State of the Internet: cyber security and the need for change in a complex environment

Each day, as the speedy evolution of technology emerges, newer, more complex and increasingly dangerous cyber threats come onto the battlefield, thus presenting an ever-thriving danger to organisations, governments and enterprises everywhere.

As concerns about cyber crime and cyber security grow, there has been a worldwide push to encourage an international perspective on how to address threats, and many experts agree that, given the complexity of the latest cyber concerns, it may be time to take a radically different approach to defence.

Akamai Technologies, an Internet content delivery network headquartered in Cambridge, Massachusetts, delivers a regular report on the state of the Internet. In the latest of the series, Akamai noted that attack traffic originates from source IP addresses in 175 unique regions, with the biggest shares of attack traffic originating in Indonesia and China respectively. With a little over 79 per cent of the attack traffic weighted toward the Asia Pacific region, the remaining threats came from Europe at 10 per cent, while the Americas combined bring up the remaining 10 per cent.

In another recent report released by EY, extensive enterprise surveys showed that attacks are becoming increasingly more frequent and alarmingly more sophisticated.

In fact, the hot topic in cyber security circles today is the controversial legitimacy of a new super threat allegedly discovered by renowned cyber security expert Dragos Ruiu. The bug, dubbed badBIOS by Ruiu, is a malware that infects hardware and is so sophisticated and complex that, according to Ruiu, it is platform independent, easily introduced via USB drives, reflashes the system BIOS, loads a hypervisor, is resilient and, scariest of all, can communicate via Software Defined Radio (SDR) to bridge air gaps between system networks.

According to experts in the security field, everything that Ruiu claims about badBIOS is highly plausible, but many say it is not probable and refute its validity, some going so far as to call the security legend “paranoid” or even “crazy”. Regardless of opinion, however, many experts are taking him seriously enough to thoroughly explore his claims.

Legitimate threat or paranoid fantasy, the reality is that everything that Ruiu says this thing can do, can actually be done, if not in concurrence.

If badBIOS is indeed the first super malware to rival, or even surpass, the complexity and danger of Stuxnet (even if it is just an idea that has the possibility of coming to fruition), then new defences are needed and quickly. Some say that those who speak of redesigning and computing from a security standpoint may be right on target.

Dr. Peter G. Neumann, senior principal scientist in the computer laboratory at SRI International, has spent a lifetime researching computer security concerns. At an age far past retirement (Neumann is 81 years old), he is leading a team of researchers on a five-year project backed by the US Pentagon’s Defense Advanced Research Agency (DARPA) alongside Robert N. Watson, computer security research specialist at Cambridge University. The project is called Clean Slate.

Computer and network systems were largely designed with security as a secondary thought, if any. Clean Slate aims to change that by completely redesigning computing hardware and software.

The SRI-Cambridge collaboration is just one of many research projects that have been financed by DARPA as part of the “cyber resilience” efforts that were started a few years ago; Clean Slate Design of Resilient Adaptive Secure Hosts (CRASH) and Mission-Oriented Resilient Clouds (MRC) are two separate, but connected, research efforts.

As we move at light-speed toward innovative new technologies, the benefits are well matched by the risks. The fact that very little has changed with regard to computing design or security since its inception is of grave concern to many. Radical threats require radical defence and Clean Slate, along with corresponding defence research programs of a similar thread, may be just the silver bullet we need.

Alan Kahn is a cyber security enthusiast and contributing freelance writer for Cybertech Israel 2014 – Cyber Security Conference and Exhibition to take place in Tel Aviv, Israel on January 27-29. Alan is passionate about critical infrastructure security and the most innovative technologies to defeat cyber attacks.

Join the CSO newsletter!

Error: Please check your email address.

Tags cyber crime

More about Akamai TechnologiesAkamai TechnologiesCambridge UniversityindeedSRI International

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Alan Kahn

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place