Can you imagine a time in the future where the Internet is not there anymore? If it was broken, or everyone in the world decided to turn it off? Every browser, every device suddenly reported “No Internet, check your network connection”. Close your eyes for a few seconds and think of it all gone, what would that mean to you?
Were your initial thoughts that you would finally have some peace; no-one could send social media messages or emails to you, your smartwatch is suddenly in a restful state; or, maybe you thought of the doom of not having access to online shopping, checking your security cameras, your bank balance and finding out when the next train / bus home is?
It wasn’t that long ago that this time existed, you may remember, like me, that you needed to stand at a bus stop wondering when a bus may arrive, use paper road maps printed on supersized books and try to understand client instructions on where they were based. Working in IT in the 1990’s, I remember typist staff raising fault calls on paper, placed into a tray to be resolved in the order they were laid. I remember making lots of tea (for everyone) whilst waiting for an updated DOS driver to download on the vendors dial-up bulletin board. Resolutions were written by hand and signed off by the client, then the ticket was filed in a cabinet with many others. This seems old fashioned today, and it is; why would we work this way now, when problems can be resolved sitting 500 miles or more away from the physical hardware and staff using technology?
The problem is the Internet that provides this style of remote working, and many, many other services goes wrong every day in some way. Have you ever noticed any major outage other than a local router fault or local cable fault? The Internet was designed to be resilient, you rarely notice faults happening. In security terms we call this Availability, making sure something is there and working. There are people that actively attack the Internet, for example, when trying to gain an advantage in the computer game Minecraft. Other attacks happen daily such as border gateway protocol hijacks, maybe to aid information. I suspect the original ARPANET engineers, developers of TCP/IP and even Tim Berners-Lee all had one thing in common, they trusted everyone involved. In the 1960’s through to the early 2000’s the group of people involved was limited to their expertise and they had trust in each other.
The ‘information superhighway’, as it was then called, had another big advantage, it was designed to transfer data quickly. What was deemed quick then and now are indisputably very different, I certainly remember my 9600 baud modem struggling to load a single web page but it always did. This falls onto the second security term Integrity, making sure something performed as it was intended.
Due to the original trust each of those founders had, the Internet (millions of devices that connect together on one network) has evolved to be insecure by design. This is highlighted in the press almost everyday when information is lost or stolen. Sites such as https://haveibeenpwned.com/ can show just how much information has been breached. This is the last of the major security terms, Confidentiality, and a major advantage or disadvantage of computing, the ability to copy everything. Once it is copied and in the wrong ownership it can never be uncopied hence why it is generally big news. Whatever Internet connected devices are called (such as IoT or Smart), it is essential that they are designed to operate securely. Sadly, to date, this has not been the case for most manufacturers because functionality and usability are the primary design goals. To make matters worse, devices are becoming unsupported by the manufacturers as they move to better, more powerful designs. Think of a Smart LED light bulb that could be used for the next 20 years, will the manufacturers be identifying vulnerabilities and patching throughout its life? Possibly not. These devices are being integrated not only within home networks, but also they are increasingly becoming added onto corporate networks. These devices pose a threat to corporate network availability, integrity and confidentiality and if compromised in enough numbers they can become a threat to the Internet as a whole.
To read the full TLP paper please click the link below:
*Problems with downloading? Email email@example.com requesting the thought leadership paper, and we will send you a copy!
Please do not hesitate to contact us if we can support you in your work, share our thoughts and ideas and answer any questions you may have with regards to our response.