The word cyber comes from cybernetics, the science of cybernetic systems. Derived from the Greek word kubernétès, which means helmsman, pilot or helm. A cyber system can be a computer network or a human body and deals with communication and how information circulates within that system. The larger a system, the more internal communication and circulation. So the more difficult this system or network is to understand and oversee. And – most importantly – to make it safe and above all to keep it safe. Therefore, decentralization, segmentation and compartmentalization is one of the most important design principles of cyber security.
Segmentation is the division of systems into smaller units to reduce risk. Think about fire doors for extra fire safety or extra locks on water works. By splitting, events remain manageable for a longer period of time. An important principle in the design of prevention within architectures. So also with information architectures. The growing digitization makes the systems ever larger and more obscure, which makes it – certainly demonstrably – increasingly difficult to guarantee system security.
Risks are uninsured
Security and privacy are reasons to limit the size of systems. On the one hand, to prevent complete “dyke breaks”, but also to ensure that transactions are irrevocable. The guarantee that the receipt and/or transmission of a contract or message from both parties involved cannot be denied. The authenticity can prove that both the source and the data itself are integers and both have an ‘unforgettable’ relationship that can be verified by a third party at any time. Non-repudiation is today often achieved with asymmetric cryptography, the principle of a private and a public key.
By logical division, the complexity of a system remains clear and manageable. Many security hacks happen because system boundaries overlap, and it is logically – and certainly also humanely – no longer possible to oversee a system’s vulnerability. In an article by Computable last week, insurers already reported that both the number and impact of cyber attacks are becoming so great that cyber security can no longer be insured. Cyber security will therefore be high on every board’s agenda in 2023. The risks can hardly be insured anymore, and therefore (!) the solution must be sought in (the redesign of) the systems themselves.
Tornadoes blow down every house of cards
In recent decades, digitization and the Internet have made it easier to link systems and share data better. This has already led to massive hacks, as I once witnessed within EMC, when Chinese hackers managed to penetrate RSA’s ‘seed warehouse’ in 2011 to steal the crown jewels of RSA’s SecureID. The ultimate goal was to be able to break into a particular user of the SecureID token: Lockheed Martin. The whole story reads like a boy’s book and will not be published in full until 2021 for the education of the entire security community.
The biggest fear after the break-in was discovered and the damage repaired was that the burglars might have installed ‘unknown’ back doors. This led to the conclusion that systems should always be segmented. Having to shield their most sensitive data in such a way that it is impossible even for an adversary already inside the firewall to access and release that data. If a tornado enters your system, design it so it can’t topple over like a house of cards. If one or more cards are drawn, the house must still stand.
System limits and data diodes
Now that more and more cyber attacks are proving to be uninsurable tornadoes, we fundamentally need to design and build better, storm-resistant and fail-safe information systems. The cyber world has become so large and powerful that their brute force can only be resisted if systems are made smaller, more segmented and also secure from the inside out. In addition, the irreversibility of transactions in the system must always be guaranteed, so that the authenticity of each data set and source can always be verified. To be able to do this per system, the system must have hard limits and must therefore (!) not be too large or – just as importantly – be too large unnoticed. Less is better in that context. Decentralization is an important design principle here.
The term ‘firewall’ comes from the physical barrier installed in buildings to prevent and/or delay the spread of fire from one section to another. Neither physical firewalls nor software firewalls are designed to last forever. They need to slow down a threat to have time to eliminate it. To truly prevent unauthorized data access, data diodes are designed as an uncompromising technique. The term comes from the security of nuclear weapons systems and creates a physical separation or ‘air gap’ between system or network segments. It uses the hard laws of physics that are immutable and absolute, meaning that data in a system can never flow in the opposite direction.
Data centers as modern castles
The data diode can be compared to a historic castle, with a spacious moat around it and a small island in the moat at the only entrance. The island is connected to the surrounding area on one side and to the main entrance on the other by two bridges. The principle is that both bridges must never be lowered at the same time. All transport must stop on the island. Both bridges open and guards have plenty of time to inspect the contents of the cargo being transported. And in the event of a detected threat, destroy or isolate it before it can pass through the main gate. This double aircap technique is already used in many places. The principles are illustratively explained in this instructional document.
Aircap technology was already described in an article from 2001: an attempt by VMware and the NSA to build a ‘nearly crack-proof’ computer with a virtual vault for sensitive data. The 2012 Stuxnet attack on Iran’s nuclear facilities sparked a resurgence of interest in aircap solutions for highly sensitive data storage. In recent years, many creative attempts have been made to access the aircap protected data via other transmission options such as sound, light, vibration, magnetism, thermals and radio frequencies. Faraday cages, concrete basements, and physical, military-equivalent protection are often ultimately the answer to this constant outside threat.
Segmentation is decentralization
Segmentation is decentralization. Thinks in networks with independent nodes that can protect themselves. Even if they are attacked from within. Virtualization is an important tool here. After all, if ‘strange’ behavior is detected in a virtual node, that virtual node can destroy itself (or quarantine) and rebuild itself virginally from the original source or ‘seed store’. Similar to the seed phrase in wallets and cryptography, allowing you to build a new virtual identity from your digital DNA each time. Physical and virtual segmentation is extra security.
The new Web3 world is powered by cryptography, it’s called the crypto world for a reason. The techniques from that world already provide great resistance and resilience to attack from a design standpoint. Blockchain as a decentralized and indelible database is also of great interest when it comes to guaranteeing the irreversibility of transactions. Additionally, with smart contracts, immutable procedures are built into the network and process to make security procedures immutable. In short, the insecurity of the current growing crypto-attacks is the unexpected driver of new web3 technology, which was ‘accidentally’ developed precisely from the cryptographic security.
By: Hans Timmerman (photo)