Wednesday, February 3, 2016
Information and Cyber security have never been more critical than today as computer and control systems are increasingly connected to the Internet and they have become targets of enemies and attackers from inside and outside of organizations. Therefore we need to continuously find better approaches to protect our systems against increasingly sophisticated attacks. Specifically, attempts to compromise the confidentiality, integrity and/or availability of systems are on the rise. The first line of defense is to have preventive measures such as strong authentication, access control, and encryption. However, it has been proven time and time again that preventive measures alone are not sufficient to protect ever sophisticated and interconnected systems we currently have. As we all know, it is an elusive goal to build exploit free systems due to, but not limited to, design and implementation errors, configuration errors, vulnerabilities in the third-party systems and libraries, and social engineering attacks. For example, buffer overflow vulnerability has been known for many decades, but we are still hearing damaging attacks exploiting this vulnerability in current systems. Given the disadvantaged situation we are in, what can we do to protect our systems? In my humble opinion, there is no single silver bullet solution that solves the issue. Instead we should take a holistic approach where multiple lines of defense are utilized along with attack detection and mitigation techniques.