Monday, March 19, 2012

Cybersecurity is hard, we need some assist


Cybersecurity is so much harder than physical security! In physical security, you have a well-defined physical perimeter -- your doors, windows, gates etc -- to watch and protect, but in cybersecurity the perimeter is not well-defined. Think of cybersecurity for a typical home or business -- you usually have a box -- the “router,” perhaps a wireless one -- that lets you connect your network of PCs and other devices to the Internet via your Internet Service Provider. Although there is a single physical connection to the Internet, the software applications in your PCs and devices are making lots of network connections. If you think of each of these as a door, it’s like trying to watch over and protect thousands of doors at once and, on top of that, you need to check the packets of information that are coming in and going out of these “doors” -- like checking each visitor to a building, only the number of visitors is in the billions! To make matters worse, the software applications -- think of Web browsers, Office suite, PDF reader, etc have their own weaknesses and could serve as gateways through which bad guys get access to your information... so that’s even more “doors” to protect. Anyway, you get the idea -- compared to physical security, cybersecurity is too difficult for us to tackle in a routine manner.

Does that mean we do nothing about cybersecurity? Of course not! We already try to do our best with antivirus and firewalls etc, but to keep up with the ever-changing number and types of “doors” that we have to watch over, we need some assist from the information security companies.

First, we need a way to monitor the status of cybersecurity, similar to the way we have guards monitoring doors, fences, and gates through video cameras etc. Only in cybersecurity, someone needs to build a simple dashboard to show us how well our defenses are working against the torrent of potential malicious packets coming through the cyber “doors” to our network.

Second, someone needs to build a consumer “cybersecurity appliance” -- I envision a box that sits between that router and the rest of your network, a box that watches over all the network connections and does whatever is needed to keep our internal network safe. Come to think of it, the cybersecurity appliance can both monitor cybersecurity and provide protection.

I hope someone takes up the challenge and builds us a “cybersecurity appliance” someday soon.


Here's some more information to help you...
You may find the following books useful:




Here's an old GAO report that's still quite relevant: 

Cybersecurity for Critical Infrastructure Protection

GAO-04-321, May 28, 2004

Here's a presentation on Cybrsecurity research an development (R&D) based on this report: