At the dawn of computer security in the late 1980s, antivirus software emerged as a response to the first malware.
Since then, the industry has been playing catch-up, and the challenge for cyber-defence solutions has been to recognise new malware and techniques as quickly as possible and offer the appropriate protection. The force of action is equal to the force of reaction.
During more than 30-years of this game of cat and mouse, the stakes have changed significantly. Today, cybersecurity, data protection and countering advanced APT attacks are becoming a priority at the highest government level, and corporations are spending almost a third of their IT budget on protecting against cyberthreats.
As in many industries, cybersecurity may also – sooner or later – experience an evolutionary leap that could change the nature of the game. Perhaps this moment has already come: the transition from protection against cyberthreats to immunity from them.
When existing security solutions are not enough
In certain areas such as corporate protection, current solutions are very effective. But the problem is that there are some systems on which anti-malware solutions cannot be installed, such as small boxes of IoT gateways or electronic control units in a connected car.
Meanwhile, the use of connected devices and the IoT is gaining pace and forecast to grow by 25% between 2019 and 2027. And in the case of critical infrastructures or smart cities, digitalisation, the use of cloud, or digital twins demand extra cybersecurity measures to avoid critical consequences. The recent example from the Colonial Pipeline once again showed how painful they could be.
Another problem is that these risks are not really assessable in advance. So, in addition to the traditional means of protection, a new approach is needed when security is a property of the connected device, system, or security solution itself.
What is cyber immunity?
Cyber immunity’s goal is to enable a scenario where attacks cannot affect a system’s functions.
The cyber immune system is based on the principle that everything that is not allowed is prohibited. This means that the components of the system can perform only those functions that were defined during the development.
How is this achieved?
To make a system cyber immune, it should be developed according to a specific methodology and with the right components.
Firstly, a security goal of the system should be clearly defined – for example, to enable confidentiality and integrity of data transferred from a device to a cloud. It should be stated that the system meets this goal in any use case. For example, if someone builds a house in an earthquake-prone area, they must consider earthquake protection measures at the design stage.
Secondly, all system components, such as applications and drivers, must be isolated from each other so that if one component is compromised, it won’t access another. Just like separating apples, oranges and peaches into different baskets: if the fruits in one basket start to grow moldy, it will not affect another basket.
Thirdly, communication between components must be controlled, with only the specified type of communication allowed. The kernel of such an immune system should be as compact as possible, in order to minimise the possibility of bugs and vulnerabilities and to narrow the attack surface. As a result, security becomes an integral feature of the system.
In practice, this means that if, for example, there is an attempt to remotely connect to any component of the advanced driver-assistance system, which is responsible for the autopilot in the car, then nothing will happen.
No third-party application will be able to take control of the system, because the affected component will remain isolated and will not be able to allow other parts to be compromised.
Since 2002, we have been hatching the idea of an approach that would make IT systems secure-by-design. During this time, we have developed an operating system (OS) that enables the requirements described above. We have also been exploring its application in various fields and starting to develop the first products.
Immunity became a cherished word in 2020-21 due to the pandemic. By chance, also in 2020, our concept of cyber immunity based on the OS, was finally embodied in the first product, announced in April 2021. This is an IoT gateway that allows customers to securely collect telemetry from connected industrial equipment and transfer it to the cloud for processing in business applications.
Cyber immunity has a long road ahead: its application will expand to various projects and solutions that have increased requirements for cybersecurity in the field of critical infrastructure, smart cities, automotive and other areas.
And in the foreseeable future, we hope that this approach will help raise the security of these industries to a qualitatively new level and reduce the likelihood of cyberattacks and their consequences.