy to break in, cause damage, and perpetuate fraud, and most boards do not yet see security as the threat it is. The resources and professionalism necessary to mount effective defences must be recognised. This is not some amateur activity.
In the context of clouds, we have to move in the direction of quarantining devices and facilities until a safe fix is applied. Today, we can only guess, but we might anticipate ‘exclusion times’ lasting minutes and perhaps even an hour, but not days and weeks. And this has to include the omni-present zero-day implants and hidden back doors.
While discussions and high-level thinking are underway, there is nothing concrete in terms of agreed strategies and designs. There might also be an amplified threat as companies and governments rush into the unthinking adoption of the IoT/CoT on the basis of old thinking. Thus, changing mindsets in this arena, in a very short time, might the biggest challenge. ?
Peter Cochrane is an IT consultant and former chief technologist at BT