Cybersecurity gets a new ally: The network itself Researchers are designing networks that can protect themselves against online attackers
By Doug Page
The nation's computer networks are largely unprotected against cyber attack. In 2009, an Air Force air-traffic control system was compromised by network hackers. In 2010, the National Security Agency said the Pentagon’s 15,000 networks are probed by unauthorized users more than 60 times a second.
Earlier this year it was reported that the blueprints for America's new F-35 Lightning II Joint Strike Fighter were stolen by Chinese hackers. Networks at Google, DuPont, Disney, Sony, Johnson & Johnson and GE have all been breached recently.
New research could lead to a way that the nation’s computer networks can protect themselves against such attacks by automatically changing their setup and configuration.
The work, at Kansas State University, is believed to be the first to investigate whether this type of adaptive cybersecurity, called moving-target defense, can be effective.
"A self-adapting computer network will make the critical resources of the network a moving target," said Scott DeLoach, professor of Computing & Information Science. He explained that the goal is to make an attacker’s job exponentially more difficult by making the network being attacked look as if it’s changing in a chaotic fashion.
Currently, network configuration tends to be static, and routine assumptions are made about the whereabouts of services in terms of either fixed URLs or IP addresses, which the attacker knows as well as the administrator. The use of static configurations is largely due to legacy system components that existed when the network was designed and deployed.
"This lack of dynamism is one important contributor to the ease with which an attacker can launch successful cyber attacks," DeLoach said.
Legacy computer network defense relies on firewalls, intrusion detection and prevention, and anti-malware products. While these systems make attacks more difficult, once a method is found to circumvent them, the attacker maintains any privileges until discovered.
DeLoach told Homeland1 a key element of his proposed approach is the use of virtual machines. "Virtual machines can be easily created and eliminated, thus providing the apparent movement of the system, without actually starting or shutting down physical hardware."
Essentially, the network configuration will be controlled by a central configuration manager. An adaptation mechanism will tell the configuration manager when and what changes to make. These changes may be selected randomly or based on inputs from an intrusion-detection system.
DeLoach said the goal is to protect computer networks against external attacks from criminals, hacktivists and foreign nationals.
"Any computer network dealing with homeland security or critical infrastructure is at risk and can be helped if this technology works," he said.
Read more about moving-target defense here.