We do not possess the ability to examine the upcoming, and nevertheless we can predict with a high level of certainty that we will see far more main cybersecurity incidents in 2016 and 2017.
The world’s cybersecurity capacity is not capable to advance in line with the rising vulnerabilities. We are confronted by far more and far more threats every single working day, and hackers are turning out to be far more refined. Whether an business invests $1 million or $a hundred million in its stability infrastructure, it will continue to remain vulnerable. What’s worse, there appears no finish to this disparity.
Emerging stability answers, fantastic as they may perhaps be, do not improve the total way of factors the World wide web favors the attacker. Awesome business owners, as nicely as established corporations, are building answers that implement improved anomaly detection, improved network segregation, improved user identification and improved leakage prevention. However, these are simply stepping stones, with out the needed leap forward that is necessary for a very long-term answer.
At the same time, the price of securing companies from cyberattacks is constantly expanding. This is compounded by aged technologies not staying replaced by new technologies. As a substitute, new technologies are staying additional to already crowded stability infrastructures. Except if this changes, there may perhaps occur a working day in which it is no for a longer period considered price-effective, enterprise-sensible, to introduce new companies on the World wide web.
Incremental stability changes will not function. We need to have disruptive innovation in the world of cybersecurity. A paradigm shift — one thing that will improve radically the way factors function. We want a answer that will have a major positive effect, equivalent to the a single created by the invention of the car, smartphone or time travel.
I am likely to focus on a single these answer now — building a new, a great deal far more safe World wide web that will radically make improvements to cyber resilience and, at the same time, radically reduce expenditures on cybersecurity. Welcome to the world of AGNs (Choice Global Network). To recognize the thought of AGNs, we need to go again to 1969.
In the starting
In 1969, the same year that Neil Armstrong became the to start with man to step on the moon and the Beatles produced their previous album, Abby Highway, a to start with packet was transmitted about a smaller network named the “Advanced Study Initiatives Company Network,” also recognized as the ARPANET.
Have confidence in was not one thing to be anxious about in this smaller and controlled network. Have confidence in existed in the ARPANET due to the fact there was trust in the genuine world. The distinctive buyers understood every single other and the couple connected devices were being all controlled by the creators of the network. Challenges these as fraud, hacking, malware, denial of support assaults and some others were being, to say the least, really inconceivable.
As time went by, the ARPANET expanded and became the technical foundation for the World wide web as we know it.
So what do we have today? Billions of buyers, who really do not know every single other and definitely do not trust a single an additional, connecting by all kinds of devices (we have no clue what is connected to the World wide web) and working with the network in any way they deem fit.
Have confidence in has turn into a obstacle.
The World wide web
When the ARPANET project started, no a single predicted that it would turn into these a huge success. In these vital early phases, it was not developed with stability in mind, but rather to ensure connectivity. And nevertheless, in a incredibly small time, the ARPANET grew from a smaller investigation network to the huge worldwide network that we all use today.
Several of the present day stability challenges that we knowledge ought to be attributed to the fact that the World wide web is not secured-by-design. It ought to be agreed that presented the prospect, we would unquestionably redesign it.
And to make factors worse, a great deal worse, the way the World wide web was carried out prevents us from upgrading it to a far more safe variation. Enable me make clear what I suggest when I say that the World wide web are unable to be upgraded.
We see a large amount of innovation on the World wide web. We see awesome new programs working with new forms of progressive protocols, like Voice about IP and online video tunneling — factors that no a single imagined when the World wide web began.
Nevertheless, none of all those progressive programs are improving the main way the World wide web works. We have been working with the same problematic TCP/IP stack (far more or less) about the past couple decades, with zero probability that it will be replaced in the years to occur.
We have an immediate need to have for a far more economical, safe, reliable and innovation-welcoming (upgradeable) World wide web.
Why? To enhance the World wide web, we truly would have to enhance all the routers, switches and other connected network devices. And that is difficult to achieve due to the fact the network devices are mostly embedded programs that are bundled with hardware. They do not have regular interfaces and only the manufacturer controls the computer software, which implies there is no way to do it remotely. We would have to obtain and enhance every single and each system.
Even with IPv6 we have failed. IPv6 is continue to not greatly carried out, even although the IETF released its RFC in 1998 and all people agreed about its importance. Google’s studies display that only about 10 % of the buyers who obtain Google companies are performing so even though working with IPv6.
And a great deal like any other area in which innovation has taken a backseat, we see so many challenges with networking technologies today: they are hard to handle, inefficient, unreliable, costly, inclined to manipulations and the record goes on.
Billions of new devices will be connected to the World wide web in the coming years (according to Gartner). At the same time, as we have discussed, cybersecurity threats will radically maximize. Hence, we have an immediate need to have for a far more economical, safe, reliable and innovation-welcoming (upgradeable) World wide web.
AGNs (future-era World wide web)
Nevertheless upgrading the present-day World wide web is an unfeasible process, there could be an additional way.
Wi-fi connectivity technologies of all types (Wi-Fi, satellites, cellular, etcetera.) have vastly enhanced in modern years. And shortly they will access a issue in which business corporations, by working with a smaller number of network devices, could implement all over the world networks that will let World wide web obtain from almost everywhere, by any person and at any time.
Two fantastic illustrations of companies that are now doing the job on bringing wireless World wide web connectivity answers to destinations all-around the world that do not have classic obtain are Google and Facebook — Google with activities like Venture Loon, in which they are planning to use high-altitude balloons, and Facebook with activities like World wide web.org that propose the use of photo voltaic-run drones.
Though daring, a all over the world wireless World wide web is inevitable. It simply makes far more feeling than investing trillions on upgrading super-costly physical infrastructures.
And herein lies the prospect.
A “worldwide wireless World wide web obtain solution” will let us to implement a new way of networking, in its place of working with the classic TCP/IP Stack based network. This network will not automatically be IP-based, but rather be developed on a new connectivity model — far more safe, less complicated to handle and far more economical.
Let us contact this non-TCP/IP worldwide network AGN: Choice Global Network.
Cybersecurity and AGN
AGNs will introduce several chances (as nicely as several challenges) — significantly way too many to focus on right here. Consequently, I will publish about three disruptive positive aspects that signify a paradigm change in the world of cybersecurity that will be created by AGNs.
One particular: No need to have for new stability applications
In the world of cybersecurity as we know it today, each new difficulty (or family members of challenges) qualified prospects to the generation of a new family members of products and solutions. New attack vector = new stability applications. This is why, even though making an attempt to keep up with emerging threats, we go on to purchase new stability products and solutions.
The price of securing companies from cyberattacks is constantly expanding.
As beforehand talked about, all those new emerging answers signify incremental improvements in cybersecurity. They retain the status quo, not often addressing the underlying difficulty, and do not create the changes needed to overcome the menace of hackers. AGNs will radically improve our present-day technique towards cybersecurity, rebalancing the electrical power divide between the World wide web as a pressure of superior and all those looking for to undermine it.
The AGN architecture design ought to let the AGN provider to enhance the network running process and protocol stack both of those promptly and simply. Obviously, this generates new progressive chances, and will also have a huge effect on cybersecurity. Below are some illustrations:
- A malicious entity seeks to exploit the way an AGN protocol works in order to aid a denial of support attack (a great deal like what we see today). In that situation, the instant the to start with attack has happened and been analyzed, the AGN provider can update the full network in a make a difference of seconds, to prevent the same attack state of affairs from recurring. This eliminates the need to have for each business to purchase a new cycle of products and solutions, preserving billions on cybersecurity expenses all over the world.
- An individual finds a bug in a tunneling protocol that allows them to attain obtain to what was or else restricted information. Again, a simple update (network stability patch) and it is mounted.
- A new safe GPS-knowledgeable packet transportation protocol is required to aid autonomous cars and drones. No difficulty, occur again tomorrow and it will be all set.
The ability to mitigate stability challenges and create new network companies breaks the paradigm of new stability challenges = procurement of a new set of stability applications. By way of this, a single of the greatest challenges struggling with cybersecurity today can be solved.
Two: Network virtualization
AGN positive aspects can involve, among the many some others, all of the positive aspects that computer software-described networking (SDN) aim to introduce, but on a worldwide scale. Rewards these as price reduction, computer software-described packet forwarding, central administration and many some others. If you are not acquainted with SDNs, I urge you to master far more about the thought.
