The Merry-Go-Round of Cyber Security Goes on Forever

The need for continually enhanced cyber security is a constant and unrelenting challenge for system connectivity. Security threats are a perpetual reality. That’s the take-away from the Pacific Design & Manufacturing show in Anaheim earlier this month. In the conference session, “Good Fences Make Good Neighbors: Establishing a Secure Networking Infrastructure,” presenters effectively said: Better get used to it. “As the hacks improve, we will respond with protections. That will happen for a long, long time,” said Ernie Rudolph, executive vice president, Icon Labs.

(Source: fightingidentitycrimes.com)

Rudolph noted that security has moved beyond the usual fence around the company. Protection has to go down into the device itself within that fence. “The classic network protection is a secure perimeter. Yet, if you put a fence around your house, you still lock the door, and you still secure stuff within your house,” he said. “In a zone protection system, the zone becomes a single device. Our security framework is embedded, and it’s based on the threats we anticipate. We have software built into the device itself, and we have secure updates in the device, not just the perimeter.”

Security isn’t just to protect against outside enemies. Rudolph noted that most attacks are not intended. They are errors. “Our customers tell us that 70% of their attacks are internal and inadvertent. Yet they can still be catastrophic,” he said. “The internal thereat is non-malicious. People make mistakes. You keep looking for ways to block those mistakes. When you’ve done all the steps, and you still make a mistake, the results are still potentially devastating.”

He pointed to measures that can be taken to deflect potentially dangerous mistakes “You can work to stop the accidental action,” said Rudolph. “Say your temperature range is 80C to 100C. But if someone puts in 80C to 1,000C by mistake, your program may not catch it.” He noted that solutions can include programming to disallow a temperature outside the appropriate range –- as part of security.

READ MORE ARTICLES ON CYBER SECURITY:

The ultimate solution is to deploy a variety of security measures, from the perimeter to the zone, and down to the individual device. “We approach security by layering it. Everything you do for security is important. The perimeter, the firewall, the embedded security –- they all add up to protection against the bad guys,” said Rudolph. “But you also have protection from the good guys who make mistakes.”

Those working in security say it’s important to get used to the notion that security is a never-ending struggle. “Security is an impossible-to-hit goal, but we should all be striving for it. You can’t make perfect never-can-be-hacked protection, but you should make it hard enough to attack that it’s not worth the time and money,” said Josh Thomas, a founding partner at Atredis Partners, a security company. “You can also make sure they don’t get much if they do hack.”

Security comes without a Holy Grail. “Security is a continuum. There’s this notion of perfection in security. Engineers seek a perfect ideal,” said Shawn Moyer, a founding partner at Atredis Partners. “Yet the only perfect system is to bury your valuables under tons of concrete. It’s not usable, but it’s protected.”

Moyer noted that effective security requires a paradigm shift with a greater focus on how to manage inevitable intrusions. “Hacking creates unexpected functionality. When you’re hacking a system you’re making the system do something the designer didn’t expect to have happen,” he said. “Designers don’t design for failure. They design for success, and then it fails. The biggest thing people don’t do is ask, ‘What do we do when it does break?’”

Rob Spiegel has covered automation and control for 15 years, 12 of them for Design News. Other topics he has covered include supply chain technology, alternative energy, and cyber security. For 10 years he was owner and publisher of the food magazine Chile Pepper.