Cyber Paralysis by Ransomware Stings
By Srinivas Kumar
Chief Technology & Product Officer at Mocana Corporation
The recent ransomware attacks within the United States that targeted a national oil pipeline, a meat processing plant, and a transportation service is a harbinger of difficult times ahead. The per incident ransom and service outage costs are estimated to be in the millions of dollars and the global costs in the tens of billions.
The adage “the definition of insanity is doing the same thing over and over again but expecting different results” is a cyber red alert. Ransomware, abetted by crypto currencies, has reached all shores across the globe and is the wave of a digital pandemic overwhelming corporations and citizenry.
No time for politics
It is time to set partisan politics aside, revenue models aside, and solve the problem like professional first responders. Deterrence will require protection for an elevated level of vigilance, track and trace capabilities for capture, and punitive actions for proportional retribution. Crypto currencies must incorporate watermarks on ransom payments (a digital exploding dye pack of sorts) for hot pursuit (cyber chase).
We at Mocana have taken the cyber bull by the horns to plug the underlying gaps. While we respect detection and prevention technologies, and the 24/7 vigilance of dedicated network and security operations center (NOC/SOC) operators, it is time to be politically incorrect and admit that multi-layer defense strategies of the past two decades have failed to protect us from the "digital cockroaches" in cyberspace. It is time for the entire cybersecurity industry to rethink, innovate, and modernize - or surrender to the cybercrime syndicate.
The forensic analysis mindset of chasing the ambulance to perform a post mortem on the corpse and discover “cause of death” to publish yet another rule, or signature, or expression, or CVE is neither a strategy nor an innovation – it is bitter medication. The information technology (IT) and operational technology (OT) stakeholders must come together to address the root cause and systemic flaws in product design. Focusing on post-attack data recovery and business continuity is an act of unconditional surrender in cyber war - like bringing a knife to a gunfight.
Solutions for IT/OT convergence
The Mocana TrustCenter services and Mocana TrustEdge clients provide the foundational protection platform for modernization and IT/OT convergence on brownfield and greenfield devices. The Mocana solution works alongside traditional network-based security solutions by:
- Deploying the TrustEdge client (agent) on all enterprise IT systems (Windows, Linux, Mac OS platforms) using a self-service portal – to authenticate with authoritative and immutable identity, and securely enroll user workstations and servers with digital certificates.
- Deploying the TrustEdge client (agent) on all OT devices (RTOS based platforms) using one-time provisioning – to authenticate with authoritative and immutable identity, and securely enroll headless devices with digital certificates.
- Deploying TrustCenter services (on-premises or in the cloud) for all firmware, software, and configuration updates with supply chain protection (cryptographic trust chain) for track and trace, and remote management of the key and certificate lifecycle (rotation, renewal, revocation).
- Deploying TrustEdge CyberWall to data diode servers from inbound lateral exploits over the network.
Using multi-factor authentication with trusted certificates (and a password protected key) as a mandatory third factor.
Associating the trusted user to a trusted workstation (as the fourth factor) to block users from unmanaged (vulnerable) endpoints from accessing your enterprise systems.
While incumbent network and endpoint-based security solutions, hardening guidelines, awareness training, security policies and compliance audits are necessary and valuable, modernization with innovation without workflow disruption is what the Mocana TrustCenter operations platform offers.
Mocana TrustEdge provides trusted runtime operational integrity metrics with platform attestation, and indicators of risk without requiring local storage for logs or CPU intensive log analysis. Alongside the operations platform, the Mocana TrustCore development platform provides APIs for developers to harden applications with key and certificate-based security.
The proverb "A journey of a thousand miles begins with a single step" attributed to Lao Tzu is the operative doctrine to modernize and protect digitally connected societies.
- Ransomware Attacks Becoming the New Normal
- Ransomware: Critical Infrastructure Is the New Hostage
- The Digital Supply Chain Is Not a Trust Chain
- The Mocana Factor