Cybersecurity Experts Eye Self-Correcting Network to Thwart Hackers

It sucks to be “vulnerable.” There is only two feelings worse than “vulnerable” and they are “violated” and “helpless.” Of course, “violated” is what usually follows a long enough period of “vulnerable” so the two are strongly related. One of the really bad things about being vulnerable is that  you tend to feel it only after you have been victimized the first time. It is not one of those feelings that gradually creeps up on you like fear; vulnerability hits you all at once and in full force.

IMHO, this is the situation with computers: we are all vulnerable, period. No matter what we use, if enough people look for them, vulnerabilities can be found within any system. Sometimes they are small annoyances; other times they are just short of full-blown disasters (and on rare occasions they actually are full-blown disasters) but they are all caused by vulnerabilities. The code that leaves the network software manufacturer works (usually) but under unusual circumstances (i.e. not something that a normal user would do) it can do something unexpected since they can’t test for every eventuality. Unlike a living system, a cybernetic system cannot mutate its function in response to a threat…at least not yet.

The term moving-target defense — a subarea of adaptive security in the cybersecurity field — was first coined around 2008, although similar concepts have been proposed and studied since the early 2000s. The idea behind moving-target defense in the context of computer networks is to create a computer network that is no longer static in its configuration. Instead, as a way to thwart cyber attackers, the network automatically and periodically randomizes its configuration through various methods — such as changing the addresses of software applications on the network; switching between instances of the applications; and changing the location of critical system data. Read more…

The idea is that paths of vulnerability, or vectors, are basically open doorways once their exploits are known until the software is patched. This is due to the fact that the software’s purpose is to function…not to test or repair itself. The only way the software could fix its own vectors is if there was a subroutine that basically ran attack scenarios until it found a weakness and then reported the weakness to another subroutine which had the purpose of closing vectors. This would be a serious hit on performance as not only would the program have to perform its primary function of running the network but it would also have to be attacking itself and fixing itself all at the same time. Instead of creating a psychotic program, the idea of the self-correcting network is much like moving through a maze that constantly changes its pattern: if you have permission from the central functions then your data will pass through the maze as if it wasn’t there. If you are trying to sneak in using a known vulnerability you will be thwarted as the internal pathway will not be standard; each network will be different.

IMHO, a self-correcting network is similar to a living organism: no single disease will wipe out all life. Even within a single species there will always be a family line that for some reason or another stops the disease cold. This is due to the fact that while the basic platform is the same, each instance of life is actually unique. There are minute differences in the way each organism does things and sometimes it can be too much for a disease to conquer. The disease can mutate (influenza anyone?) to create new vectors but in doing so may actually cause itself to be less effective with the old vectors.

Computers have far less variation than living organisms, but they have speed. Software reconfiguration, even at its slowest, is magnitudes faster than life…and that is what the self-correcting network is doing: reconfiguring software. It is not actually moving physical parts…just how to get to them. Doing so in a manner that is not predictable to an outside viewer? That is the trick.