DARPA director calls for cyber security change

DARPA director calls for cyber security change

This post is also available in: heעברית (Hebrew)

CyberSecurityIn a recent C-SPAN interview by Mary Jordon from the Washington Post, Dr. Arati Prabhakar, director of the Defense Advanced Research Projects Agency (DARPA), conducted stated: “The attacks are happening in microseconds, so today all we can do is patch and pray, and keep throwing human beings at the problem. We are looking for a fundamentally different way to get faster than the pace of the growth of the threat.”

Clearly the realization has hit that real-time cybersecurity is now a necessity, and it has reached the point of requiring big changes in how we are going to fix it.

The basis of today’s information processing technologies historically aggregate information for distribution or processing such as initiating machine control system event actions across the predetermined information system processes. The very reason hackers can hack is because information processing transfer and aggregation data is historically transported and stored.  We encrypted at the end points and we store data at the historical data output level.

This time window allows hackers the ability to manipulate these historical information processes and change the information process or machine action that may only take milliseconds to occur.

Today’s cybersecurity technologies aren’t even in the right place to detect these breaches. If we are to get faster than the pace of the growth, as stated by the director of DARPA, we need to be ahead of machine action microseconds rather than be caught in historical information processes we currently use today.

iHLS Israel Homeland Security

Cybersecurity weakness are clearly being disclosed with attacks publicized by all major media outlets almost daily. These disclosed weakness are beginning to concern both customers and major cloud providers. There is mounting evidence that today’s cybersecurity technological approaches that have served us well for years may no longer be valid for information processing today and for future technologies like the Internet of Things (IoT). The two areas of concern are how we attempt to secure and analyze information processes through the use of algorithms and analytics. Both of these technologies have the same vulnerability in how they work and how they are hacked. They both operate at the historical data output level. This offer hackers the opportunity to manipulate or breach algorithms and access stored data and, in , change the information process.

There is a big fundamental problem with securing IoT though. The systems are so small that even today’s patch and pray cybersecurity fixes won’t work. It is not like you’re going to take a $10 IoT device in and ask to download a security upgrade patch. Even if you did, in many cases there wouldn’t be enough room in the processor or memory to install the software patch. The need for a new security platform for IoT will be one of the main driving factors for major changes in cybersecurity. There also are reasons today to change cybersecurity, but the pain of unacceptable cybersecurity platforms is just now being recognized in big industry revenue losses by cloud providers.