Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Content Layer
id252933337


Content Column
width100%
id252933340


Content Block
background-color#4a4b4c
padding10px 0px 0px 0 0 20px
margin30px 88px 0px 0 88px
id252933082
classtitle-block

CYBERSECURITY   

Block Link
selector.expanding-block .block-toggle


Content Block
background-color#4a4b4c
padding10px 45px
margin0px 0 88px
id942060525
classexpanding-block
collapsiblecollapse

Cybersecurity Cybersecurity is intertwined with the evolution of other emerging technology trends like technology trends like AI, IoT, and quantum computing.  As  As the attack surface gets gets larger  and and larger as more devices join the network, and AI based based cyber-attacks grow in sophistication,  the  the technologies and approaches to securing our assets will evolve rapidly.


Image Added

Content Block
padding0px0
margin0px 0 88px
id252933338

Cl_expand_anchor

Image Map
Cybersecurity.pngCybersecurity.png
width1024
aligncenter
height326

 




Content Layer
padding0px0
margin0px0
container-padding0px0
id644397866


Content Column
width100%
id644397913


Content Block
padding0px0
margin0px0
id644397959
height100px

Include Page
Timeline
Timeline




Content Layer
margin0px 0 10px
id643608531
classdef-content


Content Column
columnalternate
width25.0%
id643608637


Content Block
margin0px 0 10px
id643608813


Show If
special@anonymous
trimfalse
groupcc-admins,cl-members,cl-employees,cl-contractors,cl-interns, cl-vendors


This includes 2 major capabilities: device fingerprinting which can identify what the device is from a network perspective and understanding network traffic patterns to figure out what a device is doing. Effective next gen endpoint prevention is not just signature based but also able to investigate and detect real-time threats occurring on your network
Expand
titleProactive Endpoint Threat Detection
Adaptive and Intelligent Authentication

Reliance on passwords, pass phrases, and SMS based authentication (MFA) is proving insufficient. The future will rely on multi-factor authentication coupled with behavioral heuristics that allow anomaly detection of fraudulent activity. MFA based on trusted devices – think mobile devices from Apple and Android that are known to service providers – coupled with machine learning and other artificial intelligence tools to apply behavioral analysis is needed to combat phishing and social engineering. The same techniques used for consumers will be applied to company insiders, a necessary step to achieving a zero-trust model.



Show If
special@anonymous
trimfalse
groupcc-admins,cl-members,cl-employees,cl-contractors,cl-interns, cl-vendors


Expand
titleDevSecOps

Development Operations has already transformed service development and delivery. sScuring the development environment, much less the service delivery chain, has lagged core development activities. This is changing as security is integrated into the DevOps culture, commonly described as Development Operations Security (DevSecOps). While the press is largely focused on cultural aspects of DevSecOps, technology evolution is part of the picture, too. Providence of code, cyber supply chain management, integrated security testing, use of pervasive identity and authentication throughout continuous integration and delivery but also development must be supported.



Show If
special@anonymous
trimfalse
groupcc-admins,cl-members,cl-employees,cl-contractors,cl-interns, cl-vendors


Expand
titleDigital & Physical Asset Fingerprinting Finger Printing

Piracy of content continues and counterfeiting of physical and digital assets continue to plague content distribution ecosystems. This is a common problem for music, bookprose, and video media, costing the industry billions. Material counterfeiting continues to rise as well. While law enforcement efforts strive to to address the challenge, the core issues are technical and social. Who created what, who owns what, who can use what? On the technical front, content and material fingerprinting technologies are trying to provide a root of trust for provenance, proving definitively the original creator or manufacturer of cyber or physical media. Tangible and digital assets are being counterfeited and efforts continue to address that. Distributed ledgers can will be used to verify fingerprints or signatures of publish fingerprints or signatures of new items in a publicly distributed blockchain – to combat fake news. public blockchains to aid in ensuring provenance.



Show If
special@anonymous
trimfalse
groupcc-admins,cl-members,cl-employees,cl-contractors,cl-interns, cl-vendors


Continuing ransomware attacks are expected especially with respect to high value targets like government entities, banks, and health care facilities. Normalization and automation of secure software updates is a common mitigation tactic in use today to deter the impacts
Expand
Expand
titleRansomware Mitigation
title AI-Based Cyber Defense

Cyber security engineers will design new techniques to protect data and networks inspired by biological approaches like neural networks, genetic algorithms, and forensic virtual machines. Forensic virtual machines detect signature elements of a novel threat before an attack commences. Just as immune systems create multiple triggers that send white blood cells to target viral and other kinds of attacks, future computer systems will be able to deploy thousands of small applications at once to monitor and defuse evolving attacks. Bio-inspired security techniques promise to identify and respond to “zero day” threats swiftly and cost effectively. Conversely, security threats may begin to mimic biologic systems as well, thus creating “ digital security epidemics ”.

