Posted by: Greg Ness | April 15, 2019

Converged Infrastructure: The Cyber Security Stakes are Higher than Ever

Stakes are Higher Than Ever

Promiscuous Connectivity

The TCP/IP stack made it easy for billions of devices to connect over the internet in just a few decades, starting in the 1990s. Now we’re expecting more than 75 billion devices to be connected by 2025. Maybe TCP/IP was too good at its initial mission to ensure easy, rapid connectivity. But that’s just chapter one of the emerging cyber security problem.

Chapter two is even bigger, from both an opportunity and damage standpoint. The key to understanding the risk isn’t to quantify it in terms of more infected computers but rather unauthorized control over physical environments. Bruce Schneier takes us there in his new book Click Here to Kill Everybody: “The Internet, once a virtual abstraction, can now sense and touch the physical world.”

The current defense in depth strategy which has evolved to address stack promiscuity has become so complex even trivial additions to a network can drive significant increases in the operating and capital expenses required for effective defense.  We call this reverse correlation (between rising complexity and declining protection) stack fatigue.  This was before digitization and the “smart era.”

Digitization is Paving the New Hacker Superhighway

As organizations digitize their office buildings, factories, hospitals and even ships at sea to boost efficiency and productivity, they are exposing critical data and physical system functionality to the internet and cyber attacks. Think of the difference between taking down a hospital billing system and shutting down blood freezers, environmental or even ship controls.

A recent podcast on maritime cybersecurity in response to an article on Threatpost about how hackers could sink a ship at sea puts it in perspective.  About ten-plus minutes in Alex Soukhanov, Director and Master Mariner at Moran Cyber coolly explains just how vulnerable the common control systems and sensors in all kinds of smart facilities, floating and terrestrial. Smart water and power systems, smart assembly lines, smart navigation all use common sets of smart devises for managing critical systems.

These systems control the physical environment. Whomever controls them controls virtually everything.

Digitization is accelerating the convergence of OT/IT infrastructures and in turn creating a new generation of high growth and ultra-permeable attack surfaces. The proliferating attack vectors in this new converged network are increasing complexity, degrading protection and exposing mission critical systems to unauthorized access as even primitive malware can go global in a matter of days.

And this just in: “Vulnerabilities discovered in industrial equipment increased 30% in 2018:

The number of vulnerabilities discovered in industrial control systems (ICS) grew 30% in 2018 compared to the prior year, with the share of critical or high severity vulnerabilities increasing by 17%, according to a report from Positive Technologies published Thursday.

Targeting of devices used in industrial, energy infrastructure, and manufacturing settings has increased over the past several years, as state-sponsored groups have sought to gain access to industrial systems for espionage purposes.

Indeed, the stakes are higher than ever. HIP anyone?


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s


%d bloggers like this: