Dr. Robert Statica *
The FBI’s attempt to pressure Apple to access the iPhone of the San Bernardino shooter has passed, and while it raised questions regarding privacy versus encryption for the general population, there is no doubt that enterprise and governments must continue to employ encryption and other cyber security measures to safeguard their information and assets.
These entities should implement cyber security measures to secure their state secrets, and intellectual property. It remains critical to prevent eavesdropping, espionage and proprietary data leakage, especially that we have seen the rise of cyber criminals offering hacking-as-a-service (HAAS) to the highest bidder and the proliferation of cyber-warfare by nation states against critical computer infrastructure of their target countries in support of terrorism, hacktivism, espionage, cyber crime and cyber war.
A lack of cyber security and the low levels of cyber immunity could cripplegovernments and countries following a debilitating attack on critical infrastructure including the oil & gas distribution systems, power grids, financial markets, air traffic controller’s networks, nuclear power plants, military drones and satellites. The current cyber threat now contains the most sophisticated, multi-channel, all avenue attack vectors and represents a clear-and-present danger to the most advanced economies and countries in the world. Such an attack could potentially destabilise the global economy.
At the same time, the Internet of Things (IoT) will become an attack envelope for nation states, cyber criminals, and terrorists. Many IoT devices have minimum or no security and yet they collect a wealth of personal identifiable information (PII) of the owners and their geo-locations. If and when these devices are compromised it could lead to identify theft, exploitation and extortion of VIPs and children.
Data and information are a premium and have become the world’s global digital currency and first digital weapon. This is the beginning of weaponised data. For the first time data is the victim and the weapon of a cyberattack.
Governments and enterprise should treat data as they would treat a nuclear power plant: they should never leave it open, unguarded or without strong, multiple layers of protection. If they do, they could create irreversible damage that could be beyond their capacity of containment. The results could be catastrophic. The asymmetric cyber threat could increase in intensity and everybody and everything is a potential target.
The new cyber battlefield could make traditional armies, oceans, politics, laws, law enforcement, and international treaties less important. When critical infrastructurecan be attacked by a single person with a personal laptop and an Internet connection, the entire landscape changes and the battlefield evens out. Only the countries that adapt to cyber change will survive and be able to mitigate the ever-changing threats.
The rise of End-to-End Total Security Solutions (E2E-TSS) as an above-and-beyond strong encryption, and an all-encompassing solution is imminent and absolutely required in order to protect communications, networks, financial sectors, governments, military, organisations and private citizens from cyber attacks. Encryption is just one of the pillars of cyber security, but it’s not the only one. Enterprise and governments must look at all the end points that might affect data in transit and at rest, from the computer or mobile generating and sending the data, to the Internet service providers, to the telecom, and the receiving devices. For them, it’s just as critical to know who and what touches the data in the internal network, the storage network or cloud as it is for data in transit.
Knowledge of and adherence to policies and regulations (Governance, Risk and Compliance), coupled with the implementation of services like Computer Network Defence (CND), and Secure Operation Centres (SOCs)must be employed to create multiple layers of protection around the data, to ensure a truly in-depth approach to cyber security. Although encryption is not the silver bullet of cyber security, it is never the less an integral line of defence and sometimes the only one that exists between the data and the hackers.
*Senior Vice President– Technology and Research, DarkMatter