The TCP / IP stack facilitated the connection of billions of devices over the Internet in a few decades, starting in the 1990s. Now we are waiting for more than 75 billion devices to be connected in 2025. Maybe TCP / IP was too good in its initial mission to ensure fast and easy connectivity. But that's just chapter one of the emerging problem of cybersecurity.
Chapter two is even bigger, both from the point of view of opportunity and damage. The key to understanding the risk is not to quantify it in terms of more infected computers, but rather an unauthorized control over physical environments. Bruce Schneier takes us there in his new book. Click here to kill all: "The Internet, before a virtual abstraction, can now feel and touch the physical world."
The current defense-in-depth strategy that has evolved to address the promiscuity of the stack has become so complex that even trivial additions to a network can generate significant increases in operational and capital expenditures necessary for effective defense. We call this an inverse correlation (between increasing complexity and decreasing protection) pile fatigue. This was before the digitalization and the "intelligent era".
Digitization is paving the new hacker highway
As organizations digitize their office buildings, factories, hospitals and even ships at sea to increase efficiency and productivity, they are exposing critical data and functionality of the physical system Internet and cyber attacks. Think of the difference between eliminating a hospital's billing system and shutting down blood freezers, environmental controls or even ships.
A recent podcast on maritime cybersecurity in response to a Threatpost article about how hackers could sink a ship into the sea puts it in perspective. Approximately more than ten minutes in Alex Soukhanov, Director and Master Mariner of Moran Cyber coldly explains how vulnerable are the common control systems and sensors in all kinds of intelligent, floating and terrestrial installations. Intelligent water and energy systems, intelligent assembly lines and smart navigation use common sets of intelligent devices to manage critical systems.
These systems control the physical environment. Whoever controls them controls virtually everything.
Digitization is accelerating the convergence of OT / IT infrastructures and, in turn, is creating a new generation of high-growth and ultra-permeable attack surfaces. Attack vectors proliferating in this new converged network are increasing complexity, degrading protection and exposing mission critical systems to unauthorized access, since even primitive malware can be globalized in a matter of days.
And this only in: "The vulnerabilities discovered in industrial equipment increased 30% in 2018:"
The number of vulnerabilities discovered in industrial control systems (ICS) increased by 30% in 2018 compared to the previous year, with an increase in critical or high severity vulnerabilities by 17%, according to a Positive Technologies report published Thursday.
The targeting of devices used in industrial, energy infrastructure and manufacturing environments has increased in recent years, as groups sponsored by the state have sought to gain access to industrial systems for espionage purposes.
In fact, the bets are higher than ever. HIP no one?