DARPA Director Calls for Cybersecurity Change

November 7, 2014 By Larry Karisny

A recent C-SPAN interview with Dr. Arati Prabhakar, director of the Defense Advanced Research Projects Agency (DARPA), conducted by Mary Jordon from the Washington Post, gave credence to my three previous articles this yearconcerning how we defend ourselves against cyber attacks.

As Prabhakar stated: "The attacks are happening in microseconds, so today all we can do is patch and pray, and keep throwing human beings at the problem. We are looking for a fundamentally different way to get faster than the pace of the growth of the threat."  

Clearly the realization has hit that real-time cybersecurity is now a necessity, and it has reached the point of requiring big changes in how we are going to fix it. 

What we are doing wrong

The basis of today's information processing technologies historically aggregate information for distribution or processing such as initiating machine control system event actions across the predetermined information system processes. The very reason hackers can hack is because information processing transfer and aggregation data is historically transported and stored.  We encrypted at the end points and we store data at the historical data output level.  

This time window allows hackers the ability to manipulate these historical information processes and change the information process or machine action that may only take milliseconds to occur.

Today's cybersecurity technologies aren't even in the right place to detect these breaches. If we are to get faster than the pace of the growth, as stated by the director of DARPA, we need to be ahead of machine action microseconds rather than be caught in historical information processes we currently use today.

Why current cybersecurity technologies will continue to fail

Cybersecurity weakness are clearly being disclosed with attacks publicized by all major media outlets almost daily. These disclosed weakness are beginning to concern both customers and major cloud providers. There is mounting evidence that today's cybersecurity technological approaches that have served us well for years may no longer be valid for information processing today and for future technologies like the Internet of Things (IoT). The two areas of concern are how we attempt to secure and analyze information processes through the use of algorithms and analytics. Both of these technologies have the same vulnerability in how they work and how they are hacked. They both operate at the historical data output level. This offer hackers the opportunity to manipulate or breach algorithms and access stored data and, in real time, change the information process.

A hack is really the manipulation of software to exploit a desired action in the information process systems. The problem with all information processing today is that the systems they are all based on are historically sending and retrieving of information at the data output level. This leaves a window of opportunity for hackers. If we are to get faster than the growth of the cyber threat, we must deploy real-time data in motion technologies that are ahead of even millisecond machine actions or we continue to be behind and hackers will maintain their breach advantage. You will find clear explanation of how we could get ahead of the hackers and achieve this needed real time cybersecurity capability in the inserted presentation of the article Getting Cybersecurity to Actually Work.

Why we must change now

The largest explosion of millisecond machine actions will take place when billions of IoT devices are deployed.  Until we find a way to authenticate, view, audit, analyze and block IoT devices often connected to cloud computing, we frankly shouldn't be putting IoT out there. As the security industry saying goes, "money trumps security," and as increasingly more of these IoT product are released, cybersecurity will just be playing catch-up. With potentially billions of these devices being deployed all over the world, this could lead to a cyber attack free-for-all of catastrophic proportions. 

There is a big fundamental problem with securing IoT though. The systems are so small that even today's patch and pray cybersecurity fixes won't work. It is not like you're going to take a $10 IoT device in and ask to download a security upgrade patch. Even if you did, in many cases there wouldn't be enough room in the processor or memory to install the software patch. The need for a new security platform for IoT will be one of the main driving factors for major changes in cybersecurity. There also are reasons today to change cybersecurity, but the pain of unacceptable cybersecurity platforms is just now being recognized in big industry revenue losses by cloud providers.

Why will change will occur? Money!

When the largest stock holders of IBM (Warren Buffett being one of them) lose over a billion dollars in a few days, people will take notice. There were predictions early on about the Snowden effect that disclosed secret relationships with the NSA and top cloud providers. This left an uneasiness in cybersecurity certainly from U.S. adversarial countries like China, but is now is going much deeper to even with US friendly countries and the US itself. How badly these security concerns will affect some of the biggest names in information technology (Cisco, Microsoft, Apple, Oracle, IBM, Google) is just beginning to appear. One thing is for certain, though: These companies must prove that their security platforms actually work or their billions in revenue losses will continue. While existing revenues are lost this time around, even the future trillion dollar revenues in IoT could be lost proving that money will no longer trump security.

Why we must move forward now

As the saying goes, "necessity is the mother of invention." Some of the largest information technologies companies in the world are facing the need to accept a complete paradigm shift in the way they have been processing digital information. With staggering losses of revenues already occurring and more to come, customers are beginning to lose confidence in these Internet technology giants of the past. There must be a proven change in the security and information processing itself if these IT giants are to regain the trust and market share they have enjoyed for many years.

As bad as things are today, though, the biggest loss could be on the horizon: The potential loss of the multi-trillion dollar IoT market. Today's cybersecurity was never intended to secure cloud computing or the billions of future microchip intelligent sensors that could connect to them -- the Internet of Things. From physical microchip  limitations to the inability to decipher billions of machine actions occurring in microseconds, a fundamental change and even a paradigm shift must occur in cybersecurity if we are to allow billions of IoT devices to be deployed all over the world.   

Change is Inevitable

When money, power and intelligence all agree, change is inevitable.  We have reached that point in current cybersecurity limitations and now must focus on the deployment of new security technologies that can protect us now and in the future.  We must get beyond the point of analyzing technology in cybersecurity and must begin to deploy new known cybersecurity technological capabilities. The very future of information processing and the wonderful things it has brought us are dependent on this change.  

