How do we defend the Internet of the future?
As the Internet evolves, it will offer a vast array of possibilities such as new types of health services, personalized and mixed reality entertainment, and more. With new options inevitably come new security risks and challenges. What we need is what we always needed: protection against unwanted content, security, privacy, trust, as well as (or even more so than) quality, cost-effectiveness, usability and scalability.
The security of this “networked society” will definitely be a top priority, and the tools we have now at our disposal will not be enough to secure it adequately, says Professor Gabi Dreo Rodosek of the Bundeswehr University of Munich – a federal university founded as part of the German Armed Forces.
In the talk that she gave at ENISA’s NIS Summer School, she pointed out the need to improve cyber defense strategies, tools, decision-making frameworks and the level of cooperation between countries.
We also need to avoid making technologies first then thinking about security later. Our communications infrastructure is becoming more complex by the day, and security by design will help us stave off many problems.
Today, the majority of cyber attacks have a criminal component, and it’s often difficult to distinguish between military and civilian attacks.
A little over 3 years has passed since the DoS attack on Estonia’s Internet infrastructure, and that was the first time a European Union member state actually formally requested assistance in defending its digital assets. At the time, the response to such a plea was inadequate because the institutions and governments were caught unprepared.
A lot of things has changed since then and a lot of cyber attacks have been executed all over the world, making cyber defense a recognized term even by the general public.
But to even think about cyber defense, we must first acknowledge the need for quality detection systems. Existing early warning systems combine flow analysis, log sharing, distributed honeypot architectures and packet inspection. But the problem is, as the Professor points out, in the fact that many of the tools to perform these tasks today were designed for small environments.
The communication infrastructure is a patchwork of networks that are overlapping (Internet, Military SatCom, Home Automation, Software Defined Radio, GSM/UMTS/LTE, etc.), and it’s grown to such a size that those tools have trouble keeping up with the increased bandwidth.
Additional problems that we’ll have to deal in the future concern encryption communication channels, high false alert rates and intelligent, autonomous and distributed malware. Responsibility regarding security should not end at the doors of our networks, because everything is interconnected and the compromise of one network can lead to the compromise of many others indirectly.
To deal with all these problems, we need extended flow handling, overarching analysis, sophisticated correlation of data, comprehensive reasoning models, traffic volume and end-system independence, encrypted/payload-independent analysis, safeguarding of mobile devices, and more.
We’re only starting to see what future kinds of cyber attacks await us: counter overflow attacks, routing table manipulation, sybil attacks, sinkhole attacks, blackhole and greyhole attacks, etc. The ubiquitous inter connectivity will mean a widespread vulnerability. Data will be uncontrollably grabbed and exchanged between sensors and devices.
A European Early Warning System is sorely needed, so maybe ENISA should be charged with organizing this effort? “It is true that a lot of research about these problems is already in progress,” says the Professor. “But is also true that quite a bit more is needed.”