Tuesday

Getting Cybersecurity to Actually Work

September 15, 2014 By 
Recent conferences and industry studies are coming up with the same concerns in cybersecurity. At the heart of it? Current industry methods of securing information processes aren't working very well -- and hackers know it.
As these weaknesses are reported by government, business and academia, our information processes are becoming more complex and connected, adding to increasing cybersecurity threats and cybersecurity exploit opportunities. So why can't we fix this? And what will it take to actually change cybersecurity from a buzzword to a reality?  

What is cyber security?

In one of the many online cybersecurity discussions I've had, someone posed the question, "What do you think cyber security is?"  
Some of the answers were long and complex, but as I reviewed them -- and researched the respondents' backgrounds -- I found that the general answer was this: Cybersecurity was the respondent's specific cybersecurity knowledge, the discipline or a product that he or she promotes. And who is the decision-maker? Primarily, it is an IT person who has similar industry knowledge, disciplines or product biases that are offered to the final decision-maker. These so-called cybersecurity experts include some of the biggest names in IT and some of the most brilliant mathematicians in the world.
But what does this all mean? The way cybersecurity solutions are chosen has more to do with what the technical influencer is comfortable with is less about what is needed to secure the specific process. Additionally, the CEO in most cases is not disciplined in cybersecurity technologies and would have no way of validating this security technology selection.      
Let's assume for discussion purposes, though, that there are no biases in the cybersecurity knowledge base or solution, and the cybersecurity technical influencer puts the best known cybersecurity solutions in place. Will we then be secure?  I have a simple way to answer this question. Can the technologies you have selected authenticate, view, audit, analyze and block your information processing flow by application at the data input level during the data in motion?  If your answer is no, which today is everyone's answer in cybersecurity, then you are not secure. Today, all cybersecurity technologies secure information processes at the data output level either at the network end points or the historical database storage point. These points of security are too late to achieve true cybersecurity -- and hackers know this.      

The hacker's advantage      

There is a simple reason why hackers have an advantage in cyber attacks. They hack in real time, and current cyber technologies analyze the breach at the historical data output level, which can take hours, days or even months to detect. This fact alone will continually put current-day cybersecurity technologies at a disadvantage and is the area of correction that must be addressed.
So how do we tackle these problems today? With bureaucratic reviews, processes, groups and organizations that take years to approve cybersecurity technologies while the hacker just created a new cyber attack exploit yesterday. We are always playing catch-up in cybersecurity, and we need to get in front of these cyber breaches if we are to stop these now devastating cyber attacks.  We need to defend cybersecurity at the point of attack, not after the attack.
The first strike advantage of hackers must be combated with technologies that can are placed at the data-in-motion input level, not at the network end points or data aggregate collection points. This is this common sense part of cybersecurity that the industry must focus on if we are to achieve true real-time cyber security. As our world becomes increasing digitally smart and connected in real-time, we need to adjust our cybersecurity technologies to support these smart technologies. With real-time Internet of Things (IoT) technologies here now and trillions more projected in the near future, we need a paradigm shift in cybersecurity now, or this trillion dollar IoT industrial revolution may have to be put on hold.            

More connections, more problems

Before we discuss solutions to these cybersecurity problems, let's take a look at what the future looks like in our continually interconnected world. From social media to smart phones apps to the IoT promise of smart everything, we are reaching a point of truly not knowing what is connect to what -- and hackers know this. Take the Target breach -- the attacker used backdoor access to the company's energy management systems to then access a server containing confidential customer information. We are increasing digitizing our people and machine processes, and are beginning to lose control of what we are doing.   
We can't just connect anymore. If we are to continually interconnect smart devices to our phones, homes, businesses, transportation systems, buildings, factories, cities and critical infrastructure, we must define what is connected to what, and understand how one could affect another. One weak link from a tiny IoT could take down a power plant or be used to rob your home. We need a technology that can assist in quickly securing and understanding sometimes terabytes of information transfers that take place in our increasing complex digital processes. We must begin to know and manage all this digital info in a smart way, and not just assume or trust that the interconnected hardware, software and people are doing what they are supposed to be doing. We need a Digital Process Management (DPM) system that can, in real-time, manage terabytes of data in motion and data input processes, and have the ability of doing this in milliseconds. That may be a big request, but thinking it through, this is what must be done to achieve true cybersecurity. So what are we doing today?  

How can cybersecurity really work 

It is human nature to do what you have done before and base the correction of problems on these same knowledge-based principles. Both in cybersecurity and big data analytics, the algorithms (mathematical instructions) are basically the current core technology used to secure and understand IT processes. 
These mathematical instructions by nature all have a beginning and end, and are historically built instructions for the information process. Any intelligent digital action activated by an algorithm is then historically based at the data output level of the process action. We currently do not authenticate, view, audit, analyze or block algorithms at the data-in-motion input level. This is the window of exploit opportunity that is leveraged by hackers, and is the Achilles heel of current cybersecurity and analytic approaches. If we agree that all these factual statements are correct, we then must also assume all current cybersecurity technologies are a best deterrents to cyber breaches but can't completely stop cyber attacks, which at last many cybersecurity industry leaders are admitting.        
As a director of ProjectSafety.org and a recognized industry expert in cybersecurity and digital forensics, I urge you to review my video presentation, shown at left, that can actually address the discussed requirements in achieving true real-time data-in-motion cybersecurity. I also act as an advisor to a company called Decision Zone, which offers a patented DPM paradigm shift in cybersecurity that can address our current weaknesses in cybersecurity while putting the technology in front of the data stream -- where the hacker exploits occur. The video covers more than a decade of research from my not-for-profit ProjectSafety.org, which has predicted many of the problems we are seeing in cybersecurity today, and continues to research effective solutions to the now monumental cybersecurity problems we face.

No comments: