IT Security: When Maturity is Overrated
In so many parts of life, the passing of time is a benefit. Wine and whisky mature, intelligence is gained, and friendships grow stronger. For those of us working in IT security, however, the passing of time brings new challenges. Prolonging the use of older technology exponentially increases risk and the resulting problems can cost more than recommended maintenance/upgrades.
Let’s consider three facts:
- Fact 1: IT is fundamental to the economy, safety, health, and well-being of the world’s societies. Today’s IT systems support everything from advanced medical research to a country’s economic growth.
- Fact 2: Attacks on IT will continue to evolve in terms of efficiency, complexity, and deviousness. The need for better prevention, detection, and remediation recovery from cyber attacks continues to grow.
- Fact 3: IT devices are developed to perform securely within the known constraints and challenges of their launch environment, with flexibility for some upgrades. But at some point, all technology reaches a lifecycle limit. Quite often that limit is less about the device’s ability to “just power up” and more about it doing so securely.
Consider these facts together and what is the conclusion?
You may think your 10+ year-old networking device is doing the job for which it was intended, but only if that job doesn’t include keeping your network and data secure.
Decade-old network devices are less likely to have the protections necessary to withstand today’s cyber attacks. This is just as true for networking devices as it is for a legacy SCADA system connected to the internet or a 5 year-old laptop with an aged operating system. They may not support the detection of modern threats or seamless recovery from advanced attacks.
While threats are evolving, as we’ve seen in not one but two recent cases, so is the ability for technology to defend itself. We’re seeing more and more important security-centric capabilities in newer devices. These capabilities are useful to help prevent or defeat the persistence of malware or unauthorized software on devices.
- Image Signing: Cryptographically signed images help ensure that the firmware, BIOSes, and other software are authentic and unmodified. These signatures provide a critical check so that only authentic, unmodified software can be executed. As the system boots, this signature is checked by an anchor of trust, ensuring the integrity of the system’s software
- Secure Boot and Hardware Trust Anchors: Secure boot takes image signing to the next level by providing increased assurance about the integrity of the hardware and software that are performing image checks and other critical system functions. It does this through a combination of immutable, hardware-based anchors of trust and it assures that a system’s foundational state and software that is to be loaded is unable to be modified (regardless of a user’s privilege level.)
Combining these two features makes a system even stronger, and having image signing would effectively mitigate persistent attacks like those referenced above, which we’ve seen in recent months. Secure boot would make that protection even more robust. A device with these characteristics offers a network administrator the ability to prevent man-in-the-middle replacements of software and firmware, provide layered protections against persistence of illicitly modified firmware, as well as an anchor by which to root trust of the platform. If you go back just 7-10 years, you will find that most devices did not feature image signing, secure boot, or verifiable trust anchors. Additionally, hardware and/or low-level system changes that make these capabilities possible prevent a “simple” upgrade of the older technologies that are in place.
Cisco considers these defenses a few fundamental examples of the hundreds of features, functions, and design decisions that we make when designing and building products that are resistant to the latest and anticipated cyber attacks. These defenses are constantly getting better and, as a result, continually evolve in our products and services. Our version of how we do this – from our secure development lifecycle, to security-centric features and functions, to supply chain security – is described at Cisco’s Trust and Transparency Center.
Underpinning both new and old systems with strong operational practices is a must. We recommend good security best practices including software patching, strong credential management, physical security for all network devices (not just endpoints), and robust architectural defenses that include flow monitoring. If your older system can’t be upgraded for some reason, these operational practices are even more critical for network administrators to implement.
A combination of modern defenses built into all aspects of your network and best-practice operational considerations are essential preparations as we look at the threats that lay ahead. This requires a realization of the importance of the fundamental nature of IT, and an honest assessment that the decades-old technologies deployed may be harboring latent risk.
Cisco has been constantly evolving the security of our products to address these risks and is committed to helping our customers and the IT industry evolve to ensure security. Doing so is the only way to let everyone spend less time managing cyber attacks and more time enjoying our wine, whisky, and friends.