Attack Vectors in the… Trillions?
The growing attack surface of the new Industry 4.0 internet is a big problem. On this everyone agrees. But underneath the headlines and the frequent “patch now” warnings from firewall vendors is a more ominous reality few are talking about: the exponential vector problem.
Yes, the attack surface is huge and growing. 127 new devices per second are being connected to the internet, many of them insecure by design, creating a global hacker’s superhighway. Got that. I discussed this in more detail in The Digital Cyber Security Paradox:
In 5 years there will be 75 billion devices connected to the internet, perhaps a few billion insecure and unpatchable. An estimated 2 billion run VxWorks and perhaps a couple hundred million of those will not be patched in any reasonable length of time. – Archimedius
[Here is a great collection of IoT connectivity and market size stats from Cisco, Gartner, etc. on various aspects of the Saganesque “billions and billions” IoT estimates.]
OOPS- We’ve Gone Global
While everyone is focused on the massive, unprecedented growth in the IoT attack surface, the bigger problem is the exponential increase in attack vectors. This quiet reality is buried deep inside the WannaCry/NotPetya “oops- we’ve gone global” cyber attack. Remember when IIoT targets in Ukraine were unintended back doors into the UK health system, Maersk and FedEx? “Exponentially increasing attack vectors” is the hidden byline underneath our growing digital age cyber security malaise.
“Based on France’s experience with trench warfare during World War I, the massive Maginot Line was built in the run-up to World War II… French military experts extolled the Line as a work of genius… The line has since become a metaphor for expensive efforts that offer a false sense of security.”–Wikipedia
The Maginot Line was built based on the assumption that the next French war would be fought based on the technology of the last one. When the Germans quickly and easily conquered France, they did it by simply going around it.
Most firewalls deployed today were architected in the 1990s…. when there was only one way into a network. Today there are trillions of attack vectors and growing.
Old Architectures versus New Realities
Deploy a firewall in front of each device? That would bankrupt most organizations. That is, if they could find enough skilled security pros to manage them. The new digital era problem: how old architectures address new realities. It’s complicated… and expensive… just like the Maginot Line.
A few weeks ago this came up on an episode of theCUBE, recorded after Gabe Lowy published his thought-provoking paper: Securing Critical Infrastructure Against Cyberattack. I mentioned how “we don’t even have the semblance of a Maginot Line when it comes to IIoT infrastructures. And these infrastructures offer access to critical systems in factories, hospitals, cruise ships and even power and water stations.
An Important Realization
At the close of IIoT and Cybersecurity: Apocalypse Now or Later John calls the IIoT problem “one of the most important stories in the tech industry in a long, long time…” He’s right.
Perhaps Mel Brooks saw this futile digital age scenario coming decades ago. Imagine a toll booth sign saying “’Zero Trust’ courtesy of your firewall vendor.” Now that’s comedy, or at least tragicomedy.
This article was written by Gregory Ness, Interim CMO at Tempered Networks. Gregory has an extensive startup background in networking, security, virtualization and cloud computing. He was among the first to point out network and security issues with virtualized IT infrastructures and then emerging cloud operating models, which led to the formation of the Infrastructure 2.0 Working Group with Vint Cerf, Dan Lynch and a host of leaders in the networking industry. Originally the article was published here.