Getting Cybersecurity to Actually Work

September 15, 2014 By Larry Karisny

Recent conferences and industry studies are coming up with the same concerns in cybersecurity. At the heart of it? Current industry methods of securing information processes aren't working very well -- and hackers know it.

As these weaknesses are reported by government, business and academia, our information processes are becoming more complex and connected, adding to increasing cybersecurity threats and cybersecurity exploit opportunities. So why can't we fix this? And what will it take to actually change cybersecurity from a buzzword to a reality?  

What is cyber security?

In one of the many online cybersecurity discussions I've had, someone posed the question, "What do you think cyber security is?"  

Some of the answers were long and complex, but as I reviewed them -- and researched the respondents' backgrounds -- I found that the general answer was this: Cybersecurity was the respondent's specific cybersecurity knowledge, the discipline or a product that he or she promotes. And who is the decision-maker? Primarily, it is an IT person who has similar industry knowledge, disciplines or product biases that are offered to the final decision-maker. These so-called cybersecurity experts include some of the biggest names in IT and some of the most brilliant mathematicians in the world.

But what does this all mean? The way cybersecurity solutions are chosen has more to do with what the technical influencer is comfortable with is less about what is needed to secure the specific process. Additionally, the CEO in most cases is not disciplined in cybersecurity technologies and would have no way of validating this security technology selection.      

Let's assume for discussion purposes, though, that there are no biases in the cybersecurity knowledge base or solution, and the cybersecurity technical influencer puts the best known cybersecurity solutions in place. Will we then be secure?  I have a simple way to answer this question. Can the technologies you have selected authenticate, view, audit, analyze and block your information processing flow by application at the data input level during the data in motion?  If your answer is no, which today is everyone's answer in cybersecurity, then you are not secure. Today, all cybersecurity technologies secure information processes at the data output level either at the network end points or the historical database storage point. These points of security are too late to achieve true cybersecurity -- and hackers know this.      

The hacker's advantage      

There is a simple reason why hackers have an advantage in cyber attacks. They hack in real time, and current cyber technologies analyze the breach at the historical data output level, which can take hours, days or even months to detect. This fact alone will continually put current-day cybersecurity technologies at a disadvantage and is the area of correction that must be addressed.

So how do we tackle these problems today? With bureaucratic reviews, processes, groups and organizations that take years to approve cybersecurity technologies while the hacker just created a new cyber attack exploit yesterday. We are always playing catch-up in cybersecurity, and we need to get in front of these cyber breaches if we are to stop these now devastating cyber attacks.  We need to defend cybersecurity at the point of attack, not after the attack.

The first strike advantage of hackers must be combated with technologies that can are placed at the data-in-motion input level, not at the network end points or data aggregate collection points. This is this common sense part of cybersecurity that the industry must focus on if we are to achieve true real-time cyber security. As our world becomes increasing digitally smart and connected in real-time, we need to adjust our cybersecurity technologies to support these smart technologies. With real-time Internet of Things (IoT) technologies here now and trillions more projected in the near future, we need a paradigm shift in cybersecurity now, or this trillion dollar IoT industrial revolution may have to be put on hold.            

More connections, more problems

Before we discuss solutions to these cybersecurity problems, let's take a look at what the future looks like in our continually interconnected world. From social media to smart phones apps to the IoT promise of smart everything, we are reaching a point of truly not knowing what is connect to what -- and hackers know this. Take the Target breach -- the attacker used backdoor access to the company's energy management systems to then access a server containing confidential customer information. We are increasing digitizing our people and machine processes, and are beginning to lose control of what we are doing.   

We can't just connect anymore. If we are to continually interconnect smart devices to our phones, homes, businesses, transportation systems, buildings, factories, cities and critical infrastructure, we must define what is connected to what, and understand how one could affect another. One weak link from a tiny IoT could take down a power plant or be used to rob your home. We need a technology that can assist in quickly securing and understanding sometimes terabytes of information transfers that take place in our increasing complex digital processes. We must begin to know and manage all this digital info in a smart way, and not just assume or trust that the interconnected hardware, software and people are doing what they are supposed to be doing. We need a Digital Process Management (DPM) system that can, in real-time, manage terabytes of data in motion and data input processes, and have the ability of doing this in milliseconds. That may be a big request, but thinking it through, this is what must be done to achieve true cybersecurity. So what are we doing today?  

How can cybersecurity really work 

It is human nature to do what you have done before and base the correction of problems on these same knowledge-based principles. Both in cybersecurity and big data analytics, the algorithms (mathematical instructions) are basically the current core technology used to secure and understand IT processes. 

These mathematical instructions by nature all have a beginning and end, and are historically built instructions for the information process. Any intelligent digital action activated by an algorithm is then historically based at the data output level of the process action. We currently do not authenticate, view, audit, analyze or block algorithms at the data-in-motion input level. This is the window of exploit opportunity that is leveraged by hackers, and is the Achilles heel of current cybersecurity and analytic approaches. If we agree that all these factual statements are correct, we then must also assume all current cybersecurity technologies are a best deterrents to cyber breaches but can't completely stop cyber attacks, which at last many cybersecurity industry leaders are admitting.        

As a director of ProjectSafety.org and a recognized industry expert in cybersecurity and digital forensics, I urge you to review my video presentation, shown at left, that can actually address the discussed requirements in achieving true real-time data-in-motion cybersecurity. I also act as an advisor to a company called Decision Zone, which offers a patented DPM paradigm shift in cybersecurity that can address our current weaknesses in cybersecurity while putting the technology in front of the data stream -- where the hacker exploits occur. The video covers more than a decade of research from my not-for-profit ProjectSafety.org, which has predicted many of the problems we are seeing in cybersecurity today, and continues to research effective solutions to the now monumental cybersecurity problems we face.