Show If
special@anonymous
trimfalse
groupcc-admins,cl-members,cl-employees,cl-contractors,cl-interns, cl-vendors
Securing the Core

The two core protocols that make the internet work, DNS and Border Gateway Protocol (BGP), are under continually under attack and at risk of being hijacked. For example, attacks may cause BGP to route IP addresses differently (sometimes just detouring the route, sometimes changing the end point). Or attacks may change the authoritative resolution of DNS domains to different IPs, resulting in web traffic going to different sites than the user thought they were going to. Several competing approaches are being investigated to secure BGP and DNS. There will be convergence, but there may be significant technological and societal disruption in the interim.





Content Column
columnalternate
width25.0%
id643608673


Content Block
margin0px 0 10px
id643608849


Show If
special@anonymous
trimfalse
groupcc-admins,cl-members,cl-employees,cl-contractors,cl-interns, cl-vendors


Think device oriented behavioral profiles. Cisco IETF standard which defines how a device is expected to behave within a network. The goal of MUD is to provide a means for IoThings to signal to the network what sort of access and network functionality they require to properly function. Immutable device identifiers are a big intuitive for CL along with pushing PKI backed certificates into IoT devices. Between identity and behavioral profiles of what a device should be doing, spoofing of a device will become much more difficult
Expand
titleManufacturer Usage Descriptions (MUD)
Infrastructure Supply Chain Providence

Supply chain security has become a major focus of U.S. government regulator’s attention working to ensure providers of government infrastructure know where the hardware and software they use come from. As a result, new and improved tools and controls for supply chain risk management have emerged including blockchain or similar registration processes to track physical and digital asset providence. Tamper resistant/proof mechanisms will be incorporated into hardware and software to protect serial numbers and prove providence. Automated scanning of software will continue to improve and be incorporated into DevOps and similar processes to ensure that software includes only elements that are expected and to identify unsafe code.



Show If
special@anonymous
trimfalse
groupcc-admins,cl-members,cl-employees,cl-contractors,cl-interns, cl-vendors


Expand
titleAgile Profile Based Security Architectures

Traditional data centers have all the security technology at the core, so as traffic moves in a North-South direction, it passes through the security tools and protects the business. The rise of East-West traffic means the traffic bypasses firewalls, intrusion prevention systems, and other security systems enabling malware to spread very quickly. Agile Security Architectures enable the ability to deploy firewalls, Intrusion detection and other security controls in virtual environments and in flexible configurations using security extensions to SDN and NFV to change configs and topologies programmatically in response to security threats. Micro-segmentation and zones are an example of agile architectures.  Micro-segmentation  is a method of creating secure zones in a data center where resources can be isolated from one anotherif a breach happens, the damage is minimized. Micro-segmentation is typically done in softwareThe usefulness of networked devices is dependent on having open interfaces to connect to networks. It’s hard to know how to protect a device without knowing something about those interfaces. One solution under development in the industry is the IETF’s Manufacturer Usage Description (IETF RFC 8520); but this approach probably won’t address the longer-term industry needs. Profile based security solutions will emerge which leverage a profile for a user or device so that cyber security solutions will know how best to assure the desired experience. These profiles can also transform the user experience by making AI based anomaly detection more effective and support more comprehensive policy-based security and network decisions.



Show If
special@anonymous
trimfalse
groupcc-admins,cl-members,cl-employees,cl-contractors,cl-interns, cl-vendors


Embedded security provides improved protection of cryptographic secrets, accelerates encryption and malware identification, and provides for cost efficient security monitoring. Secure software downloads allow firmware to be safely updated and hardware dynamically managed. The synergy of these features allows pervasive deployment of security capabilities across networks, including encryption, identity management, device and message integrity, and authentication. This enables end-to-end security solutions that significantly simplify operations and improve end user experiences. 
Expand
titleSecurity By Design
Streamlined Device On-Boarding

The (Wi-Fi Alliance) WFA and (Open Connectivity Foundation) OCF are working to streamline the on-boarding of IoT devices on Wi-Fi networks. The goal is ensuring that users stay in control of their networks. This requires ecosystem engagement across vendors, operators, and open source code groups (like the Linux Foundation). The WFA’s EasyConnect ™ specification and OCF’s Onboarding specification will need to be incorporated into silicon over the next two or three years and supported by operators to complete the transformation.



