Categorical Trust in Digitality
()
About this ebook
Smart devices designed for the Internet of Things (IoT), industrial IoT, and operational technology (OT) in the emerging era of digital transformation require protection by design for cyber resilience. Cyberattacks by nation state actors and cybercrime syndicates cause system outages and disruption of essential services. This book is a call to action – for silicon chip makers, equipment manufacturers, managed security service providers, device owners and operators, to begin the journey towards collaborative cyber protection.
The traditional information technology (IT) detection and prevention methods based on threat models are inadequate to defend the billions of devices that are an intrinsic part of our daily regimen. It's essential to adopt protection models based on risk for modernization across all sectors – smart factories, smart cities, smart grids, smart transportation, smart homes, healthcare systems, aviation systems, public utility systems, defense systems, and law enforcement systems.
The power of scientific and technological innovations offers opportunities to transform and reform the way things are and the way they ought to be. If the past three decades are a gauge of the power of innovation, then the next three decades will be a harbinger of the power of transformation.
Over the years, there have been multiple waves of technological evolution. We've seen evolutions from analog to digital over copper, and then from copper to fiber, and fiber to wireless. Soon after that, we advanced from on-premises to cloud data centers, and then from local applications to online applications, then local storage advanced to cloud storage. All these advancements were remarkable endeavors.
The second wave of inventions included virtualization, cloud computing, high speed connections, software defined networking, online applications and remote services. All these advancements have shaped a global economy.
This book emphasizes that the third wave is coming. Recent advances in silicon technologies, field-programmable gate arrays, edge computing, zero trust models, artificial intelligence (AI), machine learning (ML) and deep learning (DL) collectively provide a platform for digital transformation at scale.
Data is the digital currency and trustworthiness is the measurement of digital intelligence. Devices dominate every aspect of our daily living at home, in public, and at work. Digitality and Cybersecurity (digital military) will inevitably shape the future of humanity in profound ways. Even as humans are intensely "machine learning", machines are reciprocally "human learning". Therefore, categorical trust in data and devices is imperative.
Related to Categorical Trust in Digitality
Related ebooks
The Prepper's Guide to the Digital Age: Escape, Evasion, and Survival Rating: 0 out of 5 stars0 ratingsCybersecurity in the Age of Espionage: Protecting Your Digital Life Rating: 0 out of 5 stars0 ratingsThe CISO’s Next Frontier: AI, Post-Quantum Cryptography and Advanced Security Paradigms Rating: 0 out of 5 stars0 ratingsCybersecurity for Beginners 2024 Rating: 0 out of 5 stars0 ratingsBecoming Resilient: Staying Connected Under Adversity Rating: 0 out of 5 stars0 ratingsDIS Unleashed: The Evolution of Digital Immune Systems Rating: 0 out of 5 stars0 ratingsThe People Problem: Strengthening Cybersecurity Through Proper Training Rating: 0 out of 5 stars0 ratingsBuilding a Cybersecurity Culture in Organizations: How to Bridge the Gap Between People and Digital Technology Rating: 0 out of 5 stars0 ratingsSafeguarding the Digital Fortress: A Guide to Cyber Security: The IT Collection Rating: 0 out of 5 stars0 ratingsGuardians of the Virtual Realm: From Protection to Penetration: Navigating Cybersecurity and Ethical Hacking Techniques Rating: 0 out of 5 stars0 ratingsCybersecurity: Protecting The Digital Frontier Rating: 0 out of 5 stars0 ratingsCC Certified in Cybersecurity The Complete ISC2 Certification Study Guide Rating: 0 out of 5 stars0 ratingsFortifying Digital Fortress: A Comprehensive Guide to Information Systems Security: GoodMan, #1 Rating: 0 out of 5 stars0 ratingsHacking and Cybersecurity: Building Resilient Digital Defenses Rating: 0 out of 5 stars0 ratingsCyber Security and Policy: A substantive dialogue Rating: 0 out of 5 stars0 ratingsGuardians of the Net: A Complete Guide to Cybersecurity