A paradigm shift in cybersecurity and analytics

Could real-time eForensics be the Answer to Cybersecurity and Analytics?

by Larry Karisny
June Addition

eForensics may be more than a good name for a magazine. Understanding what digital forensics does in real time may be the holy grail of cybersecurity. The information technlogy security industry explains cybersecurity in terms of complex algorithms or virus detection systems that only a scientist or software developer can understand. In reality what cybersecurity really is just the authenticated use of validated causal actions taking place in a predetermined process that is used to accomplish specific results.

Cybersecurity is achieved when theses action and processes are authenticated, viewed, analyzed, audited, activated or blocked in real time during data in motion. If we can do this we will be secure. We are not doing this today. With the ever increasing demand of security in ever increasing digitally intelligent world it may be time for paradigm shift if we are to reach true cybersecurity. It maybe time for real-time eForensics.

The seen of the crime

Most of us are familiar with forensics in the evaluation of a crime scene. There was a criminal incident that occurred and a team of forensic analysts come in to gather information that might lead to solving the crime. eForensics today is no different. A hack has occurred and a team of specialist sift through mounds of data, software,hardware, processes and people to determine how the systems processes have been breached. The commonality of both these forensic approaches is that they are both reviewing historical information and using tools and techniques that can analyze these historical incidents. These historical forensic approaches can in time possibly solve the crime or cyber breach but neither of these approaches can stop the crime or the hacker in advance.

The current cybersecurity methodologies using passive process monitoring are proving to be the wrong place and the wrong time in attempts to achieve system cybersecurity and intelligence analysis. To accomplish information technology security and intelligence we need to focus on technologies that stop and analyze information technology processes real-time during data in motion. This is where a technology paradigm shift needs to occur in the cybersecurity industry and real -time eForensics can accomplish this. Can our current cyber security and analytic technologies keep up?

Increased varieties of connected devices are being added daily to our already complex intelligent world. Unfortunately these intelligent technologies are being releases by the millions at the cost of increasing cybersecurity threats while using complicated digital intelligence analysis techniques that are neither effective nor can keep up with the amount of data input these system devices and software produce. Cybersecurity experts are beginning to realize that current passive process monitoring using historical data aggregation and database analytics techniques are no longer efficient or effective methodologies for cybersecurity and system intelligence.

Current approaches fail due to the inability to secure or properly analyze the many real-time messaging application actuaries that occur in our incceasingly complex digital intelligent system processes. The current historical passive security and analytical technologies only tell what might have happened after the causal action has occurred not what did happen. Monitoring active process causal actions in the process tell what actually is happening in real-time during networked data in motion which is where the point of new security and process analytics need to occur.

As we are increasingly connecting and interconnecting our digital intelligence in the forms of software, hardware, apps and now Internet of Things (IoT), These casual actions multiply making the process more complex and difficult to track. While these interconnected technologies continue to be leveraged in digital intelligence we are losing control of the where and when point of causal actions that are actually occurring in the system processes. This is point where securing and analyzing causal actions and processes need to be secured and analyzed. We are not doing this today.

Losing control of digital intelligence and cybersecurity

We have reached a point in intelligent operation complexity that even trained operators are not sure what the digital control systems actuators are actually initiating what actions in the process. We are losing control between human to machine and machine to machine system processes while we increasingly interconnected software, cloud and IoT application messages that in many cases are not secured, audited or even seen in the system process.

Causal messages are constantly being sent in real-time during data in motion in these complex system processes and can be exploited to manipulate the process results. Hackers know this and are successfully targeting and exploiting these weaknesses affecting every individual and every industry that uses digital intelligence in their information technology processes. Hackers have already attacked cars, homes, business process systems, factory control system and critical infrastructure control systems by manipulating the causal messaging action within these system processes.

The danger of algorithms and analytics in cybersecurity

For years we have had a false sense of security that was built around mathematical algorithms. This is what the encryption Intrusion Detection System (IDS) security has been based on for years. Recent disclosure of the NSA’s involvement of the control and release of these encryption algorithms and their direct relation with RSA has caused the loss of of considerable trust in cybersecurity industry. This combined with weaknesses found that were not able to be disclosed caused a boycott of major encryption scientists in the last RSA conference. The encryption games are over and for many the use of encryption in security is no longer technically effective and certainly not trusted.

Intrusion Dewtection Systems (IDS) security technologies are no better off now admitting they can’t stop denial of service attacks (DDoS ) while sophisticated and aggressive cyber weapons like Snake and Stuxnet are now part of the arsenal of cyber war weapons with critical infrastructure as its main target. Analytic approaches are also showing their weakness in being used in process action discovery. They are having difficulty even understanding what all the big data means and could fall victims to subjective analyst methodologies to explain what the historical data means. Clearly if we are to secure and understand all these new intelligent actions in our control processes we need new methods and even a new place confirming that these complex and layered control system actions are actually correct.

Adding security while adding intelligence

Intelligent control systems are faced with a two edge sword of needing digital intelligence and securing this intelligence. They need the digital intelligence to assist in physical security and the monitoring complex process systems processes while also faced with making sure this digital intelligence can’t be access or exploited by hackers. In critical infrastructure applications, such as the process control of a power grid, there is no room for error or good enough security. When you have machine to machine (M2M) IoT or cloud services sending actuary messages without human intervention, these system processes must be digital authenticated, viewed, audited and blocked in real-time data in motion in order to be effectively secured and analyzed.

