This is the first post in a series around Data Centric Security and how Keyless Signature Infrastructure, an industrial blockchain technology, can be used to address modern data security issues.
Bruce Schneier is a renowned expert on all things to do with digital security. His recent post about the growing problems in the Internet of Things explains everything that is both true and frightening about the future. It can be summed up with his line: "On the Internet of Things, integrity and availability threats are much worse than confidentiality threats."
Why is the Internet of Things (IoT) posing such an increased security threat?
- It is everywhere.
- It is 100x bigger than the human internet and more inter-connected.
- It controls real things.
- Its competitive advantage is based on data collection, speed, and action.
The IoT can be likened to the human body, which has millions of interfaces with the outside world that can be vectors for attack. Our bodies' immune systems help us fight intruders that turn out to be bad for us. The good news is: there's an immune system for the IoT as well. We'll discuss that shortly. First, let's talk about those attack surfaces.
The IoT is everywhere
In the good old days, important things were kept locked away, and important things that could not be locked away could be compromised only one at a time. Think the crown jewels versus diamond earrings. To steal the crown jewels would deliver a massive upside but the barriers to entry are high. To steal one pair of diamond earrings from a drawer is easier but the upside is less. This describes the basic approach taken with digital security to date: keep all sensitive assets behind walls and let only authorized people near it. The walls are both physical (datacenter, office buildings) and virtual (firewalls). Perimeter-based security is still the primary security mechanism in use today, despite its increasingly obvious inadequacies, one being insider threat. It's estimated that as many as 55 percent of all breaches are caused by insiders, either on purpose or by accident. Can you ever be sure who you can trust?
And now mobility and the internet have fully destroyed the model because the infrastructure and data have left the building.
The mobile phone network is the largest IoT deployment in the world today. Billions of us use it every day, and it's a useful lens through which to understand the challenges we face with IoT.
Mobile networks are dependent on base stations that are deployed wherever people are, worldwide, in every conceivable environment. These are crown jewels that can't be kept locked away. Nonetheless, we must be able to guarantee that every base station installation and the software running on every base station are exactly the same as the system and software released from our development organizations. In other words, full supply-chain integrity is a basic requirement for deploying mobile phone systems, and mobile network security must not compromised, despite that network being fully distributed out to the remotest and least hospitable environments. Do you trust your mobile network to keep your communication safe? You should be able to trust all digital infrastructure the same way.
The IoT is 100x bigger than the people internet and more interconnected
Five billion people on the planet have mobile access. Now imagine that each person has ten devices. This is where the mythical "50 billion devices" figure originally came from. Future estimations are difficult to do and others have made mistakes before, only to find themselves on the wrong side of the growth curve. When "50 billion devices" happens we cannot be sure, but happen it will. Very quickly, everything with power is being connected. And many things are becoming powered so that they can be connected. Each device represents a system, and more systems are being interconnected. As Bruce notes, the number of potential interactions is increasing exponentially:
“The Internet of Things will make exploitable vulnerabilities much more common. It's simple mathematics. If 100 systems are all interacting with each other, that's about 5,000 interactions and 5,000 potential vulnerabilities resulting from those interactions. If 300 systems are all interacting with each other, that's 45,000 interactions. 1,000 systems: 12.5 million interactions. Most of them will be benign or uninteresting, but some of them will be very damaging.”
Target was compromised via its HVAC system, which then led to the company’s point-of-sale terminals. All these machines are all speaking to each other faster and faster, and none has the emotional and situational awareness to say “this just doesn’t feel right…”
The IoT controls real things
If somebody takes control of your credit card number, they can spend money. If somebody takes control of your connected car, they can choose to kill you. Need we say more?
The IoT's competitive advantage is based on data collection, speed, and action
There is no question that all companies are becoming software companies, and all are entering the data business. They have to “do” before somebody else in their space “does.” Or somebody not in their space“does.” Since the days of the Roman empire, communication and information have always been a competitive advantage. Mobility, broadband, and cloud accelerate this reality to the ultimate level. As time and distance trend to zero with respect to information access, every enabled company has full situational awareness. Competitive advantage comes from understanding vast amounts of data as quickly as possible, in order to take action immediately. As we noted in our paper The Game Has Changed, “The quality of decisions and the ability to trust them will be based on the quality of the data used in making them, and the level of trust that can be placed in that data. Today the assumption is that the data is correct and has not been tampered with. That is very frightening; in the future, assumption needs to be replaced with verifiable proof. Simply: today everybody assumes; tomorrow everybody cannot--this would be akin toNero ignoring the flames."
What are the insights?
It is clear that the paradigms that kept us safe in the past will not keep us safe in the future:
- You cannot hide behind walls.
- You cannot trust anyone or anything.
- You have to assume compromise.
Anti-fragile systems already do this. However, no digital system is anti-fragile today (hence, the lack of cybersecurity insurance). An anti-fragile system is one that becomes stronger as a result of stress (another word for attack). The easiest analogy for this concept is the human body. It has a wall (the skin), but it assumes continual compromise, mediated by the immune system. The body by default trusts that everything entering is not malicious. But, when something bad manages to get inside, the body detects, attacks, and learns to recognize that attacker more quickly the next time. The body becomes stronger through attack (a phenomenon that many believe is being undermined by modern obsessions with cleanliness and antibiotics. But I digress...another blog post for another day, perhaps).
What is the solution?
The body did not throw away skin as it developed the immune system. It did not throw away common sense either. The equivalents of both are needed in the connected digital world. Our "digital immune system" might turn out to be blockchain. Not the bitcoin implementation, but one that offers linear performance to scale, while still implementing a distributed ledger to enable truth rather than trust. We'll soon be diving deep into the issues and potential solutions available.
To return to the opening statement, we believe Bruce is right. We think he is completely right.