Mitigating Risk & Compliance

By: Dr. Cemal Dikmen, CTO, SS8 Networks

It has been said that nothing is constant except for change. But not all change is the same and the pace of change we are now seeing is very different than what we’ve seen before, presenting both new opportunities and challenges.

The evolution of technologies we’ve seen over the last decade or two has been exponential and is having a compounding effect. We’ve seen dramatic increases in storage capacity, bandwidth, and computing power. Add to this the evolution of mobile technologies as we quickly progressed from 2G, to now 5G, at an incredible pace. Then, layer on top of this technology drivers such as e-commerce; mobile device proliferation; the Internet of Things (IoT); cloud,  containerization, and virtualization; software-defined networking (SDN), automation, machine learning (ML), and artificial intelligence (AI) – and it starts looking a lot less like change, or evolution, and a lot more like combustion. It would be like if the advent of human flight, nuclear fusion, genetic engineering, rocket fuel, and space travel occurred at the same time as that of the advent of the wheel. Certainly, this would have created an explosion of new opportunities and, with it, an abundance of risk.

Multi-dimensional risk factors

Each facet of these advancing technologies comes with their own unique and inherent risk profiles.  Our dependency upon them as well as the mission-critical nature of their use cases only exacerbates these risks.  5G, for example, has its own, unique risk factors – but add to that the use case of self-driving cars or smart utility grids, and the risk is significantly amplified. Similarly, the explosion of the IoT creates unique vulnerabilities, but then consider the use case for remote surgery or insulin pumps and risks increase exponentially. In addition, the rate or speed of adoption across all these technologies is being driven by a seemingly insatiable demand with enterprises and service providers struggling just to keep up, focusing primarily on implementing the required infrastructure needed to capitalize on these emerging opportunities.

Government regulators are tasked with developing broad-reaching requirements to mitigate risk to citizens, businesses, economies, and even entire countries. There is just one problem. The regulators are less concerned about the underlying technologies, and much more concerned about the consequences.  In the case of terrorism, they don’t care about how you are delivering your services, they care about stopping the threat through effective lawful intercept. They don’t care if a self-driving truck is using 5G connectivity, they care about stopping someone who may have loaded it with explosives and now has control over where it goes. And, while that may seem farfetched now, it’s not as unrealistic as you might think.

Not that long ago, we saw the disruption of connectivity across the entire US East Coast with the Dyn attack – costing companies an estimated billions of dollars in damage. Hackers used malware to take over millions of unsecured IoT devices and launch sophisticated and coordinated waves of attacks to overwhelm Dyn's servers and bring down large ecommerce, social media, and entertainment companies such as Paypal, Twitter and Spotify. While several years ago, the Dyn attack serves as a dark milestone as the world's largest, most coordinated, and effective IoT cyber attack in history.

More recently, the US saw foreign states penetrate the highest level of government for months, with what has become known as the SolarWinds attack. Couple that with the cyberattacks on pharmaceutical companies developing the COVID-19 vaccine, and the risk is very real. In addition, the persistent threats to infrastructure can cost more than money; they can cause the loss of life. The winter storms in Texas illustrate how critical our dependence on infrastructure has become, and the havoc that could be caused by a successful attack on power grids. And what we have witnessed to date may just be the beginning or, if nothing else, the tip of the iceberg. In fact, these events may not be indicative of the actual risk, but rather a small glimpse into what the telescoping magnitude of risk could look like in the future. 


Latest Updates

Subscribe to our YouTube Channel