Each day, as the speedy evolution of technology emerges, newer, more complex and increasingly dangerous cyber threats come onto the battlefield, thus presenting an ever-thriving danger to organisations, governments and enterprises everywhere.
As concerns about cyber crime and cyber security grow, there has been a worldwide push to encourage an international perspective on how to address threats, and many experts agree that, given the complexity of the latest cyber concerns, it may be time to take a radically different approach to defence.
Akamai Technologies, an Internet content delivery network headquartered in Cambridge, Massachusetts, delivers a regular report on the state of the Internet. In the latest of the series, Akamai noted that attack traffic originates from source IP addresses in 175 unique regions, with the biggest shares of attack traffic originating in Indonesia and China respectively. With a little over 79 per cent of the attack traffic weighted toward the Asia Pacific region, the remaining threats came from Europe at 10 per cent, while the Americas combined bring up the remaining 10 per cent.
In another recent report released by EY, extensive enterprise surveys showed that attacks are becoming increasingly more frequent and alarmingly more sophisticated.
In fact, the hot topic in cyber security circles today is the controversial legitimacy of a new super threat allegedly discovered by renowned cyber security expert Dragos Ruiu. The bug, dubbed badBIOS by Ruiu, is a malware that infects hardware and is so sophisticated and complex that, according to Ruiu, it is platform independent, easily introduced via USB drives, reflashes the system BIOS, loads a hypervisor, is resilient and, scariest of all, can communicate via Software Defined Radio (SDR) to bridge air gaps between system networks.
According to experts in the security field, everything that Ruiu claims about badBIOS is highly plausible, but many say it is not probable and refute its validity, some going so far as to call the security legend “paranoid” or even “crazy”. Regardless of opinion, however, many experts are taking him seriously enough to thoroughly explore his claims.
Legitimate threat or paranoid fantasy, the reality is that everything that Ruiu says this thing can do, can actually be done, if not in concurrence.
If badBIOS is indeed the first super malware to rival, or even surpass, the complexity and danger of Stuxnet (even if it is just an idea that has the possibility of coming to fruition), then new defences are needed and quickly. Some say that those who speak of redesigning and computing from a security standpoint may be right on target.
Dr. Peter G. Neumann, senior principal scientist in the computer laboratory at SRI International, has spent a lifetime researching computer security concerns. At an age far past retirement (Neumann is 81 years old), he is leading a team of researchers on a five-year project backed by the US Pentagon’s Defense Advanced Research Agency (DARPA) alongside Robert N. Watson, computer security research specialist at Cambridge University. The project is called Clean Slate.
Computer and network systems were largely designed with security as a secondary thought, if any. Clean Slate aims to change that by completely redesigning computing hardware and software.
The SRI-Cambridge collaboration is just one of many research projects that have been financed by DARPA as part of the “cyber resilience” efforts that were started a few years ago; Clean Slate Design of Resilient Adaptive Secure Hosts (CRASH) and Mission-Oriented Resilient Clouds (MRC) are two separate, but connected, research efforts.
As we move at light-speed toward innovative new technologies, the benefits are well matched by the risks. The fact that very little has changed with regard to computing design or security since its inception is of grave concern to many. Radical threats require radical defence and Clean Slate, along with corresponding defence research programs of a similar thread, may be just the silver bullet we need.
Alan Kahn is a cyber security enthusiast and contributing freelance writer for Cybertech Israel 2014 – Cyber Security Conference and Exhibition to take place in Tel Aviv, Israel on January 27-29. Alan is passionate about critical infrastructure security and the most innovative technologies to defeat cyber attacks.