Having focused in critical infrastructure cybersecurity for years, my many industry colleges and I have come to a similar conclusion. The cybersecurity and analytical methodologies used today are flawed and cannot achieve the stringent security requirements or the volume of analytical data needed to protected and understand our increasing complex and interconnected control system operations. In fact both Intrusion Prevention System (IPS) security and Intrusion Detection System (IDS) security methodologies are increasing showing security prevention and detection failures.

Current analytical approaches cannot even scale to address the billions of applications and terabytes of big data need to be evaluuated in the increasing complex processes. We must deploy security technologies that can secure and understand the millions of causal events and interconnected causal events that take place in the control system process on the network. This can be done by using an active business process monitoring process firewall during on the network the data input data in motion point of digital intelligence transfer. This is where the beginning of a new paradigm shift is occurring and where real-time eForensics can be achieved.

The paradigm shift of Intelligent Cybersecurity

A recent MIT paper addressing both physical and digital security found that the current cybersecurity solutions focusing on securing data and networks are 50 year old technologies were really made for the electrical-mechanical processes and not the digital processes. Rather than focus on securing networks and data the study suggested that security must target at the causal action which is the true point of system security. The new approaches detect anomalies not meant in the causal action and system process. The difference in these approaches is determining at what point in the data in motion is the causal identified secured and how it is analyzed.

Layer 7 Firewall is an active monitoring system on the network that secures the device against rogue applications (example: smartphone private information accesses by unauthorized apps.) OSI layer numbers are commonly used to discuss networking topics. A troubleshooter may describe an issue caused by a user to be a layer 8 issue. As the industry jokingly refers this as layer 8, in reality this human to system causal action event is where true authenticated application security must be achieved.

The layer 7 OS firewall can secure the application but there needs to be an additional message intelligence layer if we are to secure active live message applications that are continually active in the transfer of system intelligence. There are constant data in motion message actuaries that are constantly creating real-time causal action in a typical control system process. This is where things really get switch on or off and desired or undesired actions need to be authenticated viewed, audited, activated and blocked. This message application intelligence firewall needs to be placed at the data in motion flow of desired process not the end to end points of data transfer on the network. Securing data end points has been a main stay in cybersecurity for years but can no longer secure the billions of actuaries predicted in cloud and IoT systems.

The intelligent causal action fix

Security companies are beginning to understand the importance of anomaly detection and its relationship to the system process. They all though have the same problem of using historical security and analyzing methodologies in detecting of the anomaly at the data output level. They use algorithms in the protection of the input to output data and then use analytics to determine the anomaly. The end point of these methodologies are at the historical data output level and does not offer the security of digital intelligence or the analysis of the anomaly to take place during the real-time data in motion data input level.

After many years of work and research a patented anomaly detection approach from a company called Decision Zone has uniquely accomplished the ability to authenticate, view, audit, activate and block terabytes of real time digital intelligence in milliseconds at the input data in motion level. Today’s security systems use a passive monitoring collection and aggregation data methodologies on the network and analyzes this information at the historical data output level. Decision Zone offers active application message monitoring on the network using graphical process rules and utilizing its patented causal inference engine. This new intelligent process layer firewall can protect the application infrastructure against any unauthorized causal action or system process.

This significant achievement by Decision-Zone offers a paradigm shift in cybersecurity methodologies by uniquely addressing security and system intelligence at real-time data in motion data input level. It doesn’t not use historical data output or analytics to evaluate the anomaly which is currently allowing hacker a window of system exploit. It uses process logic mapping to validate the interactions of the multiple layers of causal action processes which allows it the ability to even detect human to machine and machine to machine causal action process errors.

If we are going to continue remove to human intervention from our control system processes while allowing layers of human to machine and machine to machine actions to occur in these systems, we must use a method to real time secure and analysis the casual events and the intelligence processes in the system. Decision Zone offers a unique data in motion application message firewall that can authenticate, view, evaluate, audit, activate and block any causal actions across any software, hardware, cloud or IoT platform. For a more thorough explanation of this capability see the presentation Layer 8 Process Firewall (L8PF) or go the decisionzone.com.

Conclusion

Spending years in the networking world I like many of my colleagues considered cybersecurity the protection of the end to end network and its data flow. This information transport has served us for many years but is now showing its weaknesses as does the IPS and IDS security technologies that are currently protected it. With everything today being about the cloud, the app and the IoT, we must apply new security methodologies to secure these growing and ever increasingly interconnected intelligent system technologies.

Hackers are exploiting the causal actions of the process and are manipulating message application system actions to their benefit. We must move the firewall from protection of the output data transport systems to the real-time data in motion data input level if we are to stop these cyber breach actions and achieve true cybersecurity and analytical system intelligence. The use of real-time eForensics in evaluating and security causal events and system processes are critical to the understand and security of digital intelligence today and in the future.

Could real-time eForensics be the Answer to Cybersecurity and Analytics?

eForensics may be more than a good name for a magazine. Understanding what digital forensics does in real time may be the holy grail of cybersecurity. The information technlogy security industry explains cybersecurity in terms of complex algorithms or virus detection systems that only a scientist or software developer can understand. In reality what cybersecurity really is just the authenticated use of validated causal actions

taking place in a predetermined process that is used to accomplish specific results.

