Rationalizing Trust in Cyberspace
By Srinivas Kumar
Chief Technology & Product Officer at Mocana Corporation
All our knowledge begins with the senses, proceeds then to the understanding, and ends with reason. There is nothing higher than reason.
– Immanuel Kant
In the world of humans and devices inhabiting cyberspace, rationalizing trust must begin with the “end” rather than the “means to the end.” The market is inundated with mantras from passwordless to zero trust, from managed detection and response (MDR) to endpoint detection and response (EDR), from ransomware to supply chain compromise.
But the real goal is to bridge the deep divide between detection and protection. The end is to protect things, and detecting cyberattacks is merely a means to that end. While one must watch for incoming attacks (malware and kill-chains), one must also build operational resilience on the intended targets to neutralize landed threats. An offensive strategy on the device (assets) is required to complement a defensive strategy on the network (outposts), because the end is to protect the assets and not the outposts.
Protection vs. detection
Can we achieve protection without detection? After all, detection is just a means to achieve protection. Protection provides immunity whereas detection provides awareness. Protection offers control whereas detection provides visibility. Therefore, detection and protection are essentially the “yin and yang” of cyber resilience (the dark and light side of cyber).
The key to protection is the key (no pun intended). Cryptographic protections, a means to establish data protection, are the fundamental building blocks of privacy and confidentiality in digital transactions – the wheels of e-commerce and digital transformation. While anonymity is desirable for privacy, transactions require establishment of mutual trust.
Certificates based on immutable identity derived from a local root-of-trust anchor (secure elements) serve as the means to establish authentication between peers, prior to secure key exchange. Use of certificates is the means to achieve zero-trust networking between “things” with universal interoperability in a global market fragmented by export/import controls on cryptography.
The password dilemma
Passwords are a means to identify an interactive user in a transaction. A strong password policy (strength and change frequency) and multi-factor authentication provide enhanced security against password cracking attacks. However, headless (non-real life) devices outnumber humans by a factor of six to one today (with an estimated 46 billion connected devices and 8 billion people on the planet). An average user requires tens of passwords over a year (factoring in the password change frequency). An average device requires one certificate with automated renewal over the term.
Mocana TrustCore provides the foundational platform to build next generation protection with security-by-design and not as an afterthought. Mocana TrustCenter integrated with public and private PKI systems is a turnkey solution for "device protection as-a-service’ that reduces the cost of digital transformation and improves operational efficiencies. Mocana TrustEdge enables zero-trust networking with a unified workflow for IT-OT convergence to protect brownfield and greenfield devices. The horizontal trust platform provides runtime device intelligence to enhance AI/ML training models for timely, contextual, and remote risk management in cyber physical mission critical systems.
- Zero Trust is a Paradigm Shift
- Protecting IoT Devices in Operational Technologies
- The C-Suite Guide to Device Modernization
- The Wheels of Transformation
- The Digital Supply Chain is Not a Trust Chain
- A Definitive Guide to OT/IoT Modernization
- The Conundrums of Trust