Posted by: Greg Ness | October 29, 2019

The Firewall Chasm is…

Network Effects are Powerful


Since the early days of TCP/IP, connectivity has created waves of multi-billion-dollar markets, seemingly out of thin air. All of the successes have had one thing in common: they created unprecedented network effects.

The 1990s ushered in the power of network effects. New levels of connectivity and scale allowed consumers then enterprises to deliver content and services virtually. The consumer web blended with the enterprise web, supply chains and so on.

The TCP/IP stack (developed almost fifty years ago) underneath this connectivity was promiscuous by design, almost to a fault. From communications to commerce we saw a radical reduction in friction and fortunes shift from manufacturers and services to connectors.

[Note: The “radical reduction in friction” link is to Bill Janeway’s amazing 2016 Future in Review keynote (start at 7 minutes in) on Flows. This is a must see for anyone interested in tech and economics.]

Network Effects are More Powerful than TCP/IP Inventors Could Imagine

Network effects have become more powerful than anything envisioned by the creators of the TCP/IP stack. Wave after wave of devices and functions, from supercomputers and dumb terminals to today’s industrial internet of things (IIoT) have been connected. And the connection process is still underway. The results are profound on almost unimaginable scales.

We’re still underestimating the power of network effects, this time to our detriment.

Let me first take you through some examples of the power and transformation underway in this new IIoT networking era. A commercial real estate developer can almost immediately increase the value of a portfolio of buildings by connecting their environmental controls to the cloud so that heating, cooling, etc. can be managed much more efficiently and at scale. Similar network effects play out in manufacturing, health care and even maritime, from smart factories and hospitals to advanced ships at sea.

Air Gaps Protected Sensors and Controls from Cyber Mayhem

Vast transformations taking place at the edge as it connects and interacts with the cloud are changing the fundamental chemistry of the internet from the standpoint of remote control of physical infrastructure. In effect, we’re creating “programmable perimeters” of sensors, controls and devices once built and installed exclusively for local/onsite control.

This massive leap from onsite to remote control crosses the air gap, the previous defense mechanism protecting the physical control of a facility from cyber mayhem. Because they were previously air gapped, very few of the billions of IIoT devices deployed had either cyber security designed in or even allowed for security updates (commonly known as patches).

Network Effects are Double-Edged Swords (they cut both ways)

Network Effects PowerfulI talked about this issue in more detail at The Digital Cyber Security Paradox and in a recent theCUBE panel with Gabe Lowy (author of  Securing Critical Infrastructure against Cyberattack [IIOT Cybersecurity: Apocalypse Now or Later].

Billions of industrial controls are already connected to the network, to the internet. And hundreds of millions are insecure and may never be patched. This level of susceptibility of facilities and data, makes the preconditions to the creation of the firewall industry in the 1990s trivial by any measure. And that is the core challenge of our digital generation IMHO.

The Firewall Chasm is… IIoT

While nations fret about “unskilled” workers at their borders ( a hint back to that Janeway address you probably passed over because the internet has shrank your attention span) the bigger problem is “skilled” workers easily traversing networks and nations.

We Need a New Firewall Vision based on the Concept of an Air Gap: We Need an Airwall

The firewall was created in parallel with the rise of network security.  First came the network, then came network security. Now we have an internet enabling remote control of our physical places/spaces… an Internet of Places. We need secure networking, in the form of an Airwall, an air gap firewall built specifically for the secure networking demands of the digital age.

What are those demands?  Think Purdue Model cybersecurity based on IIoT  (versus IT) cybersecurity requirements. We need to shift our thinking from the “next-generation” UTM-think (“defense in depth” kluge of layers and logs and skills shortages) to a fundamentally new approach to secure networking for IIoT. Otherwise this new digital age is a nightmare.


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s


%d bloggers like this: