Zero Trust 03-31-2022

The Big Zero: How to Protect the Cybersecurity Chain of Trust

Srinivas Kumar

The cybersecurity industry is buzzing with the four pillars of zero initiatives: zero-trust architecture, zero passwords, zero perimeter (perimeter-less) and zero-touch provisioning. Amid all this, information technology (IT) and operational technology (OT) budgets and service cycles are spinning with policies and audits on the strength of user passwords, subscriptions to harvested zero-day threat intelligence for perimeter-based defenses, and device discovery.

How does one provision a device that IT has yet to discover, and how does one harden an IoT/OT device for protection once it is discovered? The status quo is still a “hard edge and soft core” mindset, with managed security service providers and outsourced IT providing network traffic introspection based monitoring and forensic analysis. Isn’t it time for a “software-defined edge and hardened core” paradigm shift?

Trust but verify

A zero-trust architecture is essentially a two-dimensional trust chain. Horizontally, the entities in a service transaction must provide proof of identity and proof of zero compromise. Measuring trustworthiness is the measurement of verifiable integrity. Vertically, the entities’ identity must be verified. Verifiable integrity requires a trust anchor to serve as the root of trust so each actor in the sequence is trusted.

In a zero-passwords model, identity is verified with biometric identifiers (e.g., fingerprint, face recognition) for faster identification. Other models of zero trust use security tokens for authentication and authorization, which is often implemented by service providers and hosted applications (SaaS). While biometrics and two-factor authentication work well for interactive users, these methods do not work for non-real-life devices. IoT devices must be able to establish immutable identity issued by the manufacturer and the device owner.

Perpetual attack staging surface

This form of device authentication will require cryptographic artifacts such as a protected key and an associated certificate from a trusted certificate authority. Furthermore, always-on and connected autonomous devices cannot utilize the inactivity-based automatic locking that is effective with interactive users. So this offers a perpetual attack staging surface for malware and cybercriminals without persistence of life cycle trust in the device.

Thus, the purpose of zero-touch provisioning’s is to onboard greenfield devices at scale into a device management system for continuous monitoring and timely intervention by security operations center operators. This reduces the installation service costs and complexity of interactions between field technicians and data center security administrators to manually identify and onboard field devices at scale. Redemption for brownfield and in-field devices will necessitate one-touch provisioning to harden the devices for resilience and tamper-resistance.

The zero-perimeter (or perimeter-less network) concept has been around for decades with endpoint firewalls and virtual private network (VPN) policies on user laptops and workstations to permit remote access and roaming privileges. However, the notion of perimeter-less in the context of millions of distributed and untrusted IoT/OT devices warrants serious reconsideration. Headless devices require lockdown with a data diode mode of network access privileges, air-tight pinholes based on device function, and authorized outreach to connected services for data sharing. The device is the edge in a device-to-cloud ecosystem.

Built-in protection and software retrofits

To achieve these zero-trust objectives for devices, manufactures will need to incorporate secure elements from the beginning of the device’s lifecycle, and we will need to see more interoperability standards adopted. For in-field and brownfield devices, the secure element function will have to be retrofitted with a software-based physically unclonable function (PUF) to emulate data protection. To avoid reengineering their line of business applications and achieve compliance, device vendors will require purpose-built plug-n-play clients (or agents) for greenfield and brownfield devices.

Any big-zero initiative in digital transformation will require digital security officers and product security architects to embark on device transformation to buildout the four pillars for zero-compromise. For digital transformation to thrive and survive beyond zero-trust networking, zero-trust data will be required that complements data integrity and confidentiality to provide high assurance of data provenance.

The data driven AI/ML engines will require trustworthy devices in IoT and OT at a scale far beyond what IT operators can fathom or service today. In a nutshell, trusted devices are the genesis of trusted data for trusted analytics – without which the outcome will be a net zero-sum gain in trust.


3 Surprising Uses of PKI in Big Companies and How to Ensure They Are all Secure

5 Min