Rating: 0 out of 5 stars0 ratingsCyberSecure™: An Essential Guide to Protecting Your Digital World Rating: 0 out of 5 stars0 ratings7 Rules To Become Exceptional At Cyber Security Rating: 5 out of 5 stars5/5Cybersecurity For Beginners: Learn How To Defend Against Online Threats Rating: 0 out of 5 stars0 ratingsLeveraging Agile Project Management for Robust Cybersecurity: A Guide for Leaders & Managers Rating: 0 out of 5 stars0 ratingsCybersecurity Rating: 0 out of 5 stars0 ratingsCYBER SECURITY HANDBOOK Part-2: Lock, Stock, and Cyber: A Comprehensive Security Handbook Rating: 0 out of 5 stars0 ratingsThe Five Anchors of Cyber Resilience: Why some enterprises are hacked into bankruptcy, while others easily bounce back Rating: 0 out of 5 stars0 ratingsThe 4Th Competitive Force for Good: Esg Leadership and Efficient and Effective Cybersecurity Rating: 0 out of 5 stars0 ratingsDigital Resilience: Is Your Company Ready for the Next Cyber Threat? Rating: 0 out of 5 stars0 ratingsFortify Your Data: A Guide to the Emerging Technologies Rating: 0 out of 5 stars0 ratingsCybersecurity in Digital Transformation: Scope and Applications Rating: 0 out of 5 stars0 ratingsCyber Heroes Rating: 0 out of 5 stars0 ratingsEthical Hacking for Beginners: Comprehensive Introduction to the World of Cybersecurity Rating: 0 out of 5 stars0 ratings
Security For You
Social Engineering: The Science of Human Hacking Rating: 3 out of 5 stars3/5How to Be Invisible: Protect Your Home, Your Children, Your Assets, and Your Life Rating: 4 out of 5 stars4/5The Hacker Crackdown: Law and Disorder on the Electronic Frontier Rating: 4 out of 5 stars4/5The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers Rating: 4 out of 5 stars4/5How to Become Anonymous, Secure and Free Online Rating: 5 out of 5 stars5/5CompTIA Security+ Study Guide: Exam SY0-601 Rating: 5 out of 5 stars5/5Mike Meyers CompTIA Security+ Certification Passport, Sixth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Cybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5Make Your Smartphone 007 Smart Rating: 4 out of 5 stars4/5Handbook of Digital Forensics and Investigation Rating: 4 out of 5 stars4/5Mike Meyers' CompTIA Security+ Certification Guide, Third Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Wireless Hacking 101 Rating: 4 out of 5 stars4/5Tor and the Dark Art of Anonymity Rating: 5 out of 5 stars5/5CompTIA Network+ Practice Tests: Exam N10-008 Rating: 0 out of 5 stars0 ratingsCompTIA Network+ Certification Guide (Exam N10-008): Unleash your full potential as a Network Administrator (English Edition) Rating: 0 out of 5 stars0 ratingsCybersecurity All-in-One For Dummies Rating: 0 out of 5 stars0 ratingsDark Territory: The Secret History of Cyber War Rating: 4 out of 5 stars4/5CompTIA Network+ Review Guide: Exam N10-008 Rating: 0 out of 5 stars0 ratingsRemote/WebCam Notarization : Basic Understanding Rating: 3 out of 5 stars3/5Practical Lock Picking: A Physical Penetration Tester's Training Guide Rating: 5 out of 5 stars5/5What is the Dark Web?: The truth about the hidden part of the internet Rating: 4 out of 5 stars4/5The Cyber Attack Survival Manual: Tools for Surviving Everything from Identity Theft to the Digital Apocalypse Rating: 0 out of 5 stars0 ratingsPractical Ethical Hacking from Scratch Rating: 5 out of 5 stars5/5Hacking: Ultimate Beginner's Guide for Computer Hacking in 2018 and Beyond: Hacking in 2018, #1 Rating: 4 out of 5 stars4/5CompTIA CySA+ Practice Tests: Exam CS0-002 Rating: 0 out of 5 stars0 ratingsHow to Hack Like a Pornstar Rating: 5 out of 5 stars5/5Cybersecurity For Dummies Rating: 4 out of 5 stars4/5Codes and Ciphers - A History of Cryptography Rating: 4 out of 5 stars4/5
Reviews for Categorical Trust in Digitality
0 ratings0 reviews
Book preview
Categorical Trust in Digitality - Srinivas Kumar
Categorical Trust in Digitality
©2022 Srinivas Kumar
All rights reserved. This book or any portion thereof may not be reproduced or used in any manner whatsoever without the express written permission of the publisher except for the use of brief quotations in a book review.
print ISBN: 978-1-66787-247-6
ebook ISBN: 978-1-66787-248-3
CATEGORICAL TRUST
IN DIGITALITY
As the karmic cycle of human innovations and cognitive genius unfolds a digital culture, a higher evel of thinking with a meta-conscious mind will become necessary to deal with the unintended consequences of digitality.
