Originally published as “Where are the main vulnerabilities in our internet and what are the trends” in Info Security Products Guide
Rake Nurang interviews Steve DeLaney, CEO of Cypherbridge Systems
Cypherbridge Systems, a technology R&D firm established in 2005, has developed and deployed software, server, cyber security, device and system level solutions to a broad spectrum of industries. The company is based in Carlsbad, California, USA.
Rake Narang: Where are the main vulnerabilities in our internet?
Steve Delaney: Besides well-publicized risks including identity theft, denial of service attacks, and business systems hacking, there is a recognition that systematic attacks are taking place not only from cyber criminals but also from foreign entities to steal high tech data and trade secrets. This erodes our economic value and investment in innovation. Today, we are increasingly concerned about the vulnerability of our energy and transportation infrastructure that is dependent on digital electronics and network communications. Stuxnet proved the threat is both possible and real. Embedded systems must include cybersecurity defenses to protect them against disruption and to insure orderly operation.
Rake Narang: What are the cost benefit tradeoffs of adding cyber security to commercial systems?
Steve Delaney: We all pay for hacks whether through identity theft, hidden banking fees, and the possible disruption of vital energy delivery and transportation systems such as airline and roads. Study after study estimates the global costs of cyber crime in the hundreds of billions dollars and climbing. The direct and indirect risks of doing nothing is much higher than the benefit of adding cybersecurity.
Rake Narang: Is there no permanent way to shut the Internet’s doors to the black hats?
Steve Delaney: What makes the internet by its very nature democratic and open access, also makes it vulnerable to sophisticated and agile cyber threats. Cyberspace touches nearly every part of our daily lives. While we may be dependent on our airline systems, in fact we use the internet far more often than we fly. Increased security measures instituted since 9/11 that help keep our planes flying are continuously probed for weakness. Similarly, it is necessary to add and monitor monitor cybersecurity measures to keep the internet operating.
Rake Narang: What are the solutions possible?
Steve Delaney: We find from our industry experience and customer feedback that end-users are looking for a supplier that can deliver a comprehensive solution. Security requires expert knowledge and best practice experience. With our diverse portfolio we can help guide the user through system tradeoff analysis and identify the right solution to meet their security requirements. Our uSSL and uSSH SDKs provide strong authentication and security at the application level, and for many embedded systems are a perfect solution to meet the right balance of security, memory footprint and performance. Beyond that, some products and industry sectors call for the security solution to be embedded at system level directly in the TCP/IP stack. For those applications, our uVPN SDK offers a unified solution combining IKE and IPsec network encryption, along with firewall defense, using a common set of policies that include IP, port and protocol. These policies firewall and block low level connections to the device, and monitor traffic flows through the device. The uVPN combined solution not only firewalls network access, but also encrypts network traffic to insure a high level of system security. Finally, our uLoad secure bootloader authenticates and secures device software to defend against reverse engineering. This includes board authentication to prevent counterfeiting and piracy.
About Steve Delaney
Steve is the founder of Cypherbridge Systems, a technology R&D firm established in 2005. Cypherbridge has developed and deployed purpose-built security software, device and system level solutions to a broad spectrum of industries including telecom, digital media conditional access, industrial control, machine-to-machine, smart meter/energy grid, point-of-sale PCI and ISO-7816 Smart Card. The company is based in Carlsbad, California, USA. Steve holds a Bachelor of Science in Computer Science from California State University. He is a distinguished recipient of an Emmy Award for advanced digital video technology developed at Tektronix.