It goes without saying that innovations and trends in technology have a direct impact on digital security. Just look at what happened with COVID-19. As organizations switched their workforces to remote connectivity, many security teams shifted their attention to deploying enterprise-wide VPNs and partnering with employees to harden their home networks/devices. These tasks could consume an even greater share of infosec professionals’ time if organizations allow their employees to continue to work from home in a post-COVID world. A boom in remote working isn’t the only force that’s helping to shape the future digital security. In fact, three other innovations and trends are playing a part. Those factors are quantum computing, 5G mobile technology and the IT-OT convergence.
As noted by WIRED, quantum computers leverage a new mode of computing based on qubits instead of bits. These units are more “flexible” than bits in that they can be on, off or “superposed” between the two. They’re also entangled to the extent that particles are physically linked together even though they’re physically separate. These properties allow quantum computers to move information around and to perform tasks quicker and more efficiently than ordinary computers. The possibilities for quantum computing are therefore endless. Indeed, scientists could use quantum computing to take artificial intelligence to new heights. They could also develop new materials, find cures to diseases and fundamentally change life in other ways. Quantum computing isn’t quite there yet. But scientists have already made significant progress. Back in October 2019, for instance, researchers in UC Santa Barbara used 53 entangled qubits to solve a problem that would have taken 10,000 years on a classical supercomputer. This task took just 200 seconds on their quantum computer. Just a few months after this breakthrough, IBM Research Director Dario Gil explained to Scientific American that quantum computing would one day rest on “a quantum app store and a line of code” instead of quantum programming. Unfortunately, not all is rosy with quantum computers. Paul Ferrillo and George Platsis explain that this emergent model of computing is problematic for encryption in particular:
Quantum computing will make current day encryption practices obsolete. The traditional Public Key Infrastructure (PKI) system used can easily come crashing down when public keys become vulnerable to attack by quantum machines. Instead of years to decipher codes, we could be down to minutes or even instantly. That changes life pretty darn dramatically. Just imagine all those security certificates issued for websites, emails and digital signatures to validate authentication becoming obsolete in a matter of minutes.
That’s not to say any of that will happen. But it does raise questions on how the security community will prevent it. Ferrillo and Platsis noted that cryptography experts could leverage Quantum Key Distribution (QKD), a process which uses quantum physics to build an encryption key. Other limitations play a factor; it remains to be seen exactly how the security community will address this issue.
5G Mobile Technology
The term “5G” is short for fifth-generation cellular wireless, as noted by PCMag. The main benefit of 5G is its ability to deliver “high-band,” short-range airwaves. When combined with its other benefits including increased availability and network capacity, 5G promises to deliver higher speeds and lower latency than any wireless service before it. Such outcomes could help to revolutionize the ways in which machines, objects and devices connect to one another. As Qualcomm rightly noted, “Higher performance and improved efficiency empower new user experiences and connects new industries.” These improvements have business and technology decision makers concerned about their organizations’ digital security, however. Help Net Security covered a report in which 62% of these types of professionals working across 12 industry sectors in Europe, North America and Asia-Pacific were fearful that 5G could increase their employers’ risk of digital attacks. The information security news platform went on to share a couple of risks on respondents’ minds: The nature of how signals and data are routed in 5G/IoT networks can lead to Mobile Network mapping (MNmap), where attackers can create maps of devices connected to a network, identify each device and link it to a specific person. Then there are Man-in-the-middle (MiTM) attacks that enable attackers to hijack the device information before security is applied. Tech Republic also highlighted the risk of greater networks consisting of tens of billions of more devices and new software vulnerabilities. No one organization can address those security risks alone. Given the potential impact that 5G could have national economies, governments need to take the lead in developing 5G mobile security standards. Palo Alto Networks explained in May 2020 that they should also partner with industry actors to create these safeguards and develop an implementation plan.
Last but not least, the convergence of information technology (IT) and operational technology (OT) is challenging organizations’ digital security. This has not always been the case. As explained by Digitalist, the former consists of software, hardware, computers and other telecommunications devices that serve a business function, whereas the latter is comprised of vendor-specific, proprietary technologies that perform actual operations. There’s therefore nothing that says IT and OT teams need to collaborate together. But the times have changed. Lane Thames, senior security researcher at Tripwire, noted that the security community will need to develop a new “ITOTSecOps” methodology that specifically addresses IT and OT systems working together. Thames went on to provide additional context on this shift towards IT-OT collaboration in a post for the State of Security:
Recently, the trend has changed, and many of these environments have started to integrate with each other. The reasons for integrated IT-OT environments essentially boil down to the need for optimization. Computing and storage on the IT side using data collected on the OT side can lead to huge gains for an organization in terms of outcomes such as reducing operational costs, increasing manufacturing output, reducing downtime and many more.
It's not just a few organizations that are contemplating greater IT-OT cooperation. Gartner predicted that 50% of OT service providers would create key partnerships with IT-centric providers for IoT offerings by 2020. Unfortunately, this trend is creating security challenges for organizations. Infosecurity Magazine noted that IT-OT collaboration engenders a lack of visibility, as IT security teams don’t know what’s spread across their employer’s entire infrastructure (in their IT and OT environments as well as in the cloud). It also feeds a lack of control over security policies. As IT teams have such a difficult time securing new industrial business requirements, security policies introduce risk because they suffer from security and compliance gaps that normalize poor security hygiene. To address the risks associated with IT-OT convergence, organizations will need to pair a defense-in-depth strategy with layered security. They’ll also need to foster greater collaboration between IT and OT. Here are some additional thoughts on the subject.