Jothy Rosenberg
Something is very wrong with our approach to cybersecurity. We are not winning the war. The bad guys keep getting through with more and worse attacks every year. Why is this happening? For one thing, the war is asymmetric. Their malware takes just a small amount of code, but our defense systems have grown to be millions of lines of code. Additionally, since the processors in use today are simple, they can’t tell if they are under attack. And to exacerbate that, all software code is buggy, providing an open door to sophisticated attackers whose main way of attacking is by exploiting the inevitable flaws in all software.
What are the dominant approaches used to defend against sophisticated attackers coming in over a network, and why aren’t they more effective? The most common systems—themselves software—employed are anomaly detection, intrusion detection and signature analysis (anti-virus). Because these are software, they also have bugs, so they are in the sights of the attackers, and this means they actually increase the attack surface. Relying solely on these systems is not working.
The alternative to more and bigger software systems defending our most critical computing assets from attack is hardware-based cyber defense. There are just a few hardware-based mechanisms that are used mostly in embedded devices like robots, factory automation, critical infrastructure, automobiles, medical devices, the Internet of Things and so forth. These hardware-based cybersecurity systems are mostly processor-based mechanisms (usually compartmentalization, which is called SGX by Intel, and TrustZone and now Confidential Compute Architecture by Arm).
No comments:
Post a Comment