Connected devices bring paradigm shift in security

Cybercrime is growing globally without any slowdown, and few countries have emerged at the centre of it. Can you give me your perspective on it?

I think, when we look at cyber actors, it’s all about incentives. At the end of the day, the reason that you have offensive cyber actors is that they are trying to achieve a goal. It could be monetary, or it could be to make a statement in the case of hacktivism. In the case of state-sponsored attackers, it is to achieve some sort of goal. It could be to damage military or other government operations. It could be theft of either intellectual property or critical data that could be used by two governments that are not friendly to one another.

We are starting to see that many governments are effectively building offensive cyber capabilities. And one of the things that we do in the private sector is that we’re very careful to not attribute a specific incident based only on technical forensics. And part of the reason is that in a cyber incident, technical data can be manipulated to make it look like another party was actually performing the actions. We’ve seen a lot of cases where there will be clues, but we don’t know whether they are false clues to make it appear that a different entity was actually to blame. So, they’ll use a compiler of a certain language or the launch, and attack from a machine in a specific country.

Can you reveal how to tackle cyber attacks proactively?

I think, there are three things. First, we need to continue to innovate on the hardware space. So, building new technologies in hardware will create new computer models that will help us isolate data better. A lot of what we see in cyber security is the lack of containment that ultimately makes a breach become high-impact versus simple nuisance. Some of the things that we’re doing in hardware, like in Intel’s latest processors, we introduced a new capability that’s called software guard extensions. It creates a new programming model where you can protect data and execution in an application, even if the platform is compromised.

The next set of things is at the software level. We need to build more secure architectures, and also innovate in how we use security technology to protect devices, protect environments, also detect when breaches occur, and build the right technologies to get platforms and environments back to a good state. Hence, it’s important to not only focus on the protective nature, but really all three of those key elements — protect, detect and correct.

And then the final area is the human factor. A lot of challenges in cyber security originate with people. If you look at things like consumer ransomware, it’s generally through phishing. It means that if  somebody sends an email that looks like it’s from their bank or some other legitimate source, with a link, and if they click on that link, they download and install the ransomware. Using psychological tricks to try to trick a user into downloading, and installing an element. If we look at the business space, very often, we see that breaches are due to lack of good cyber hygiene. We need to continue building new hardware capabilities, we need the right software architecture, and we need to train the entire population to understand the basics of cyber security from the consumer perspective, but then really, have businesses worked towards better cyber hygiene?

Can you share your perspective on how encryption will solve it?

One of the things that we want people to understand is that bad actors can use encryption to protect data that law enforcement would want to have access to. But part of the challenge is that encryption can be done at many levels. It can be done at a device level, but encryption is really just math. Encryption can also be done in an application itself. And the challenge is that if devices are no longer able to protect data, the bad actors can still protect their data, but will just protect it at an application level. And there is really nothing that a government policy or procedures can do to prevent it. So, our perspective is really that you can’t legislate encryption, and instead, we need to move past this debate of whether or not we should do it, and look at other ways to be able to help law enforcement get what they need.

Cyber security underwent changes with the emergence of connected devices. What is your take on it?

A lot of it is to think about the problem differently. So, many of the traditional security products have been layered on computer infrastructure. You have your operating system vendors, and your application vendors, and your security vendors. In the world of IoT, it won’t be practical to use that model. We are going to need to have a good partnership between the device manufacturers and the security community. Because, each one brings unique capabilities to the table. So, the device manufacturer really understands the architecture of his/her platform. Automotive companies understand how the cars are put together, but they don’t have the same level of experience in threat detection, threat management, and on analysing various types of threats. So, part of what we are doing is that we are building partnerships where we can work with these new industries such that each is delivering its best knowledge to the table, to really architect things. But to be candid, we’re in the early stages.

How are you looking at security from platform or partnership approach?

It has to be through a partnership. There is no other practical way due to just the sheer number of smart connected platforms. There is no way Intel Security, nor can any other security vendor, understand how smart TVs, smartwatches, automobiles, power delivery systems, and every type of factory control system on the planet are working simultaneously. But it’s a bit of a different problem in certain types of platforms that we may need to focus more on prevention versus detection. In an automobile, making sure that we have the right protective capability so that we prevent the attack from happening, or as I talked about earlier, containing the attack to a noncritical system. We’re forming a new organisation that is called the Automotive Security Review Board will have car companies engage, will have technology providers engage and will work to do analysis on what are the risks. We’re also looking at how to retool some of the technologies that we have to make them applicable in an IoT world.

How can human intervention protect against cyber-attacks globally?

It is not just from the problem statement, but even from the defence perspective. Part of what we see is that more advanced attacks that you talked about are very sophisticated, and often specially crafted such that we’ve never seen them before. The best way to detect these more advanced threats is through human/machine teaming where you really take the best capabilities of both, in order to be able to understand your environment and detect complicated signals that breach, or a threat or attack is underway in a very wide sea of noise.

And if you think about it, humans on their own can’t process that quantity of data. But similarly, the technology on its own doesn’t have this strategic intellect to really think like the attacker, to say what attackers would potentially do to go after my environment and to look at the data and evolve the data. So, part of what we need to do in the industry is raise the capabilities of our incident responders, the individuals are that are responsible for detecting breaches and then re-mediating them when they happen. And to do that it’s going to mean training many new people.