The TCP/IP stack made it easy for billions of devices to connect over the internet in just a few decades, starting in the 1990s. Now we’re expecting more than 75 billion devices to be connected by 2025. Maybe TCP/IP was too good at its initial mission to ensure easy, rapid connectivity. But that’s just chapter one of the emerging cyber security problem.
Chapter two is even bigger, from both an opportunity and damage standpoint. The key to understanding the risk isn’t to quantify it in terms of more infected computers but rather unauthorized control over physical environments. Bruce Schneier takes us there in his new book Click Here to Kill Everybody: “The Internet, once a virtual abstraction, can now sense and touch the physical world.”
The current defense in depth strategy which has evolved to address stack promiscuity has become so complex even trivial additions to a network can drive significant increases in the operating and capital expenses required for effective defense. We call this reverse correlation (between rising complexity and declining protection) stack fatigue. This was before digitization and the “smart era.”
Digitization is Paving the New Hacker Superhighway
As organizations digitize their office buildings, factories, hospitals and even ships at sea to boost efficiency and productivity, they are exposing critical data and physical system functionality to the internet and cyber attacks. Think of the difference between taking down a hospital billing system and shutting down blood freezers, environmental or even ship controls.
A recent podcast on maritime cybersecurity--in response to an article on Threatpost about how hackers could sink a ship at sea--puts it in perspective. About 10 minutes into in Alex Soukhanov’s (Director and Master Mariner at Moran Cyber) podcast, he coolly explains just how vulnerable the common control systems and sensors in all kinds of smart facilities, floating and terrestrial are today. Smart water and power systems, smart assembly lines, smart navigation all use common sets of smart devices for managing critical systems. These systems control the physical environment. Whomever controls them controls virtually everything.
Digitization is accelerating the convergence of OT/IT infrastructures and in turn creating a new generation of high growth and ultra-permeable attack surfaces. The proliferating attack vectors in this new converged network are increasing complexity, degrading protection and exposing mission critical systems to unauthorized access as even primitive malware can go global in a matter of days.
Indeed, the stakes are higher than ever. HIP anyone?