The journey to digital transformation and civilization begins with a change in mindset as the top line, and the courage to step outside the comfort zone as the bottom line.
Give the innovators you want, the freedom to fly, the incentives to return, and the encouragement to stay.
Dedicated to, and in fond memory of, my parents who taught me that honest, industrious, and selfless duty is life’s mission and is all that matters in the end.
Heartfelt gratitude to my wife Neela, son Srikesh, and daughter Rishika for encouraging me to keep writing and stop terrifying them with my
cyber paranoias.
Security is a must have
control.
Protection is a must have had
countermeasure.
Table of Contents
Preface
Acknowledgments
Navigating Through the Book
The Digital Evolution
Trust Models
Tools and Methods
Categorical Trust on the Road Ahead
How Technology is Transforming Industries
in the Digital Era
IoT is a Constant
Zero Trust
Miles Per Cyberattack
Rationalizing Trust in Cyberspace
Cybersecurity Deja Vu
Zero Trust is a Paradigm Shift
Protecting Devices in Operational Technologies
The C-Suite Guide to Device Modernization
A Definitive Guide to OT/IoT Modernization
Cyber Paralysis by Ransomware Stings
Ransomware Attacks Becoming the New Normal
The Big Zero
The Supply Chain is Not a Trust Chain
Ransomware is Cyber Warfare
Protecting the Digital Planet
Why Cybersecurity is Still Elusive
Evolution of Things
The Way Forward
The Passage to Digital Transformation
The Elixir of Things
The Connected Cloud of Things
The State of Digital Transformation
and OT-IT Convergence
The Building Blocks for Device Transformation
When the Supply Chain Becomes the Kill Chain
The Conundrums of Trust
The Risk Model
The Uphill Road to OT-IT Convergence
Why Breaches Happen
Signaling Integrity and Data Exchanges
Runtime Operational Integrity
The Status Quo
The Epicenter of Cloud Computing
Glossary
Epilogue
About the Author
Preface
The theory and practice of cybersecurity requires an intricate understanding of the cyber anatomy that includes machines, software, user psychology, hacker mentality, corporate policies and processes, interworking protocols, and the network fabric where the crown jewels of informational and operational systems reside.
The Internet era enabled rapid globalization and created a worldwide market for products and services. Cyber is the fiber of global commerce. The Cyber era is on the cusp of opening up a global market for cybersecurity services in a wide array of industries from finance, healthcare, infrastructure, manufacturing, transportation, to customer devices and the Internet of Things (IoT). The tectonic plates for the services industry are shifting from network management to managed security services for business continuity in a compromised environment.
From small, medium, and large enterprises to consumers, the FUD (Fear, Uncertainty and Doubt) factor weighs in heavily as cyber-enabled systems govern daily regime from automobiles, smartphones, laptops, tablets, data centers, and manufacturing equipment to household appliances. The cybercrime syndicate has emerged as a formidable adversary and poses a serious challenge as critical digital assets and business processes are vulnerable to theft of intellectual property, invasion of privacy, and orchestrated subterfuge. Leveraging dual-purpose technology (such as encrypted communications, and anonymization), a sophisticated arsenal of malware toolkits, and programming talent, hackers have succeeded in staging coordinated high profile attacks penetrating modern perimeter and endpoint defenses.
Security cannot be an afterthought anymore as borders are history and threats are geographically ubiquitous. The battle lines have been drawn between the hackers and the tacklers, with a call for action and proportional response. Establishing trust and resiliency in the titanic vastness of cyberspace requires rethinking the security paradigm and continuous vigilance. Resilient defense against a powerful cybercrime syndicate requires a paradigm shift in enterprise risk management. This necessitates a holistic solution to aggregate 360-degree assessments and provide a structure and calculus to create a consolidated statement for real-time, actionable decision making and control. Establishing a synergy between policy, process, and technologies, to measure the runtime operational integrity of systems, requires a force multiplier that augments the human-in-the-loop with an automation based expert system for evidence analysis and incident response. Timely observations need instrumentation to correlate data and context for protection at the epicenter of data breaches – the soft core.