Cybersecurity is achieved when theses action and processes are authenticated, viewed, analyzed, audited, activated or blocked in real time during data in motion. If we can do this we will be secure. We are not doing this today. With the ever increasing demand of security in ever increasing digitally intelligent world it may be time for paradigm shift if we are to reach true cybersecurity. It maybe time for real-time eForensics.

The seen of the crime

Most of us are familiar with forensics in the evaluation of a crime scene. There was a criminal incident that occurred and a team of forensic analysts come in to gather information that might lead to solving the crime. eForensics today is no different. A hack has occurred and a team of specialist sift through mounds of data, software,hardware, processes and people to determine how the systems processes have been breached. The commonality of both these forensic approaches is that they are both reviewing historical information and using tools and techniques that can analyze these historical incidents. These historical forensic approaches can in time possibly solve the crime or cyber breach but neither of these approaches can stop the crime or the hacker in advance.

The current cybersecurity methodologies using passive process monitoring are proving to be the wrong place and the wrong time in attempts to achieve system cybersecurity and intelligence analysis. To accomplish information technology security and intelligence we need to focus on technologies that stop and analyze information technology processes real-time during data in motion. This is where a technology paradigm shift needs to occur in the cybersecurity industry and real -time eForensics can accomplish this. Can our current cyber security and analytic technologies keep up?

Increased varieties of connected devices are being added daily to our already complex intelligent world. Unfortunately these intelligent technologies are being releases by the millions at the cost of increasing cybersecurity threats while using complicated digital intelligence analysis techniques that are neither effective nor can keep up with the amount of data input these system devices and software produce. Cybersecurity experts are beginning to realize that current passive process monitoring using historical data aggregation and database analytics techniques are no longer efficient or effective methodologies for cybersecurity and system intelligence.

Current approaches fail due to the inability to secure or properly analyze the many real-time messaging

application actuaries that occur in our incceasingly complex digital intelligent system processes. The current

historical passive security and analytical technologies only tell what might have happened after the causal action has occurred not what did happen. Monitoring active process causal actions in the process ell what actually is happening in real-time during networked data in motion which is where the point of

new security and process analytics need to occur.

As we are increasingly connecting and interconnecting our digital intelligence in the forms of software, hardware, apps and now Internet of Things (IoT), These casual actions multiply making the process more complex and difficult to track. While these interconnected technologies continue to be leveraged in digital intelligence we are losing control of the where and when point of causal actions that are actually occurring in the system processes. This is point where securing and analyzing causal actions and processes need to be secured and analyzed. We are not doing this today.

Losing control of digital intelligence and cybersecurity

We have reached a point in intelligent operation complexity that even trained operators are not sure what

the digital control systems actuators are actually initiating what actions in the process. We are losing control

between human to machine and machine to machine system processes while we increasingly interconnected

software, cloud and IoT application messages that in many cases are not secured, audited or even seen in the system process.

Causal messages are constantly being sent in real-time during data in motion in these complex system processes and can be exploited to manipulate the process results. Hackers know this and are successfully

targeting and exploiting these weaknesses affecting every individual and every industry that uses digital intelligence in their information technology processes. Hackers have already attacked cars, homes, business process systems, factory control system and critical infrastructure control systems by manipulating the causal messaging action within these system processes.

The danger of algorithms and analytics in cybersecurity

For years we have had a false sense of security that was built around mathematical algorithms. This is what the encryption Intrusion Detection System (IDS) security has been based on for years. Recent disclosure of the NSA’s involvement of the control and release of these encryption algorithms and their direct relation with RSA has caused the loss of of considerable trust in cybersecurity industry. This combined with weaknesses found that were not able to be disclosed caused a boycott of major encryption scientists in the last RSA conference. The encryption games are over and for many the use of encryption in security is no longer technically effective and certainly not trusted.

Intrusion Dewtection Systems (IDS) security technologies are no better off now admitting they can’t stop denial of service attacks (DDoS ) while sophisticated and aggressive cyber weapons like Snake and Stuxnet are now part of the arsenal of cyber war weapons with critical infrastructure as its main target. Analytic approaches are also showing their weakness in being used in process action discovery. They are having difficulty even understanding what all the big data means and could fall victims to subjective analyst methodologies to explain what the historical data means. Clearly if we are to secure and understand all these new intelligent actions in our control processes we need new methods and even a new place confirming that these complex and layered control system actions are actually correct.

Adding security while adding intelligence

Intelligent control systems are faced with a two edge sword of needing digital intelligence and securing this intelligence. They need the digital intelligence to assist in physical security and the monitoring complex process systems processes while also faced with making sure this digital intelligence can’t be access or exploited by hackers. In critical infrastructure applications, such as the process control of a power grid, there is no room for error or good enough security. When you have machine to machine (M2M) IoT or cloud services sending actuary messages without human intervention, these system processes must be digital authenticated, viewed, audited and blocked in real-time data in motion in order to be effectively secured and analyzed.

Having focused in critical infrastructure cybersecurity for years, my many industry colleges and I have come to a similar conclusion. The cybersecurity and analytical methodologies used today are flawed and cannot achieve the stringent security requirements or the volume of analytical data needed to protected and understand our increasing complex and interconnected control system operations. In fact both Intrusion Prevention System (IPS) security and Intrusion Detection System (IDS) security methodologies are

increasing showing security prevention and detection failures.

