Attack Vectors in the… Trillions?
127 new devices per second are being connected to the internet, many of them insecure by design, creating a global hacker’s superhighway. I discussed this in more detail in The Digital Cyber Security Paradox:
In 5 years there will be 75 billion devices connected to the internet, perhaps a few billion insecure and unpatchable. An estimated 2 billion run VxWorks and perhaps a couple hundred million of those will not be patched in any reasonable length of time. - Archimedius
[Here is a great collection of IoT connectivity and market size stats from Cisco, Gartner, etc. on various aspects of the Saganesque “billions and billions” IoT estimates.]
OOPS, We’ve Gone Global
While everyone is focused on the massive, unprecedented growth in the IoT attack surface, the bigger, lethal problem is the exponential increase in attack vectors, which enable lateral movement around firewalls. This flaw is the bigger reality buried deep inside the WannaCry/NotPetya “oops- we’ve gone global” cyberattack, when IIoT targets in Ukraine were unintended backdoors into the UK health system, Maersk and FedEx. It’s also the hidden byline underneath recent waves of ransomware outbreaks and our growing digital age cybersecurity malaise.
The Maginot Line, when lateral movement trumped massive security investments.
Based on France's experience with trench warfare during World War I, the massive Maginot Line was built in the run-up to World War II... French military experts extolled the Line as a work of genius… The line has since become a metaphor for expensive efforts that offer a false sense of security.”- Wikipedia
The Maginot Line was built based on the assumption that the next French war would be fought based on the technology of the last one. When the Germans quickly and easily conquered France, they did it by simply going around it.
Most firewalls deployed today were architected in the 1990s…. when there was only one way into a network. Today there are trillions of attack vectors and growing.
Old Architectures versus New Realities
Deploy a firewall in front of each device or for each vector? That would bankrupt most organizations, if they could find enough skilled security pros to manage them. So we have a new digital era problem: how do old architectures address new realities? They can’t.
A few weeks ago this came up on theCUBE, recorded after Gabe Lowy published his thought-provoking paper: Securing Critical Infrastructure Against Cyberattack. I talked about how “we don’t even have the semblance of a Maginot Line when it comes to IIoT infrastructures. At the close of IIoT and Cybersecurity: Apocalypse Now or Later John calls the IIoT vector problem “one of the most important stories in the tech industry in a long, long time…” I think he’s right.
Perhaps Mel Brooks saw this futile digital age scenario coming decades ago.