Show If
special@anonymous
trimfalse
groupcc-admins,cl-members,cl-employees,cl-contractors,cl-interns, cl-vendors


Refers to the ability to use hardware acceleration to improve the performance of cryptographic operations which are especially computationally intensive. These Crypto H/W Accelerators are more efficient than GPU based solutions. There are a growing number of application-specific chips on the market that serve as secure key storage and crypto-accelerators for small micro-controllers and are called Secure Elements. With these chips, you not only get high security for device keys, but the cryptographic functions (cipher suites) are hard-coded into the chip and can be accessed through an API. These chips can do a crypto operation in milliseconds and make implementation much simpler. In addition to the secure storage for the keys, the secure element provides hardware acceleration for cryptographic operations that would normally be impractical for small micro-controllers used in small IoT devices. This allows for digital certificate authentication to be used to secure even very small
Expand
titleCrypto Acceleration Hardware
Agile Security Architectures

Adversaries attacks and network architectures are continuously evolving which requires our network’s security posture to adapt quickly. Processes exist for updating the signatures on firewalls and Internet protection software on endpoints, and lots of end point devices (including mobile devices) are automatically patched. Ensuring that security tools deployed on access and premise networks can adaptively respond to attacks is the next step. The goal is a security posture that is harder for adversaries to track and subvert and improved economics as companies employ only the security that is necessary to deal with actual threats. Virtualization is the key enabling technology and will allow security software to be dynamically deployed where and when needed to detect attacks, mitigate them, and then remove or isolate infected devices.



Show If
special@anonymous
trimfalse
groupcc-admins,cl-members,cl-employees,cl-contractors,cl-interns, cl-vendors


Expand
titleSelf-Sovereign Identities

Self-Sovereign identities are owned by the individuals who creates them. As the As the owner and the creator of your own private info you should will have control over its lifecycle –including : termination, erasure, and visibility into when, where, how it’s to be used. The European Union EU has broadly adopted GDPR and California just passed one of the toughest data privacy laws which goes into effect went live in 2020 called the California Consumer Privacy Act of 2018. (California Consumer Privacy Act of 2018). With self-sovereign identity, individuals don't rely on another party, such as Facebook, to issue them an identifier for their use. They create the identifiers and own and control them along with what information is shared with whom under what conditions.





Content Column
columnalternate
width25.0%
id643608709


Content Block
margin0px 0 10px
id643608885


Show If
special@anonymous
trimfalse
groupcc-admins,cl-members,cl-employees,cl-contractors,cl-interns, cl-vendors


Evolvable Programmable Security refers to the ability to employ new security cryptography in an agile way. With programmable hardware, it will be possible to change key lengths on the fly without requiring new hardware.  Security mechanisms can adapt to new threats without replacing infrastructure
Expand
titleEvolvable Programmable Security
AI Based Cyber Offense

Just as AI can be used for cyber-defense, it can be weaponized for offensive purposes.   Hackers ability to launch sophisticated automated AI based attacks will grow, AI/Machine Learning helps to identify real time threats but also enable s hackers to carry out more sophisticated attacks. It’s the Electronic Counter Measures and Electronic Counter/Counter Measures (ECM/ECCM) cycle.



Show If
special@anonymous
trimfalse
groupcc-admins,cl-members,cl-employees,cl-contractors,cl-interns, cl-vendors


By combining the decentralized Blockchain principle with identity verification, a digital ID can be created to act as a digital watermark which can be assigned to every online transaction of any asset.  Blockchain technology can be applied to a variety of identity applications (digital identities, passports, e-residency, birth certificates, wedding certificates, IDs, online account logins, etc.). IBM is one company creating a decentralized approach (Blockchain Trusted Identity) to identity management – enabled by Blockchain – building on top of open standards in combination with Decentralized Identity Foundation (DIF), World Wide Web Consortium (W3C) and other standards groups
Expand
titleDistributed Ledger Based Authentication
Evolvable Programmable Security

Agile security architectures are not enough to keep pace of our adversaries. The ability to reprogram and update our security solutions along with security tools that benefit from cryptography, quantum resistant algorithms, and light weight cipher algorithms will be necessary. The ability to employ these advances without expensive and disruptive changes to access network architectures is an economic necessity requiring programmable security mechanisms (software and hardware) that can adapt to new threats and enable new capabilities without replacing infrastructure.