Current analytical approaches cannot even scale to address the billions of applications and terabytes of big data need to be evaluuated in the increasing complex processes. We must deploy security technologies that can secure and understand the millions of causal events and interconnected causal events that take place in the control system process on the network. This can be done by using an active business process monitoring process firewall during on the network the data input data in motion point of digital intelligence transfer. This is where the beginning of a new paradigm shift is occurring and where real-time eForensics can be achieved.

The paradigm shift of Intelligent Cybersecurity

A recent MIT paper addressing both physical and digital security found that the current cybersecurity

solutions focusing on securing data and networks are 50 year old technologies were really made for the

electrical-mechanical processes and not the digital processes. Rather than focus on securing networks and data the study suggested that security must target at the causal action which is the true point of system security. The new approaches detect anomalies not meant in the causal action and system process. The difference in these approaches is determining at what point in the data in motion is the causal identified,

secured and how it is analyzed.

Layer 7 Firewall is an active monitoring system on the network that secures the device against rogue applications (example: smartphone private information accesses by unauthorized apps.) OSI layer numbers are commonly used to discuss networking topics. A troubleshooter may describe an issue caused by a user to be a layer 8 issue. As the industry jokingly refers this as layer 8, in reality this human to system causal action event is where true authenticated application security must be achieved.

The layer 7 OS firewall can secure the application but there needs to be an additional message intelligence

layer if we are to secure active live message applications that are continually active in the transfer of system intelligence. There are constant data in motion message actuaries that are constantly creating real-time causal action in a typical control system process. This is where things really get switch on or off and desired or undesired actions need to be authenticated viewed, audited, activated and blocked. This message application intelligence firewall needs to be placed at the data in motion flow of desired process not the end to end points of data transfer on the network. Securing data end points has been a main stay in cybersecurity for years but can no longer secure the billions of actuaries predicted in cloud and IoT systems.

The intelligent causal action fix

Security companies are beginning to understand the importance of anomaly detection and its relationship

to the system process. They all though have the same problem of using historical security and analyzing methodologies in detecting of the anomaly at the data output level. They use algorithms in the protection of the input to output data and then use analytics to determine the anomaly. The end point of these methodologies are at the historical data output level and does not offer the security of digital intelligence or the analysis of the anomaly to take place during the real-time data in motion data input level.

After many years of work and research a patented anomaly detection approach from a company called

Decision Zone has uniquely accomplished the ability to authenticate, view, audit, activate and block terabytes

of real time digital intelligence in milliseconds at the input data in motion level. Today’s security systems use a passive monitoring collection and aggregation data methodologies on the network and analyzes this information at the historical data output level. Decision Zone offers active application message monitoring on the network using graphical process rules and utilizing its patented causal inference engine. This new intelligent process layer firewall can protect the application infrastructure against any unauthorized causal action or system process.

This significant achievement by Decision-Zone offers a paradigm shift in cybersecurity methodologies by uniquely addressing security and system intelligence at real-time data in motion data input level. It doesn’t not use historical data output or analytics to evaluate the anomaly which is currently allowing hacker a window of system exploit. It uses process logic mapping to validate the interactions of the multiple layers of causal action processes which allows it the ability to even detect human to machine and machine to machine causal action process errors.

If we are going to continue remove to human intervention from our control system processes while allowing

layers of human to machine and machine to machine actions to occur in these systems, we must use a method to real time secure and analysis the casual events and the intelligence processes in the system. Decision Zone offers a unique data in motion application message firewall that can authenticate, view, evaluate, audit, activate and block any causal actions across any software, hardware, cloud or IoT platform. For a more thorough explanation of this capability see the presentation Layer 8 Process Firewall (L8PF) or go the decisionzone.com.

Conclusion

Spending years in the networking world I like many of my colleagues considered cybersecurity the protection

of the end to end network and its data flow. This information transport has served us for many years but is now showing its weaknesses as does the IPS and IDS security technologies that are currently protected it. With everything today being about the cloud, the app and the IoT, we must apply new security methodologies to secure these growing and ever increasingly interconnected intelligent system technologies.

Hackers are exploiting the causal actions of the process and are manipulating message application system actions to their benefit. We must move the firewall from protection of the output data transport systems to the real-time data in motion data input level if we are to stop these cyber breach actions and achieve true cybersecurity and analytical system intelligence. The use of real-time eForensics in evaluating and security causal events and system processes are critical to the understand and security of digital intelligence today and in the future.

Is Cybersecurity Officially Broken?

April 2, 2014 By Larry Karisny
 
NSA disclosures, RSA conference scientist boycotts, University white papers and even cybersecurity supplier contest challenges are validating the weaknesses of our current cybersecurity methodologies.
The old model of "good enough security" is being replaced by a new model of "0 trust security" upon which cybersecurity must be built. Mysterious scientific encryption algorithms combined with the subjective analyses of big data is no longer trusted or even effective in offering true security solutions. And yet we are connecting an explosion of software and devices that enhance or even take over human processes.
We need to deploy cybersecurity technologies that can effectively secure the billions of application process actions, or adversaries will continue to manipulate these application-based technologies that are now the focus of new cyber attacks. The question is how.

 

Hackers Get It

 

I have watched and privately disclosed successful attacks on wireless intelligent devices including smartphones, automobiles, homes and power-grid infrastructure. In doing so I was able to use what I discovered from hackers, then follow cybersecurity industry trends and methods of stopping these breaches.

 

Inside breaches are increasingly being used to penetrate authentication access to systems. Process applications software was being exploited to achieve breaches. Why go through the trouble of breaking complex mathematical algorithms with a supercomputer when it is much simpler to manipulate the processes and process application software to achieve the same results?  

