By Dr. Daniel Potts
The U.S. Department of Homeland Security has declared October “National Cyber Security Month, and it couldn’t come at a better time.
According to Steve Morgan, CyberSecurity Ventures, cyber crime damage costs will hit $6 trillion annually by 2021. With the growth of IoT devices on the rise, Gartner predicts that by 2020, IoT security will make up 20 percent of annual security budgets.
The challenge is that the current connected device software architectures are built like a Great Room. Anyone who enters the room can pretty much hear, see or do anything, and it will impact the entire room. For example, if someone in the room has the flu, everyone is at risk of getting it too. We all know what happens next. They bring that flu home, and spread it further. This type of architecture puts government and enterprise at great risk.
Just like the great room approach in your home, the software architecture of today’s mobile and IoT devices is basically monolithic in nature, in particular the Operating System (OS) and kernel. It is basically one big software stack and it is huge, consisting of 10’s of millions of lines of code – that’s a massive attack surface to be managed and exploited.
The problem is once malware gets on the system and then into the OS kernel, it has access to whatever it needs. It can disable any protection and bypass whatever it wants. Now with access to credentials such as keys, a malicious device can gain access to your network. This is very similar to how the newest security flaw behaves, KRACK or Key Reinstallation Attack. KRACK can attack virtually any device that is connected to Wi-Fi and uses WPA2 security to break in.
There are controls and obstacles that can be put in place to prevent this, but it’s inevitable that some of those controls inhibit performance of those devices.
So how can we improve cybersecurity? It starts by going modular. It starts by building in redundancy and defense-in-depth. Cog Systems delivers on this premise by changing the way we build these systems from ‘old school’ monolithic approach to a modular approach.
Modularity means we can isolate and protect critical or malicious functionality – essentially by creating separate rooms. Cog Systems is successfully applying a modular approach to cybersecurity solutions for its customers, specifically for IoT as well as smartphones. Our D4 Secure HTC One A9 smartphone, for example, uses always-on non-bypassable VPN keeping it safe from security flaws such as KRACK attacks.
What type of architecture do you have in place? Is it meeting all of your needs or just some? Is it proactive or reactive? Tell us what you think.