The Future of Security at the Intelligent Edge

Working at Star Lab requires we give considerable thought to how security will evolve over time as it relates to intelligent systems.  Below are my predictions, with a small shameless plug for Star Lab’s approach. 

The trend in the 20s will be one that moves from Enterprise Influence, i.e, just apply current enterprise and cloud security solutions to the intelligent edge (IE), to Fight Through, where systems have the intelligence to automate attack discovery as well engage survival defenses such as reconfiguration and / or engaging response actions to minimize or neutralize the threat.  In between will be a phase where vendors pay more attention to making systems more secure during development, i.e., the Secure-By-Design phase.  This concept is already gaining the attention of the U.S. government.  In a recent report from Cybersecurity and Infrastructure Security Agency (CISA) [1], they state, “The burden of security should not fall solely on the customer.”  Here is where we’ll see the five needs on the figure above come into focus as vendors attempt to address and balance them, while still making a profit.   

Looking toward the future, the evolution of security for the IE will progress along three paths.  These paths represent how attackers and defenders will continue to engage each other with increasingly more sophisticated capabilities.  Let’s look at the attacker side first.  As DARPA’s Cyber Grand Challenge [2] demonstrates, AI is already being used to rapidly identify vulnerabilities and craft malicious code to exploit them.  We’ve also seen supply chain attacks demonstrate the willingness of attackers to be patient and to engage in long-duration, multi-phase strategies to achieve their goals.  Patience was also on display during the recent attack against LastPass, one of the largest companies specializing in password management.  The attackers were able to compromise and steal thousands of passwords by first targeting the home systems of privileged admins [3].  Ransomware too will continue to be a tool for attackers.  The IE community should expect to see this tactic very soon [4].  We got a taste of this kind of attack with Colonial Pipeline [5].  Next, we’ll see, as more and more critical devices are fielded, that tamper attacks will increase, both in number and sophistication.  The malicious actors performing these attacks will undoubtedly want to go undetected as their tradecraft and tools will be expensive to produce and nearly impossible to replace if discovered.  Finally, we cannot leave out the impact AI will have on security.  WhileAI will certainly help improve security solutions, what’s frightening is how AI will aid in social engineering, in developing devious attack strategies, and in how it will potentially help in creating new, more innovative malware.   

Looking at the defense side, I predict there will be a focus in two areas.  First, obviously, is a concerted effort to build intelligent systems more securely.  The routine term ‘shift left’ as applied to security over the past few years has been realized using tools and scanners assessing software under development—scanning for CVEs, poor coding practices, and flaws.  Scanners are now providing additional insights into open-source software.  These scanners, as well as emerging code writing co-pilots, are unfortunately giving people and organizations a false sense of security while also diminishing any real incentive to engineer security properly.  At Star Lab, I’m hoping we’ll right the ship by introducing tools and solutions for an embedded DevSecOps environment that encourages authentic security engineering.  We’re creating tools that make it easy to conceive of and think through threat models, tools that help engineers quickly assess their attack surface, tools that make it easy to quickly build in layered security, tools that help customers leverage security hardware, and tools that help engineers quickly perform and assess the impact of security on other functional requirements.  These tools will reduce the friction in building secure and resilient systems and hopefully make a real impact.   

Resiliency, or what might also be referred to as survivability, is the ultimate objective.  It’s not helpful to simply have the goal of keeping attackers from compromising a device.  As time has shown, that is not realistic.  At Star Lab, we help customers design secure systems under the assumption the attacker will gain access.  In the past, redundancy and some form of failure prediction was enough, then defense-in-depth and zero trust philosophies grew in importance.  In the future, survivability will come through creating security-smart systems capable of understanding when a threat is present and automatically taking action to reduce or eliminate the threat of impact to operations.  Improvements in compute (driven primarily by AI requirements at the edge) will make this possible and help reduce the need for security to be minimally intrusive.  Survivability might be achievable.   

References:  

1. Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and -Default Publication: April 13, 2023, Cybersecurity and Infrastructure Security Agency 

2. DARPA Cyber Grand Challenge

3. LastPass Hack

4. Are Embedded Devices the next Ransomware target? 

5. Colonial Pipeline Breach

  Learn more about Star Lab’s solutions, and our approach to security by reading one of our whitepapers!