One particular of the most vital positive aspects of SDN, which will also turn into a single of the most vital positive aspects of an AGN, is what is recognized as simplified digital administration. Nevertheless digital administration is already carried out in some organizations (by SDNs), in a worldwide network its positive aspects are leveraged and in the long run augmented.
Virtualization in networking will have a equivalent effect to the a single virtualization has in computing, i.e. absolutely revolutionizing the paradigm of the present coupling between hardware and computer software.
Virtualization implies the ability to simulate a hardware platform, these as network devices, in computer software. All of the device’s functionality is simulated by the computer software, with the ability to run like a hardware-system answer would.
The virtualization of networking will also simplify utilizing stability applications.
With network virtualization, any network architecture can be described for any presented set of devices, even though absolutely disregarding the physical areas of how all those devices truly connect to the network. For instance, your “home” network could have your personal computer, notebook, cellular cellular phone, car and all of your family members member’s devices, with no regard to in which they are in the world and with out the need to have to implement any type of VPN answer.
Because the allocation of a system to a network is determined by gentle switches (software-based switches), you can sit at the other facet of the world and continue to be connected seamlessly to your residence network. This is doable due to the fact the network architecture is described by computer software rather than physical hardware (as opposed to today, in which connections to your residence network are only doable if you are connected to your residence router).
You could be capable to define any type of network architecture just by drawing and environment it up on a graphical dashboard. Alternatively, you could be capable to incorporate any type of stability answer in your network by working with simple drag-and-drop gestures. Those applications can involve firewalls, IDSs, IPSs, network recording, Anti-DDoS, etcetera., all of which are digital appliances.
The virtualization of networking will also simplify utilizing stability applications. If a CISO suspects that someone is already within his network, and consequently he desires to implement a new network inspection answer for a small time, he will just have to add it to the dashboard and, with a simply click of a button, make all the site visitors in the network move by the new system. No need to have to define sophisticated routing settings. No need to have to improve vLan ACLs nor firewalls’ guidelines. Those of us who have confronted these challenges with classic networks will truly appreciate the improve.
But for this to completely function, we also will have to improve the way we believe about networks. No far more LANs and WANs. Any person who desires to reward from the network virtualization options will have to stay by the basic principle of “every system is connected right to the AGN” and the AGN will define sensible separation to networks.
A few: Discovered by default
The source of many problems we knowledge with the World wide web today can be attributed to the fact that we are making an attempt to supply companies that demand user identification on a network in which buyers are nameless by default.
The same network is staying made use of for e-banking companies and drug paying for, viewing clinical benefits and little one pornography, social networking and marketing terrorism.
No a single will use AGNs unless of course obtain to the servers and companies on the “Internet 1.0” will be enabled and seamless.
The AGN provider will be capable to implement an identified-by-default network. In this answer, the AGN will authenticate buyers any time they are starting up to use the network and be capable to supply this identity as a support to any software that demands it. In that situation, a user could even be capable to obtain his financial institution with out the need to have to type in a username or password.
The federated identity technique is already staying serviced by corporations these as Facebook and Google. Federated identity implies that the user’s one identity is staying made use of by distinctive identity administration programs.
But not only will buyers be identified, the hardware devices, or rather the network interfaces, can also be controlled to make improvements to stability and trust in the network.
How can that be obtained?
To connect to an AGN, a single need to purchase a new type of Network Interface Controller (NIC) that supports the AGN protocols stack (clearly, present-day TCP/IP NICs will not function with AGNs). A sensible coming up with of these an NIC will create a remotely programmable/upgradeable firmware (to aid the AGN provider’s ability to enhance the AGN promptly and remotely). The NIC will also keep a one of a kind private critical (NICPK). This critical will aid tunneling between devices, as nicely as performing as a type of license to use the AGN.
Primarily based on all those NICPKs, stored in all the NICs connected to the AGN, the AGN provider will have the ability to create some kind of Network Entry Prevention (NAP) answer that will prevent any unknown and authorized NIC from speaking in just the AGN. Also, system to network allocations will be determined based on the devices’ NICPK. For instance, a CIO could define a whitelist of NICPKs that are authorized to obtain inner assets.