 

While the cybersecurity mathematicians continue to pitch now 50 year old technologies that even MIT considers outdated, hackers simply use the system process application actuaries or action messages as points of exploit. There are three things we do not do very well when securing these action messages. We do not authenticate, view or audit these multiple message actions or the collaborative processes that occur in a typical information technology control or business process.  Instead, the majority of cybersecurity technologies focus on the protection of the network and data. Thus, they are not even looking in the right place to view or audit these process actions. Hackers know this and that is where they can most easily enter.  

 

Securing the Process not the Algorithm 

 

This new focus on cybersecurity at the action of a business or control system process is becoming a welcomed and understandable security methodology to CEOs and COOs around the world. CEOs who understand their organizational processes and actions do not understand how today's cybersecurity products and services work.

 

While mathematicians were making algorithms to scramble and secure data streams, the actual security end point is in actions and collective processes. True security is achieved by authenticating and securing the causal action of the business or system process in real time, not securing data transportation input and output while historically analyzing its causal actions and processes using data analytics.       

 

We today process multiple software message actions without authenticating or confirming the data-in-motion action. This is like turning the key in a car and just assuming the vehicle control system is doing what it is suppose to be doing. This same lack of system causal confirmation is why scientists have been able to demonstrated how an automobile control system can be hacked.  For 0 trust security to actually be achieved, we need methods of monitoring these software process application messages in real-time data with a data-in-motion firewall that can view and audit the causal messaging actions of any control system or process at the data input level.

 

There are real-time anomaly-detection messaging technologies that are beginning to be recognized. The problem in both of these solution approaches is the continued use of mathematical algorithms which are outdated, complicated and breachable. IoT devices often do not even have enough memory to store these complex algorithms. We are beginning to understand that causal actions are the real end points of cybersecuriity.  We now must find new way of securing them.        

 

Control or Lose Control of Digital Intelligence

 

I recognize the benefits of digital intelligence and the many forms it takes in hardware, software, apps and the Internet of Things (IoT).  I like my smartphone and the software apps it runs.  The problem is all these things can be hacked and we are irresponsibly connecting and interconnecting them without concern for security at a pace so fast we are losing control of what these digital devices are actually doing. We are automating without authenticating and actuating without auditing. We just touch an icon and assume the interconnected layers of network, hardware, software, apps and IoT are going to do what we want them to do. Hackers know this and just find the weakest link. 

 

Control systems and processes must have the capabilities to view realtime causal actions at the data-in-motion input level. Whether an authentication breach, network breach, data breach or software application breach, this same methodology must be able to quickly and accurately secure billions of application messaging actions and the interconnected processes they activate.  I discussed these methodologies in detail in my last article, "Time for a Cybersecurity Overhaul." Cloud applications and IoT devices today already have  a bad security track record that will only get worse if we do not change the way we ecure these new technologies that are now at the doorstep of our digital communities.

 

Conclusion  

 

Our digital age had brought us many wonderful technologies and I am not underestimating their importance. But like others in this industry, I am screaming "proceed with caution and find a way to secure this stuff before deploying it."  We have interconnected so many of these digital technologies we have lost control of what the actual business and systems process are doing. We are increasing the use of these technologies exponentially without proper security procedures in place -- like a manager hiring 10,000 employees and saying "don't worry I will never check or even have the ability of knowing what you are doing."

 

We do not understand the power of technologies we use every day.  Hackers do and exploit  these security technology weakness as current cybersecurity suppliers try to improve older technologies that are proving to have outlived their effectiveness. We can't move forward by just putting security patches on what we have and the industry is at last coming to that conclusion.  

 

I would like to offer my own cybersecurity challenge.  If you have a better cybersecurity methodology to secure the projected billions of apps and IoT my not for profit has already researched I will promote your security technology to thousands of my cyber security contacts and submit an article disclosing your capabilities. This much I know. We need to fix cybersecurity now or our digital age could come to a screeching halt.

 

Time for a Cybersecurity Overhaul

January 23, 2014 By Larry Karisny
 
Most of the recent attention on cybersecurity has been directed toward the disclosure of NSA activities and recent corporate breaches now reaching record-breaking levels. Both the public and private sectors are beginning to witness how devastating cyber breaches can be in critical infrastructure, intellectual property, wealth and even state secrets. These attacks are so big that monetary estimates range from $100 billion to $3 trillion, and the extent of  some attacks are still unknown. What is known is that the whole world has had enough, and cybersecurity needs to start living up to its name: security.

How Bad is It?
The infograph World's Biggest Data Breaches gives a sense of the extent of these breaches using information from DataBreaches.net and IdTheftCentre. It summarizes breaches that exceed 50,000 files by year, number and type.  In a recent interview on the CBS program 60 Minutes, National Security Agency (NSA) director Gen. Keith Alexander admitted that “a foreign national could impact and destroy a major portion of our financial system” by placing a virus in our computer systems “and literally take down the U.S. economy.”  The message is clear that things aren’t working properly, and those of us in the industry knew they weren’t working. With a new focus, it might be time to pursue solid security solutions.

While the press has been focused on the NSA collection of cell phone metadata from private U.S. citizens, the real problem is their collaboration with some of the largest cloud tech companies in the world. Forester Research reported that cloud businesses led by HP, Cisco Systems and Microsoft and managed service providers (MSPs) could lose an estimated $180 billion through 2016 in cloud products and services. These losses are directly attributed to disclosures of the NSA spying programs. The concerns were so great, top tech executives met President Barack Obama to discuss their concerns. Snoop agencies are only part of the problem, though, with reports on millions of files hacked from both the public and private sectors annually. Mistakes made by people and systems are the main causes of data breaches. Whether intentional or not, the results are the same, and the cybersecurity industry and the companies it affects seem to need a fresh look -- or maybe even a cybersecurity overhaul.

