During the Cold War, a new weapon was built to pierce any shield and for every new weapon, a new shield was built that could not be pierced. This is the infinite game theory about will and resources, and who exhausts one or the other first and drops out of the game.
In terms of cybersecurity, I have been pondering the infinite game concept for over a decade and through multiple startup ventures in this space. We have continued to design shields and weapons, like intrusion detection engines and anomaly detection powered by threat intelligence, rules grammar, regular expressions, probability theory, and deductive, inductive and abductive reasoning. Yet, despite all this, the industry is still exposed to high-profile data breaches and ransomware. What are we missing? That is the question. Perhaps the answer is that we may be solving the wrong problem.
When it comes to cybersecurity for the Internet of Things (IoT), we need to examine not just where the problem lies today, but also, more importantly, where it may manifest again tomorrow. The 5G network and cloud at the edge are poised to be radical game-changers in our lives. What we are observing today is far beyond digital transformation and data brokers. Google is no longer about a search engine, but about APIs. Facebook is no longer about faces, but about data. Microsoft is no longer about an operating system, but about a cloud platform. Cars are no longer about miles per gallon, but about software-defined transportation. Factories are no longer about automation for production at scale, but about artificial intelligence (AI) and machine learning (ML) for robotization. Data centers are no longer about big data clouds, but about edge compute and software-defined storage down in the fog.
What we are observing is the power of transformation. From the Stone Age, through the Middle Age, Modern Age, Digital Age, to the Data Age, the global economy has evolved to the digital platform of data as the fuel that drives intelligence. Intelligence can transform knowledge into tools to be creative, or knowledge into weapons to be destructive. To begin to solve our cybersecurity challenges, we can harvest device intelligence for use as a self-defending tool for cyber protection. Likewise, we can transform device lifecycle management into protection lifecycle management. And finally, we can enhance privacy and integrity of data to establish trustworthiness of data to prevent weaponization.
The tectonic plates are moving in cyberspace. The future of things is in the things of the future. Things are no longer connected simply by wires and protocols, but by waves (5G) and APIs. These things of the future are devices with north, south, east and west connectivity, requiring a perimeter-free, frictionless operating surface.
Take for example the Ashoka Stupa, which contains a fascinating lesson about protection lifecycle, proving that remarkable solutions are possible with ingenuity.
The Ashoka Stupa, outside Delhi, India 1
The Ashoka Stupa, a 7-meter long pillar outside Delhi, India, was built 1,600 years ago and is made of iron that has not rusted. It is 98% iron and the remaining 2% is comprised of lead, brass, bell metal (copper and tin) and phosphorous from wooden blast furnaces (instead of modern limestone blast furnaces). It does rust in the first phase with water and air (ferrous oxide FE-O); however, a chemical reaction between the metal and the first phase creates misawite to form a ferrous oxide hydroxide (FeOOH), which forms a passive layer of “self-defending protection”.1
The traditional information technology cyber security rules identify indicators of compromise on a hacked device — as a forensic science. Forensic science is the discipline in which professionals use scientific means to analyze physical crime evidence. Life science is the study of life and living things. A paradigm shift is required to enable data sciences to reach new heights and objectives for a safer digital planet.
The new IoT cyber protection paradigm must use artificial intelligence with device intelligence — as a life science. As we transition from old security models, cyber strategies will necessarily pivot from reactive methods such as detection, forensics and forensic science, to proactive methods such as protection (vaccination), self-defense (immunity), and a life-science approach to cybersecurity.
Cybersecurity as a service is the enabler to protect IoT platforms in the era of digital transformation. Ask not whether the device is compromised; ask whether the device has protection. Change the rules. Protecting emerging IoT devices and edge clouds is an infinite game, and it has just begun.
1 Photograph taken by Mark A. Wilson (Department of Geology, The College of Wooster). - Original photograph, Public Domain, Wikipedia, The Ashoka Stupa.