Cybersecurity 2016: Out with the Old, in with the New

The costs of cyberattacks have significantly affected corporate bottom lines, and nation-state attacks have threatened the security of entire countries, renewing the focus on and demand for cyberdefense.

BY  JANUARY 13, 2016

In 2015, we determined that the important criteria of cybersecurity include the need for proactive defensive approaches, what weaknesses exist in current cybersecurity technologies, how even billion-dollar systems are being hacked, the current and future dangers if we don't fix these problems, and the need to do this all in milliseconds.
To tackle all of this is a tall order, but as I will discuss in my opening session on Jan. 26 during the four-day ITEXPO in Fort Lauderdale, Fla., we can do this. And here's a sneak preview.
When data communications started, the X.25 protocol — one of the first packet-switching data transmission services ever used — was transmitted over plain old telephone system (POTS) lines or private point-to-point lines. At the time, analog phone lines were prone to interference that often would drop data before being received at the transmission endpoint. To eliminate this possibility, an auditing system validated 8-bit packets that were placed in the data transmission's footer and header. This packet would then be audited and confirmed at both ends of the transmission.
Believe it or not, this was one of the most secure data communication systems ever developed. So what happened?
The 8-bit packets transmitted in the X25 protocol, however, pale in comparison to the terabytes of information that pass through our information networks today. Though this ultimately is a problem, it remains one of the principles behind today's deep packet inspection. When talking to X25 engineers back then, they knew the desire for more connectivity — and data on networks overcame the need for security. This is what really led to the Internet. We needed to find a way to rapidly and economically move all this data over a shared network. The need to distribute information quickly and economically on a network was the first priority as security and auditing the information became an afterthought. Understanding this we can realize why we are using network connection mediums that had known security issues as did the software that these networks and applications ran on. These vulnerabilities lead to a lot of work done on the network layer of cybersecurity with some success. The real danger in cyberattacks though lies not in the network but the software, and more importantly in the processes used in our day-to-day information technologies. This is where the hackers are getting in and can be viewed. This is where we must focus if we are to defend and future-proof information security processes.
Though the term "big data" was a tad overused in recent years, I love it. And when it comes to data, the priority has always been connecting and using data efficiencies — which is why security was pushed to the back burner. The cybersecurity risk analysis dilemma continues to be this: We can make this much this quarter if we use this software, and we can use the efficiency of the Internet to distribute it globally.
From corporations that can add millions to their bottom line to government's struggle with security versus wanting a backdoor in, the insecurity of cybersecurity in the past may have held more value than actually having security.
Things have changed, though.
The costs of cyberattacks have significantly affected corporate bottom lines, and nation-state attacks have threatened the security of entire countries, renewing the focus on and demand for cyberdefense.
In today's IT utility processes, the third- and fourth-generation language software we use links to other software and data to achieve the desired digital processes. These actions are then historically saved in a data log. Current cybersecurity technologies have historically viewed these logs to determine if the system is running properly or if there has been potential exploit. But finding potential flaws can take days, months, even years of manual subjective analysis. If a system breach is found, a software patch is typically put in the system utility — and this is the window of opportunity a hacker leverages, and will continue to leverage, unless targeted security process policies can be audited in front of the utility system processes.
We need to move beyond the utility approach of connecting and moving data from one place to another toward viewing and auditing actual systems process events in real time. We cannot audit algorithms or software in milliseconds, as there is too much data that is ever-increasing in complexity. Auditing software and data at the utility level is too complicated and slow, so to achieve real-time cyberdefense, we must change the way we view and audit targeted system security policies in specific digital process ecosystems proactively.
New approaches are now being hailed by research organizations and standards groups in both the public and private sectors, which also are promoting and investing in this needed cybersecurity paradigm shift. We must move quickly in deploying these new technologies because as cyberattack predictions go, the worst seems yet to come.
When it comes to cyberattacks, we are faced with two simple facts: Current cyberattacks are increasing, and we are going to connect many more things to the Internet. In fact, research firm Gartner predicts that in 2016, there will be 6.8 billion connected devices in use — a 30 percent increase over 2015. By 2020, that number will jump to more than 20 billion.
Cybersecurity experts cite attempted cyberattacks at about 500,000 attacks per minute, and the number of connected devices presents an even greater opportunity for hackers. Trying to defend from cyberattacks using current cybersecurity technologies is no longer feasible. We have neither the people nor the time to defend ourselves against the onslaught. We must drastically automate our cyberdefense approaches or hackers will have too many opportunities to strike — and at best, we will always be caught in patch-and-pray cybersecurity catch-up.
We need to understand software processing languages and business processes if we are really to understand the issues with cybersecurity today. Hackers manipulate software and can change the desired digital process action to their benefit — and can activate these changes in milliseconds.
Whether a network or specific data process application is in use, it all basically runs on software that activates specifically designed processes. From flooding attack points with terabytes of data creating denial of service to tricking employees to accessing centralized data at rest databases, hackers use software as their real-time attack tool — while current cyberdefense solutions often are blind to what is occurring. Thus, the hacking must be addressed by viewing and auditing the critically targeted security policies the event caused by taking action — action that occurs through the use of software, not software or IT utility itself. To do this, our focus must shift from viewing and auditing the IT utility function run today to a more process-focused approach. We must shift our focus from technical assets to critical business processes.
In 2015, some very promising things occurred as far as addressing the known and future problems with our cyberdefense strategies. Many organizations — including the Defense Advanced Research Projects Agency (DARPA), the National Institute of Standards and Technology (NIST), the Institute of Electrical and Electronics Engineers (IEEE), and RSA Security — have been looking at technologies that offer microsecond viewing and auditing intelligence outside of utility function of today's IT processes. These new approaches are more focused on what is happening in workflow security policies rather than how the utility system processes happen.
To understand the importance of this new cyberdefense paradigm, I pose this question: How do you stop a hidden encrypted cyberattack exploit already in your system?
The answer to this shows us why we are always trying to put the wrong cyberdefense technologies at the wrong place at the wrong time. The only way you can stop this attack is by allowing the hacker to activate the exploit and stop it in milliseconds before it disrupts system security policies. This requires a new way of looking at information processes security — and major organizations are beginning to understand the need for these changes.
NIST has done a good job of getting organizations, specifically in critical infrastructure, to find and define both their cyberdefense vulnerability and to establish specific security policies in addressing these potential points of breach.

DARPA has done a good job in calling attention to these security policies in which events may be the function of a microsecond machine actions and, in turn, must be defended in microseconds.
RSA is convinced we need to move from technical utility assets to a critical process approach by establishing business-centric risk assessment processes to transform information security, while the IEEE is focused on a similar approach it calls model-driven security. Even the recently passed Cybersecurity Information Sharing Act of 2015 has emphasized the need for DHS to establish a pilot to test and deploy advanced technologies to improve detection and prevention.
This is a good start to finding new approaches to cybersecurity — approaches that must be put in place if we are to deploy the effective cyberdefense capabilities we so desperately need today.
I will be discussing these new approaches in more detail in my ITEXPO security session opening later this month. Hope to see you there.