In the theological realm, trust may be unconditional and based on implicit faith. However, in the cyber realm, distrust is implicit and, trust is always conditional and based on explicit verification. The influence of cyber on daily activities at work and home behooves a higher level of vigilance and savviness from netizens, and throughout the supply chain, in this cyber era.
Even as the world economy has transitioned through a simple needs-based adaptation over the centuries from agricultural, industrial, and financial to a services economy, the interdependencies between people, process and machinery has remained intricate. The thin line between products and services is rapidly vanishing as advances in technology reduce the half-life of mainstream products and sustaining services grow into the qualitative differentiator. Threat intelligence provides a frictionless surface for cyber resilience, and an effective defense strategy requires a paradigm shift from a need to know
to need to share
mindset.
Cyberspace has the potential to challenge and influence the social and political order across the globe, as witnessed by polarized and uncivil national elections, the Arab spring in the Middle East, and the tea party movement in the United States. Wars that were historically fought with battalions of soldiers, guns and mortars are fought today with satellite technology, unmanned drones and precision guided missiles that cost billions of dollars. The future wars may be fought with a geo-distributed pack of hacktivists with a benign or malicious purpose, at a low cost of operation funded by nation states or syndicates, with a highly reduced risk of casualties, friendly fire, or collateral damage as in traditional wars. From ransomware for blackmail to stirring chaos amongst citizenry, advanced coordinated attacks on critical infrastructure to challenge the establishment, disruption of financial services, initiating political upheaval for ideological reforms, cyberspace provides opportunities for the motivated.
There are no decisive or war-ending victories on the cyberspace battlefield. The cybercrime industry is omnipresent, outside and inside the perimeter defenses, and expansive. The return on investment in cybercrime is staggering. The first strike capability of an attacker to stage a preemptive attack and survive without any retaliation action poses an enormous risk and is a lucrative financial incentive. In the decades ahead, reconnaissance and data exfiltration techniques of unmanned and precision guided malware will pose a daunting challenge to the gate keepers of critical assets and intellectual property. The monetization of threat intelligence and post breach forensic investigations lures the security industry away from grass roots technology innovations to deal with the resilience of systems, rationality of processes and culpability of people. Advances in dual-use technologies have outpaced the evolution of trustworthy systems, processes, and users.
Digital Transformation is the coming wave in globalization without borders. Much as the Internet, cloud, and smartphones have transformed economies worldwide, the emerging tsunami of devices in activities of daily living at home and work will bring forth amazing conveniences and tragic consequences. A zero trust model for digital (re)engineering requires collaboration, rather than competition, between silicon chip manufacturers, device manufacturers, operating systems, security protocols, application developers, cloud platform providers and cloud services. A solution architecture must be formulated working closely with the ecosystem of silicon chip manufacturers, device vendors, original equipment manufacturers (OEMs) and service providers. This effort must also factor in fit-and-finish for deployment and operations, dovetailing with time honored workflows, retrofitting legacy brownfield devices and manufacture at scale of greenfield devices.
Cyber-security in information technology (IT) for defending development systems is bankrolled by cost center budgets. Cyber-protection in operational technology (OT) for digital transformation and categorical trust may be financed by profit center budgets, with investments in infrastructure modernization, to upgrade revenue generating (and aging) production systems. This is the transformative paradigm shift in device manufacturing and field operations workflows. Realizing the principle of categorical trust may not require expensive hardware upgrades to legacy devices and may be achievable through cost effective software or firmware enhancements, to extend the operational lifetime and efficiency of brownfield and greenfield devices in mission critical production environments. Retrofitting trust in the minefield of unprotected devices already in existence is essential for interoperability and integrity of long-lived inter-connected systems.
