Edgard Capdevielle, CEO of Nozomi Networks, agreed to have dinner with me in NYC after a long day of meetings and lectures to our partners and customers. When I walked up to the restaurant, Edgard was outside with his phone glued to his ear, and I couldn’t help but overhear his half of the conversation. The gist of it was that IT people were not getting along with the operations people on a specific project. I harrumphed to myself. After many years in the oil and gas industry, I tend to stay away from the subject due to fear for my career.
My lack of fear for my career in other areas had taken me down many paths with some success: servers on rigs to help remediate and rebuild virus-ridden project laptops, voice over IP for large cost savings, real-time video teleport for deep water remote operated vehicles. However, I always steered clear of the SCADA and automation people. We in IT were seen as “soft” operations. If our stuff went down, no one got hurt or died. If they messed up, well, things blew up.
Edgard ended his call and said, “Tough client.” He explained that there had been a clash of zeitgeist between two groups inside his customer’s organization. The security mechanism that his company offers bridges the gap between IT and OT.
“I get it,” I said. “I have dealt with both sides, and I think that the IT guys don’t always have a clue what they are dealing with.” Edgard squinted and I immediately knew I had stepped in it. “Really?” he said. “You’re a network engineer, so I thought you would see it differently.” Edgard opened the door and we walked in. I was about to speak when Edgard held up a finger.
Obviously, we would need some refreshments before the debate.
He sat down, “I’m really surprised that you would take that stance. I want to listen, and then I’ll respond.” I was stunned by such equanimity coming from a CEO, especially when I was attacking his company by inference if not by proxy.
I explained that knowing too much had traditionally gotten me into trouble. I learned at one job that OT people didn’t want me touching their networks. OT technicians were bridging most of their network, and it wasn’t even routed, much less firewalled. I was always a security guy at heart, so this horrified me. But they were more concerned with stuff getting stopped than protecting the network. They had been wrestling with performance issues over wireless and believed that adding security to the mix would simply make it worse.
“You see, in the short term this makes sense,” Edgard deadpanned. “But it is my experience that TCP/IP will change that. Anything that touches TCP/IP automatically changes in order to talk TCP/IP.”
“You mean like a singularity?” I said.
“Singularity? Maybe that makes sense. Yes, it could get sucked into a black hole,” he replied.
“The more positive analogy is the idea of a technological singularity,” I posited. “It means that eventually, everything will not only merge, but the merging will produce a huge explosive move forward in society and mankind. It’s not really accurate to call it a singularity, because it’s actually the sort of critical mass that results in the creation of a star and not its death. But yes, anything that gets within the magnetic pull or singularity of TCP/IP is essentially transformed by it and included. So I suppose that the technological singularity is already here but just quietly sucking everything into it. I guess Scott McNealy was always right, but he just had it backwards. The computer is the network.”
Edgard replied, “You just won my argument for me. While I understand the security and safety issues –which, by the way, is the reason we both have jobs — this is a short-term problem. Now that the network has reached the OT stuff, the OT stuff will change. It has become IoT, whether it wants to or not.”
He had me there.
Edge information systems and OT have started to become networked and thus data-driven. The market sees a gap in the older security systems that have been baked into networks for so long. For example, they are not backed up by automation, nor can they adapt. And they don’t track behavior. That is table stakes for securing IoT\OT. Devices with automation and intelligence should protect dumber devices. This includes aspects of proactive defense, adaptation and behavioral tracking.
However, proactive defense is not something that many companies can do right now. The security industry has been stuck on signatures and protecting concrete resources. But there are pieces of the delivery package that can help detect payloads that have never been seen in the wild before. There isn’t a signature-based detection system that can see those. They require pattern-based detection.
That’s not heuristics. Pattern matching and regression are math. It’s the reason why people make ASICs or co-processors to assist machine learning. If you can do math at wire speed, you are #winning. Which means that proactive defense is math-based detection. The adaptation layer must use different detection methods, such as emulation and behavior, to find the “no-see-ums” like fileless attacks: Java, HTML, PowerShell or any other shell-based scripting language. They can then update the bits that are part of the attack. All of this to grab the tiger by its tail before it escapes.
I don’t know if there is an agreed-upon term for the integration of different types of security systems that work together by design, but it’s what is needed to solve this problem. It is being called a security fabric and an expert system by some. But regardless of what we call it, it is a singularity in security that we must achieve before the whole thing goes nova on us.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.