Hoping to head off cyber threats that aren’t constrained by geographical or national boundaries, President Biden issued a statement urging the continued hardening of domestic cybersecurity and national resilience – with an emphasis on “deter” and “defend”.
“If you have not already done so, I urge our private sector partners to harden your cyber defenses immediately by implementing the best practices we have developed together over the last year. You have the power, the capacity, and the responsibility to strengthen the cybersecurity and resilience of the critical services and technologies on which Americans rely.”
With persistent threats at every door, the administration continues to encourage adoption of better cybersecurity, proclaiming that “critical infrastructure owners and operators must accelerate efforts to lock their digital doors.” A document, written by the DHS, FBI and NSA, U.S. DHS – Seven Steps to Effectively Defend Industrial Control Systems offers seven strategies to counter common exploitable weaknesses. It outlines definitive strategies, including ones that incorporate hardware to harden networks, to achieve better security for critical infrastructure.
Most cybersecurity products and services offered today focus on using software configurations and rules (i.e., firewalls) to slow attackers down or identify breaches in progress and aid in recovering from them.
Why not stop attackers ahead of the breach instead of just slowing them down? The U.S. Government guidance for the DOD, Intelligence Community, and Critical Infrastructure is clear:
- Harden your networks
- Prevent attacks using hardware
- Firewalls offer little more than a speed bump to Nation-state attackers
Cross domain solutions, a class of cybersecurity solutions used extensively across the U.S. DOD and Intelligence Community and now being adopted by critical infrastructure operators, are required to include embedded hardware-enforced defensive measures. It is apparent that with breaches occurring continuously, software-only solutions cannot defend networks and that more rigorous defenses are needed.
The most secure networks are those that use hardware-enforced cybersecurity. This is illustrated in the requirement of the use of cross domain solutions for U.S. Federal programs and the adoption of another hardware-enforced defense called data diodes that have been in use by forward-thinking critical infrastructure operators for the last decade.
Cross domain solutions and data diodes use a form of hardware technology far less well-known than firewalls but far more secure, forming a defensive barrier that cannot be crossed and used as an attack vector into a network. This barrier allows data to flow out of a secure environment (like a flashlight sending light through a pane of glass) without providing any kind of way for an outsider to gain entry through the glass wall. In fact, this type of defense is so secure that in 20-plus years of deploying thousands of solutions, Owl cross domain solutions and data diodes have NEVER been breached.
The bottom line is that more widespread adoption of hardware defenses is what will truly allow operators to harden networks and prevent attacks, rather than scrambling to recover.