– Steve Martino, Vice President, Chief Information Security Officer at Cisco, says:
The Internet has already changed the world, but it is the Web’s next phase that will bring the biggest opportunities – and challenges. The Internet of Everything (IoE) is connecting not just traditional devices, such as computers, tablets and phones, but also parking spaces and railroad tracks, streetlights or garbage cans. IoE Strategy
The business possibilities are enormous, but so are the attack vectors. Robust security capabilities—both logical and physical—and privacy policies are critical to the success of IoE. Its growth could be hindered if security capabilities are not combined with policies and processes designed to protect the privacy of both company and customer data. A critical element in play is the many devices from disparate suppliers that organizations will bring into their network as IoE expands. This will raise the network’s threat profile considerably and will necessitate new cybersecurity models that integrate broad-based network visibility and big data collection that can be leveraged through correlation and context and dynamically applied controls. Through this approach, the organization creates the depth of visibility needed to take informed security action and protect against all attack vectors.
New Possibilities, New Threats
The unprecedented levels of connectivity that IoE brings create a vast new field of business possibilities. However, it creates new challenges as well. The most compelling argument for giving the network the capabilities of a giant sensor are the potential threat models that exist. For example, imagine an office with power switches that associate to wireless access points. An attacker sitting in the parking lot of the office could potentially control all of the electrical outlets that are associated with those wireless access points. The attacker could turn off the lights or power down HVAC systems. Now imagine such an event happening in a hospital operating room during surgery. It’s about more than just theft or service disruption.
The billions of new IoE connections increase the attack surface. There is now also considerable threat diversity due to the variety of objects and new ways that they interact, which adversaries can target. The Internet of Everything will inevitably involve a great number of endpoints with not only poor security posture, but also poorly written protocol implementations from OSI Layers 2-7. These commodity devices will contain minimal features and be subject to low margins, meaning that the lowest cost production hardware and software will be used. This parallels the connection of supervisory control and data acquisition (SCADA) systems to IP networks where aging link-layer protocols had additional OSI stacks bolted onto them. As attacks against newer wireless technologies such as Bluetooth and near field communication (NFC) increase, we can see what is on the horizon for early implementations of new IoE devices.
Consequently, security threats continue to grow and change. Cyber criminals are quite creative in coming up with new and unexpected ways to exploit systems and cause damage. It is more important than ever to build additional security capabilities into the network.
Three Security Pillars for IoE
Fortunately, security organizations can be just as agile as malicious actors. By taking a threat-centric, “network as a sensor” approach, IT security teams can leverage mobile, cloud and IoE endpoints in new ways to increase transparency and build actionable information.
There are three pillars that create a sturdy security architecture for IoE. It will enable organizations to enjoy the benefits of IoE while maintaining a high level of data privacy and protection and ensuring reliable, uninterrupted service delivery. The three interconnected pillars are threat awareness, visibility and action.
Threat awareness works with IoE’s fluid perimeter, starting from a place where compromise is assumed and honing our ability to identify threats based on understanding normal and abnormal behavior, identify indicators of compromise, make decisions, and respond rapidly. This requires overcoming complexity and fragmentation in our environments. Once we identify a threat or anomalous behavior we need to take action. This requires the right technologies, processes and people working together—and swiftly—to be effective.
Visibility is an accurate, real-time look into data, devices and the relationships between them, scaling our ability to make sense of billions of devices, applications, and their associated information. This requires true automation and analytics; humans won’t be able to scale with the environment.
Threat awareness and visibility must be joined to action. Security teams will need to get creative in order to move towards fully predictive infrastructure that changes in anticipation of potential. Currently, it’s too expensive and too unwieldy to monitor every single east-west network connection. Security teams are dependent, therefore, on devices that emit data that can be consumed by another device. The goal is to embed security visibility and control into as many devices under IT’s control as possible and combine this with current network policies, making the network a vast, extensible sensor.
The Answer Lies in the Fog
The “action” pillar may be built on fog – fog computing, that is. The fog computing model is one way to address the IoE scale problem, by inserting a gateway between a set of IoE sensors and the data center that gathers data from multiple devices. It then performs initial filtering and correlation before sending higher-order data to the cloud. This fog layer could analyze and correlate events across multiple IoE sensors and identify vulnerabilities. It could then mitigate by ignoring the compromised device and instructing the neighboring sensors to do the same.
Fog computing will eventually become de rigueur as IoE devices multiply and the processing power of network switches and routers increases. While the majority of organizations have critical controls available, they lack the visibility and intelligence needed to update them. The market is shifting to incorporate higher levels of intelligence in the infrastructure, and the ultimate goal is to achieve an environment that is fully predictive and able to use machine-learning algorithms to improve efficiency and security. While security will never be fully automated, moving toward fog computing can result in broad visibility that helps preempt threats with cloud- and network-based intelligence.
The Threat-centric Approach
Security teams have already encountered new types of threats during the emergence of IoE, and others have yet to be devised. In this Wild West phase of IoE, organizations are searching for ways to protect their digital assets. One way to do this is to leverage the intelligence residing within their networks. Their network-connected devices can be used as sensors, which can capture data that gives visibility into how cyber criminals are operating within IoE. This provides the contextual information needed to assess threats and take appropriate action, leading to a safer network.
About the author: Steve Martino is the Vice President and Chief Information Security Officer at Cisco.