The roots to your security problem
Cyber attacks: Let’s examine their roots!
Cyber attacks are exponentially increasing with time. There are several types of threats that can be initiated by our adversaries and day by day they increase in volume, severity and impact. In order to be able to deal with them you first need to understand them.
The main question you need to ask is:
Why these threats exist?
There are several reasons but let us start at the system level.
What is that factor at the systems level that makes cyber attacks possible?
The answer lies in the way systems are designed. On both a hardware and a software level the main component of system creation is lines of code. Between different levels of system design different types and forms of code are used.
However the common denominator is always the human factor, the programmers who write the code.
- Malicious Programmers:
There is the possibility that a small percentage of designers will add malicious code on purpose; which makes them malicious designers.
- Malicious Programmers:
- Ethical Programmers mistakes:
However, even non-malicious designers can make mistakes. This is something we cannot avoid as long as humans write code. Programmers’ mistakes in the language of computers are called bugs. The number of mistakes programmers make is proportionally increased with the increase of the lines of code they must write. Due to the impact those bugs can have in regard to compromising a system if they are exploited by people with malicious goals, they are also called vulnerabilities.
Software level mistakes:
At the operating system level as well as application layer, since, today’s operating systems have millions of lines of code the complexity is adding much more bugs in the process. But security threats do not stop at the software level and especially within operating systems. Software vulnerabilities are only one part of the story.
Hardware level attacks are:
- far more dangerous in terms of impact,
- much more difficult to identify and
- much more difficult to ensure their avoidance at the design stage due to the multiple variables involved and the lack of control when all necessary components and processes required by the design cannot be performed in-house.
In such a case there is no trust in the supply chain due to lack of control from the manufacturer, tools used and programmers which can result in high-end sophisticated attacks.
Such attacks are:
- injected backdoors (in servers or systems),
- non-trusted third party IPs and design tools,
- improper design implementations,
- hardware Trojans (initiated by malicious designers and foundries) as well as
- side channel attacks and physical attacks.
This is the level of attacks that cannot be overlooked.
Are Computer Chips the New Security Threat? click here
I think people honestly don’t really think about hardware attacks at all but they should