One of the greatest concerns is that the very industries that are already witnessing security issues are producing and releasing products and services without considering security solutions. The cloud-computing industry is vulnerable to cyber attacks, and worldwide is expected to see double-digit growth rates during the next three years, with revenues reaching $148 billion in 2014 and $207 billion by 2016, according to the Information Technology and Innovation Foundation.

The Internet of Things (IoT) industry has forecast revenues of $8.9 trillion for 2020, and to date has no cybersecurity plan for the trillions of devices it plans to connect to the Internet. Clearly the cybersecurity and related organizations and industries needed a wake-up call, and maybe the recent NSA disclosures will actually help by putting responsible cyber solution in place.

What is Cybersecurity and is it Secure?
The definition of cybersecurity differs depending who in the industry you speak with. In general, some people think it's protecting networks and data, and others think it is having the ability to detect breaches. There are basically two ways cybersecurity is viewed today: You authenticate and encrypt end-to-end data network transport between users and information technologies (Intrusion Prevention Systems or IPS), or you detect what has come though the data stream and try to block or discard suspicious data (Intrusion Detection System or IDS).

Both of these methodologies have faults. Take IPS, for instance. Edward Snowden had top secret clearance and authenticated encrypted access, but left with thousands of files. Typical IPS security alone can’t stop inside authenticated breaches. IDS security technologies finding things like malware, viruses and trojans at the historical stored data output level often are too late in stopping a malicious attack.

Even combined, these technologies leave intentional and unintentional exploit capabilities, which hackers have demonstrated. All these technologies are missing the ability of authenticate, view and audit multiple process actions during real-time data in motion with human and machine action applications. These vulnerabilities leave gaping holes in current cybersecurity solutions and must be addressed quickly as we continue to connect more and more applications to an already insecure Internet cloud.  Customers don’t want to spend billions of dollars for “almost security.”  Tricky back doors and "almost security" are out; real proven solutions are in.

So Who do You Trust?
These NSA revelations were really not surprising to cybersecurity professionals. The NSA purchases many of these capabilities from the private sector. But today, exploit capabilities that were normally disclosed in confidence between computer scientists and vendors are now being marketed in the open by global brokers with little concern about state sovereignty or corporate entity. While people express concerns about NSA activities, at least these activities have some form of centralization and responsibility.  Now we are faced with a form of global cyber ransom in an open market that is decentralized with varying amounts of responsibility.

This new global exploit threat means that security vendors will need to take security more seriously. In the past, the greatest threats to hardware and software vendors were hackers and security researchers who sought the positive exposure of being the ones to discover a new vulnerability. The actual exploit of published vulnerabilities was rare, and in most cases of responsible disclosure, the vendor was given time to release a patch before the vulnerability was published. Now the game has changed.  The penetrate-and-patch cybersecurity market is a short-term solution and actually demonstrates how weak current security methodologies are. Security patching will not be sustainable or trusted by customers in this now open-market free-for-all. Cybersecurity users are now demanding a new methodology.  Trust needs to be built, and the only way to validate these solutions whether offered by government or corporate entity is “show me.”

Moving Forward with Solutions
Old ways of cybersecurity are slowly eroding, and customers will no longer accept the “appearance” of security. Even standards groups such as NIST were not left unscathed from the NSA involvement while they are working with industry on new approaches through the National Cybersecurity Center of Excellence  Even U.S. government contractors with top secret clearance who were poised to have a big part in offering cybersecurity services in areas such as critical infrastructure are now coming under scrutiny, as are big name companies like Apple, Facebook, Google, Yahoo, Cisco, IBM and Oracle.

A recent merger of Mandiant and FireEye is an example of what customers want in cybersecurity.  Security experts expect strong growth in both FireEye's cloud-based systems for detecting malicious software and Mandiant's software that analyzes cyber attacks. This merger is a reflection that customers are now demanding higher levels of cybersecurity services and new technologies for stopping cyber attacks.

A white paper released by Decision Zone discusses one of these new security technologies and clearly demonstrates the need for a paradigm shift to truly prove to customers that cybersecurity can be achieved.  Decision Zone’s anomaly detection technology was actually built on the premise of an easy and inexpensive way to view, authenticate, audit and block process action in real-time at the application level. There is also an added nuance of now assuring the hardware and software they are using is doing what it is supposed to do. Hardware and software cloud companies and service providers will need to embrace technologies such as this if they are to regain trust in the marketplace.

Conclusion
With revenues losses already being seen by major cloud hardware providers, the global message in cybersecurity is clear: The customer still rules. “Good enough” cybersecurity technologies will not be sufficient, only “show me” will suffice. Our world is becoming ever more connected with smart technologies offering cloud-connected apps and devices in the trillions, there has never been a better time to expose the weaknesses of cybersecurity and offer solutions to these vulnerabilities. The digital future of every town, city and country depends on it.

Larry Karisny is the director of ProjectSafety.org, a cybersecurity expert, advisor, consultant, writer and industry speaker focusing on security solutions for mobility, the smart grid and critical infrastructure. He will speak at the Smart Grid Cyber Security Virtual Summit, on February 20, 2014.