Internet of Things 03-17-2022

Protecting the Digital Planet Against Evolving Threats

Srinivas Kumar
digicert-blogimages-mar22

During the Cold War, a new weapon was built to pierce any shield and for every new weapon, a new shield was built that could not be pierced. This is the infinite game theory about will and resources, and who exhausts one or the other first and drops out of the game.

In terms of cybersecurity, I have been pondering the infinite game concept for over a decade and through multiple startup ventures in this space. We have continued to design shields and weapons, like intrusion detection engines and anomaly detection powered by threat intelligence, rules grammar, regular expressions, probability theory, and deductive, inductive and abductive reasoning. Yet, despite all this, the industry is still exposed to high-profile data breaches and ransomware. What are we missing? That is the question. Perhaps the answer is that we may be solving the wrong problem.

Protect the IoT against tomorrow’s threats

When it comes to cybersecurity for the Internet of Things (IoT), we need to examine not just where the problem lies today, but also, more importantly, where it may manifest again tomorrow. The 5G network and cloud at the edge are poised to be radical game-changers in our lives. What we are observing today is far beyond digital transformation and data brokers. Google is no longer about a search engine, but about APIs. Facebook is no longer about faces, but about data. Microsoft is no longer about an operating system, but about a cloud platform. Cars are no longer about miles per gallon, but about software-defined transportation. Factories are no longer about automation for production at scale, but about artificial intelligence (AI) and machine learning (ML) for robotization. Data centers are no longer about big data clouds, but about edge compute and software-defined storage down in the fog.

Create self-defending tools

What we are observing is the power of transformation. From the Stone Age, through the Middle Age, Modern Age, Digital Age, to the Data Age, the global economy has evolved to the digital platform of data as the fuel that drives intelligence. Intelligence can transform knowledge into tools to be creative, or knowledge into weapons to be destructive. To begin to solve our cybersecurity challenges, we can harvest device intelligence for use as a self-defending tool for cyber protection. Likewise, we can transform device lifecycle management into protection lifecycle management. And finally, we can enhance privacy and integrity of data to establish trustworthiness of data to prevent weaponization.

The tectonic plates are moving in cyberspace. The future of things is in the things of the future. Things are no longer connected simply by wires and protocols, but by waves (5G) and APIs. These things of the future are devices with north, south, east and west connectivity, requiring a perimeter-free, frictionless operating surface.

Take for example the Ashoka Stupa, which contains a fascinating lesson about protection lifecycle, proving that remarkable solutions are possible with ingenuity.

Ashoka Stupa

The Ashoka Stupa, outside Delhi, India 1

The Ashoka Stupa, a 7-meter long pillar outside Delhi, India, was built 1,600 years ago and is made of iron that has not rusted. It is 98% iron and the remaining 2% is comprised of lead, brass, bell metal (copper and tin) and phosphorous from wooden blast furnaces (instead of modern limestone blast furnaces). It does rust in the first phase with water and air (ferrous oxide FE-O); however, a chemical reaction between the metal and the first phase creates misawite to form a ferrous oxide hydroxide (FeOOH), which forms a passive layer of “self-defending protection”.1

Opt for protection rather than detection

The traditional information technology cyber security rules identify indicators of compromise on a hacked device — as a forensic science. Forensic science is the discipline in which professionals use scientific means to analyze physical crime evidence. Life science is the study of life and living things. A paradigm shift is required to enable data sciences to reach new heights and objectives for a safer digital planet.

The new IoT cyber protection paradigm must use artificial intelligence with device intelligence — as a life science. As we transition from old security models, cyber strategies will necessarily pivot from reactive methods such as detection, forensics and forensic science, to proactive methods such as protection (vaccination), self-defense (immunity), and a life-science approach to cybersecurity.

Cybersecurity as a service is the enabler to protect IoT platforms in the era of digital transformation. Ask not whether the device is compromised; ask whether the device has protection. Change the rules. Protecting emerging IoT devices and edge clouds is an infinite game, and it has just begun.

1Photograph taken by Mark A. Wilson (Department of Geology, The College of Wooster).[1] - Original photograph,Wikipedia, The Ashoka Stupa.

UP NEXT
PKI

3 Surprising Uses of PKI in Big Companies and How to Ensure They Are all Secure

5 Min

Featured Stories

07-03-2024

What is a CA’s Role in delivering digital trust?

11-11-2024

FIPS 140-3 certification unlocked for TrustCore SDK

10-31-2024

Announcing the GA release of Device Trust Manager