Often, change within the technology arena is seen through the lens of Moore's Law; computer power doubles every eighteen months. Many predictions of the Law's demise have come and gone. As technology approaches the physical limitations inherent in Moore's Law, innovation has accelerated. Moore's Law was convenient for expressing technology's exponential growth.
However, the Law's converse – exponential decay – has eclipsed the "Law" and is unrestrained. The broader concept of exponential decay operates unreservedly. Exponential decay spurs innovation, is unrestrained by the present, and arises from the half-life of earlier developments.
Information Security solutions are following a similar construct: exponential decay. The perimeter defense built to address external threats has degraded to also-ran status. Expanding business needs and active circumventing the perimeter, rendering it less-and-less effective.
The progression of security threats, similarly, follows an exponential decay model. Hacking has given way to monetization attacks and espionage; sophistication grows, barriers to entry decrease, and specialization rises. Exponential decay, also, produces geometric increases in records and funds lost in breaches.
Stuxnet's introduction to the world represents the next stage of exponential decay. It epitomizes a militant threat capable of incapacitating industrial production. However, such a sophisticated cyber capability encourages derivatives.
Stuxnet's independent mutation ability and intra-communication has profound considerations. An enterprise (military, government, academic, industrial, etc.) should consider themself compromised, irrespectively, by some form of cyber-malice capable of harvesting or destroying value. Intra-communication is difficult to detect.
One enterprise defense from mutation and intra-communication within the enterprise is layered protection (versus layered defense). While the enterprise perimeter an anachronism, externally, it has value inside the enterprise. Tightly controlling access by limiting access gives the protection and time to address such attacks.
Emerging technologies that allow enterprise to build layered, trusted perimeters, a ring-within-rings, are the exponential decay's response to these new threats. Watch for DLP, SIEM, and GRC applications to add layered perimeter capabilities and tracking of intra-communication. Include intra-communication monitoring within perimeters as a required feature in product selection or expansion.
Authored by Charles King, CISSP - King Information Security, LLC
