By: Dr Robert Ghanea-Hercock, Chief Researcher, BT Security Research Practice
I recently ventured into the jungle that is my back garden, at a request from my senior management (a.k.a. my wife). The task was to make the place respectable for summer garden parties. After mowing the lawn, it was apparent that a large ant colony had taken up residence in the middle of it. Now I like ants, and all of nature’s creatures, but not in the middle of what passes for my lawn. I duly acquired a state-of-the art ant spray insecticide and proceeded to spray the offending ant hill. As a geek, the traditional boiling water method was far too low tech and seemed inhumane. Problem solved; so ants 0 humans 1.
That was last weekend. I duly inspected my lawn again this weekend to find, of course, I now have three smaller ant hills spaced uniformly across the @%$@inglawn! A more detailed inspection revealed that, in fact, the whole lawn is an ant super-highway, and the loss of the primary nest resulted in the colony simply adapting and creating multiple new homes.
So turning to the cyber theme, what is the moral of this sorry tale?
Basically, that malware creation and the black hat community are also highly adaptive and creative distributed networks. The consequence of most frontal assaults on botnets and malware sites is to simply create an adaptive shift in the problem to another cyber location, network, or a new attack vector.
The first problem we face is to communicate to the ICT community, and specifically the executive level, that cyber security is also a complex adaptive system, exactly like any biological ecosystem. Pouring boiling water on the offending sub-species will not make it go away. (Although I have heard this form of cyber defence being proposed as well.)
One solution is to make the environment less attractive. In the cyber case this means securing the primary economic assets that are being targeted, i.e. banks, credit agencies, and online trading processes. All ecommerce should be using at least strong, two-factor authentication for online transactions. It is, of course, not a perfect solution, but it makes life much harder for the attackers. The current state of ecommerce security however is the equivalent of me strolling across my lawn scattering sugar cubes everywhere!
The other basic precaution that few organisations use fully or correctly is encryption. This should be at whole-drive level for anything that moves and database level for everything else that doesn’t. This is like locking your picnic basket before venturing onto the lawn.
Ideally, of course, we would all migrate to IPv6 and a secure OS for all machines in our network. This would be the equivalent of me calling in a landscape gardening company and having the entire garden removed by skip and a new one delivered. It’s a nice idea (and some of my richer neighbours have done so) but it does cost a bit.
If you happen to have a perfect solution for removing ants from a garden, please add a comment!