The emergence of artificial intelligence (AI), machine learning (ML), neural networks, and deep learning (DL) are leading indicators of the trajectory of things – our devices and data are no longer immune to unwarranted adversarial inspection. AI/ML/DL are poised to shift the balance of power amongst nations in the era of accelerated automation, digital intelligence, and data capitalism. In cyberspace, data intelligence is power and control. As algorithms and learning models begin to cultivate deep roots across cultural, social, psychological, and political divides the veracity and value of data will become hypercritical. There are no boundaries on consciousness or intelligence engineered from data. A high degree of assurance about the authenticity of data and the protections on field programmable devices (the mind of the machine) that produce, consume, and share the data are of paramount importance to preserve the integrity of automated bottom-up learning models. As machine intelligence begins to edge out human intelligence in decision logic, data poses grave risks that can lead to poisoning decision logic with meta-conscious and conscious bias. Data will become an evolving life form, filtered through the lens of the beholder and reborn in the world of virtual or augmented reality. Weaponization of dual-use critical technologies is closer than it appears in the rear view mirror of the past and may become the history of the future. Even as humans are intensely machine learning
, machines are reciprocally human learning
.
This book is my sincere effort to share and empower cybersecurity students, product security architects, and digital transformation practitioners everywhere to participate in this journey to define standards and specifications to achieve the objective of building trust in the wilderness of cyberspace. For technology workers, acquiring new technical skills and retraining will become necessary in the digital transformation era, as machines begin to replace humans with AI/ML/DL powered automation and the demand for smart devices in activities of daily living proliferates.
Categorical trust in digitality is the nirvana of cyberspace for information technology (IT) and operational technology (OT) convergence from device manufacturing to provisioning, commissioning, and field operations in production environments.
Acknowledgments
Writing a book is a solitary experience until the first draft is ready. Finalizing the book for publication takes multiple revisions based on feedback and suggestions by professional reviewers to improve the presentation and appeal for a wider audience. When it comes to technology innovations in an emerging market, the subject matter is often deeply technical and requires wide angle perspectives to effectively convey the message. An important objective of the book was to promote constructive dialog and cognitive debates across industry sectors, silicon chipset and device vendors, application developers, cybersecurity architects, and students in multi-disciplinary studies because digitality casts a wide net.
Shreya Uchil is a technical product manager with expertise in cyber protection for devices in the information and operational technology ecosystems. She is very knowledgeable in the workflows and functional use cases that drive decision making logic and strategies adopted by key stakeholders in the emerging converged IT-OT ecosystem. She has been an important sounding board for fresh perspectives and has been a huge help with her generous patience in rigorously proofreading and providing thoughtful feedback on the pragmatic and aesthetic content in the book.
Mark Nixon is a renowned researcher, inventor of numerous patents, and author of several books in industrial automation and process control systems. He has been a valuable reviewer of the technical specifications and solution architectures for next generation endpoint security in operational technologies. He provided me with significant perspectives on the security and logistical challenges original equipment manufacturers face in industrial IoT environments. That helped me focus on and address industry specific challenges and solutions for brownfield and greenfield devices from the intellectual and economic viewpoints.
Moenes Iskarous is an innovative and result-driven leader in the field of artificial intelligence and machine learning, inventor of several patents, and the author of numerous technical papers. He has decades of strong technical proficiency and proven success in developing business opportunities as well as growing and mentoring teams to deliver products based on cutting-edge hardware and software technologies. He has been an influencer across organizations driving product roadmaps and strategies for technical innovation in embedded edge intelligence applied to autonomous systems, computer vision applications, and robotics. His areas of expertise include explainable AI, augmented intelligence, and reinforcement learning. He serves on multiple advisory boards to develop embedded AI solutions as well as academic institutions to provide advice on developing AI and ML programs. His insights from the standpoint of silicon vendors and the criticality of trusted device intelligence and data streams to prime and fine tune AI, ML, and deep learning models helped me dwell extensively on the subject of data driven IoT.
Ashwin Ambekar is a distinguished architect and subject matter expert in digital security. He is a skilled technologist with experience in innovation, creating highly scalable and secure products, and driving thought leadership. His focus areas include securing cloud and cloud-based services, middleware and protocol security, identity management, zero trust, and building compliance specific architectures. His in-depth expertise in application security by design, security protocols, identity and access management, and network based security have been valuable to assess the technical subject matter presented to readers.
The opinions and thoughts