Show If
special@anonymous
trimfalse
groupcc-admins,cl-members,cl-employees,cl-contractors,cl-interns, cl-vendors


Just as AI can be used for cyber-defense, it can be weaponized for offensive purposes. AI & machine learning will help to identify real time threats but also enable hackers to carry out more sophisticated attacks; It's the Electronic Counter Measures and Electronic Counter/Counter Measures (ECM/ECCM) cycle. 
Expand
titleAI Agent Based Cyber Offense
Security

Phishing and other social engineering attacks continue to be employed in most successful cyber-attacks today. Adversaries use these mechanisms to directly execute fraud or to gain access to or change credentials so they can execute other attacks (such as deploying ransomware on key servers at a business). The intersection of big data and artificial agents (such as Cortana, Alexa, or MyCroft) will give rise to more advanced agents that can help detect fraudulent calls and emails much more effectively than a person can.






Content Column
columnalternate
width25.0%
id992113965


Content Block
margin0 10px
id992114084
Content Block
margin0px 10px
id992114084


Show If
special@anonymous
trimfalse
groupcc-admins,cl-members,cl-employees,cl-contractors,cl-interns, cl-vendors


Expand
titleBio-Hacking of Embedded Sensors

Advancements in the development of micro sensors is fast enabling a new generation of medical devices as well as some interesting applications by independent body hobbyists (e.g., DIY Bio-hackers). Implantables like pacemakers and digital insulin monitors are the most compelling examples of this type of technology improving the quality of life. As these technologies become more connected, there is growing concern that they could be “hacked”. Bionyfiken co-founder Hannes Sjoblad had an NFC chip implanted in the skin   of his hand so that he would not need to carry a wallet, keys or security card for the office. Websites like Dangerous Things are starting to crop up to offer other DIY bio-hacking and augmentation projects.

Content Column
columnalternate
width25.0%
id992113965
Trusted “Virtual” Execution Environments

Trusted execution environments provide the ability to execute code on a server that is resistant to introspection or other types of attacks possible on virtualized environment. Major chip manufacturers have developed proprietary solutions. As software-based architectures become even more widely deployed, use of trusted execution environment technology will evolve. Standard instruction sets that ensure cross-platform support will transform the ability of service providers to secure virtual services.



Show If
special@anonymous
trimfalse
groupcc-admins,cl-members,cl-employees,cl-contractors,cl-interns, cl-vendors


Expand
titleQuantum Resistant Based Cryptography

Quantum computers are expected to be able to exponentially speed up the process for factoring of keys. It would pretty much destroy RSA, and the situation is similar with all of the other public-key systems currently in common use. Post-quantum cryptography, also known as “quantum-resistant cryptography”, are cryptographic systems that are secure against either classical or quantum computers.  Lattice based cryptography, lead by IBM, is another variant of quantum resistant cryptography. NIST recently closed its call for proposal submissions for its new initiative on creating quantum-resistant cryptographic algorithms for new public-key crypto standards (Nov 2107). It received 69 submissionskey distribution (QKD) can, in principle, offer information-theoretical security between two remote parties, guaranteed by the fundamental laws of quantum mechanics. This is because eavesdropping on a quantum information channel destroys the state being transmitted, and thus can be detected by the parties involved. QKD is important because early prototypes of quantum computers, employing quantum algorithms, can in principle factor very large numbers and threaten current cryptosystems.



Show If
special@anonymous
trimfalse
groupcc-admins,cl-members,cl-employees,cl-contractors,cl-interns, cl-vendors


No two people act exactly alike – and continuously evolving behavioral profiles could be the answer to the fragmented world of password and 2-factor based authentication schemes and ever rising identity fraud. Behavioral bio-metrics are not new; advances in techniques that use big data and machine learning to uniquely identify people based on hundreds or thousands of unique behavioral traits including observed human traits, personal characteristics (beyond speech, geo-location and device-based indicators) will become commonplace as the mechanism to create unique profiles which can be used for authentication of users in the future
Expand
title Adaptive Behavioral Biometrics
Quantum Resistant Cryptography

Significant research continues the use of classical approaches (methods that do not rely on quantum technology) to achieve quantum resistant cryptography. Research on solutions that are resistant to Shor’s and Grover’s quantum algorithms are promising. NIST is considering solutions (in fact, they are currently considering 26 distinct algorithms) for post-quantum cryptography. It’s likely to take at least five years to complete the process for these algorithms to become available to the industry at large.