And likely the most vital attribute of working with NICPKs is expanding users’ accountability. In the World wide web, as we know it today, it is incredibly hard to work out accountability. Hackers and other malicious entities are getting away with practically anything at all. The AGN provider will improve this, and check activities across the full network. The provider can discover any exercise that is not aligned with the network code of carry out and work out the ideal sanctions on the user and the system.
For instance, if a user created a phishing attack, he will be banned from the AGN network (his account will be disabled and his NICPK will be eliminated from the whitelist of authorized devices). If a user made use of torrents to download movies illegally, he will be banned from accessing the AGN for a week. If anyone instigated a DDoS attack working with many zombie desktops (infected desktops that are staying remotely controlled by a hacker with out the users’ knowledge and consent), the AGN provider will prevent all those desktops from accessing the network until finally the virus is eliminated.
A different attribute of an identified-by-default network is the ability of the AGN provider to command which protocols and which internet websites are authorized. This presents the AGN provider the freedom to decide no matter if torrents will be authorized, and no matter if individuals are authorized to use TOR-like companies. One particular could believe that by building protocol encapsulation, buyers can override the AGN provider limits, and eventually create factors like an AGN-based darknet.
But this is not as straightforward as it could seem, for two main explanations: (A) centralized network administration lets fairly straightforward deep protocol inspection, and (B) the instant the AGN provider learns about this new support, he will be capable to absolutely eliminate it in a incredibly small area of time, consequently not allowing any unauthorized companies adequate time to expand.
Going to an identified-by-design network with a centralized command and high level of accountability is a paradigm change from the uncontrolled and decentralized World wide web that we have today.
What will transpire to the “old” World wide web?
We can expect AGN companies to create native companies that can only be accessed by the AGN buyers, and AGNs could ultimately even absolutely swap the aged TCP/IP-based World wide web. Nevertheless, in the meantime, it is evident that no a single will use AGNs unless of course obtain to the servers and companies on the “Internet 1.0” will be enabled and seamless.
For that to transpire, the AGN provider will have to implement a safe gateway. This gateway will be in demand of protocol translation (by stripping and reconstructing or encapsulation) and harmless move. Developing an AGN <-> TCP/IP (or World wide web 2. to World wide web 1.) gateway, even though retaining a high level of stability in the AGN, is a single of the greatest challenges. AGN companies will have to endure to create an alternative World wide web.
It is turning out to be more difficult and more difficult to safe digital assets. We need to have disruptive answers that will create a change in the harmony of factors — providing a vital lead about malicious components. Not only can AGNs do that, but they can also absolutely alter our technique towards cybersecurity.
Some could be anxious about the reduction of privateness in an AGN world — and they would be appropriate to be apprehensive. An AGN provider will have infinite electrical power about its user. But the fact that he can, does not automatically suggest that he will.
Several periods privateness and stability are opposite forces, and balancing between them is far more an artwork than science. Regrettably, the same goes for privateness and monetization. Nevertheless, if developed appropriate, AGNs can have a genuine, positive effects on the world of technological know-how, while making the buyers sense relaxed and safe.
Implementation, nevertheless, will demand a incredibly responsible and privateness-knowledgeable AGN provider — a single that will not misuse their electrical power. Obtaining a harmony between stability and privateness, between centralized command and open network, between monetization and honest use, are all challenges that we will have to face on the way to building a safe AGN.
To be capable to create a world in which AGNs are doable, we need to have to overcome many challenges and initiate many activities:
- Conducting investigation to create an effective, safe and upgradable network connectivity product (TCP/IP alternate options). This is a fantastic prospect for the market to collaborate with academia.
- Developing an upgradable AGN NIC with a NICPK.
- Developing a safe gateway that will let a harmless move between the AGN new connectivity product and the present-day World wide web.
- Building an inexpensive way to create worldwide wireless (or hybrid) networking answers. Nevertheless wireless technologies are slower than wired technologies, the larger networking effectiveness that we can achieve with a new connectivity product could, to some extent, bridge this hole.
- Devising the technique and code of carry out for these an World wide web.
Showcased Image: locrifa/Shutterstock