The Internet Society’s Chief Internet Technology Officer Olaf Kolkman presented on Collaborative Security at the TNC16 Conference in Prague, Czech Republic earlier this week. TNC is one of the leading conferences for research and education networking, and attracted around 700 participants from National Research and Education Networks (NRENs), universities, research institutions and industry in Europe and around the world.
Olaf talked about how we usually think of the Internet as a complex network of networks, each operated by autonomous operators whose services are only loosely coupled to a best efforts service. However, the security and resilience of the Internet not only depends on how well risks to you and your assets are managed, but also on how you manage the risks that you present to the Internet ecosystem. This is the notion of collective and shared risk management that is aligned with the “public interest” nature of the Internet.
This is becoming increasingly important with the rise of the Internet-of-Things (IoT) that will greatly increase the proliferation of low-cost devices with limited power, memory and processing resources, These will have the tendency to be unattended with built-in obsolescence, which can create significant problems if the hardware and software are built with limited security features and/or are not updated in response to security issues as they’re discovered.
It’s therefore important to design devices to minimise the impact of their misuse, including good security at the outset and the ability to deploy new security mechanisms over the lifetime of the devices. Protocols should also be designed so that a compromise of a single device does not result in compromise of others, especially since the compromise of a large number of devices can enable attacks such as a distributed denial of service. For example, sharing secret keys across an entire product family is problematic since compromise of a single device might leave all devices from that product family vulnerable.
In you’re interested in finding out more about collaborative security, then please see our MANRS website, as well as our The Internet of Things (IoT): An Overview white paper. You can also visit our resources related to IoT on the Deploy360 website.