As Americans, most of us are justifiably proud to proclaim our country as “the land of the free and the home of the brave.” Fortunately, our freedom remains steadfast and our bravery still shines in times of need. A heartfelt thank you to all the service people out there that continue to fight for us to uphold these truths. From a networking perspective, however, America needs to be brave if it’s going to continue to enable a false sense of cyber security in vital business operations and critical systems infrastructure.
In fact, a more appropriate nationwide idiom for cyber America today may be “the Land of the vulnerable and the home of the pseudo-secure” because today’s most widely accepted methods of cyber security can’t possibly keep pace with the exponentially expanding Internet of Things (IOT) and increased intelligence abilities of hackers worldwide.
A virtual cornucopia of devices is being connected to the networks of American businesses and vital Industrial Control Systems (ICS) every day. Increasing layers of firewalls and flavor-of-the-day security patches serve as mere Band-Aids to protect our most critical data and networks vital to our national security and public safety. Unfortunately, Band-Aids are great cover-ups for minor scrapes and cuts, but they’re not meant to provide serious protection against dangerous infection or debilitating viruses.
A recent incident of foreign espionage threatening our national security came from a group called the Shadow Brokers. This is a bad actor who gained notoriety back in early August for its successful hack of the National Security Agency (NSA) by holding an online auction of files tied to the Equation Group of the NSA. It all started with something as seemingly harmless as a Tweet. The nefarious nature of that Tweet, however, was the real problem because it contained a link to a page that had references and instructions for obtaining and decrypting the content associated with tools and exploitation methods used by the NSA. Experts have since deemed the auction as a fake, but not the files and tools associated with it, which included those used to hack the firewalls of such high-profile vendors as Cisco, Fortinet, and Juniper.
For more insight into the sadly vulnerable nature of our current networking and security state of the union, consider the National Cybersecurity and Communications Integration Center (NCCIC)/Industrial Control Systems Cyber Emergency Response Team(ICS-CERT) Vulnerability Coordination Reportfor 2015. It states that the number of known vulnerabilities reported to ICS Cert in 2010 was only 37. That number increased to an alarming 245 in 2014 and all the way up to 427 in 2015. Furthermore, the equipment in North America stayed vulnerable for an average duration of over five and a half years! These are not acceptable figures for the Department of Homeland Defense (DHS) who spearheads the NCCIC. Business and our government agencies need to establish better methods for maintaining secure networks into the new era of explosive connected growth.
One of the biggest culprits of vulnerability is the rise in alerts concerning encryption and authentication issues. Research shows that the number of cumulative alerts related to these problems has risen from just over 500 back in January of 2013 to almost 3,000 in April of 2016. If that current pace keeps up, we can expect the numbers to show cumulative alerts will have increased to almost 10,000 by the end of 2016.
Unfortunately, many users have a false sense of security in particular when it comes to secure connections like those provided by HTTPS and SSL certificates. Currently accepted, but vastly inferior methods of cryptography are mistakenly considered a nearly foolproof form of security, especially in the supervisory control and data acquisition (SCADA) systems world. Because users have faith that their connection is secure, they tend to relax on password complexity. When you combine this lazy use of simplistic passwords with a high known rate and duration of vulnerability, you get a very dangerously expanding and seriously concerning attack vector.
American businesses and ICS administrators simply need to find more effective ways of diminishing vulnerability, while also enhancing operational efficiency to match the speed and demand of the growing IOT and the global marketplace. We must accept the fact that the new world is one where nearly everything is going to be connected. Therefore, everything needs to be protected as well.
IP addresses associated with each device in this new IOT world are what represents the very nature of system vulnerability and the myth of pseudo-security. Next-level cryptographic identity is needed on every device, whether it’s a network managing a critical ICS or a home-based voice activated assistant like Amazon Echo. By replacing the vulnerable IP address of each device with a unique cryptographic identity, businesses can achieve superior security, faster connectivity, cloaking, micro-segmentation, mobility, failover, and revocation for any IP address, anytime, anywhere—instantly.
About the Author
Marc Kaplan is the VP of Security Architecture and Services at Tempered Networks where he is responsible for defining and designing best practices reference architectures that function across operational and information technologies. He has deep security and networking knowledge from hands-on experience in working with clients ranging from fortune 500 companies to federal agencies. Kaplan’s most recent role was Co-founder and CEO of Gomazu. Previously, he was the Sr. Director Worldwide Security Field Systems Engineering at F5 Networks, where he was instrumental to the company’s security business growth as a compliment to the core application delivery focus. Prior to F5, Kaplan was a technical lead at Nokia Security Products and held various leadership positions in product management and field systems engineering.
