A pioneering force in VoIP, streaming media, and collaborative tools, Dan Harple has had a front-row seat to the evolution of the Internet. In his 2018 CyberCrime Symposium session, Harple, now CEO of Context Labs, compellingly argued that the Internet’s commercialization has created the very centralization that DARPA and its TCP/IP inventors wanted to prevent when they designed a decentralized Internet architecture. By concentrating critical assets and data in one place, centralized systems increase cybersecurity risks, because once cyber threat actors penetrate defenses, they’ve got the keys to the kingdom.
“The original inventors of the TCP/IP protocol recognized that the world was decentralized,” said Harple. “The Internet was designed to be a fault-tolerant structure, so if, for example, a nuclear bomb crippled the network in one part of the world, it wouldn’t wipe out the entire network.”
Furthermore, Harple believes the cyber-threat risk inherent in centralized architectures has been, paradoxically, exacerbated by the cloud, which is supposed to be decentralized. Harple used his presentation to discuss the technologies and players that, over time, created this “paradox of the cloud” and how blockchain solutions can help build the decentralized trust needed to reduce cyber-threat risks.
Commercialization of the Internet
With the Internet’s distributed, fault-tolerant infrastructure, early innovators — Sun Microsystems with its Network File System (NFS), for example — saw its potential as a platform to allow computer systems to access and share files across a network. Later, companies such as Netscape realized the great commercial benefits of aggregating data and content and providing an intuitive user interface for people to find and access information. The company acquired Harple’s InSoft, a company credited with creating, among other protocols and tools, VoIP and desktop video-conferencing software. He became among the first employees at Netscape, which he said was in the catbird seat at that point in the Internet’s evolution. Netscape exploded on the scene “because it decided to commercialize something that wasn’t intended to be commercial,” Harple said.
More than 20 years and countless technological advances later, “we’re saddled with all these cybersecurity problems,” Harple added. Contributing to these problems are what he calls “virtual super aggregators” (VSAs) — big cloud-based technology providers such as Amazon, Facebook, and Google — that aggregate massive volumes of data, all within an architecture that’s meant to decentralize systems but instead “balkanizes” data.
The genius of Google, for one, is that they've aggregated all this content behind a single search bar, and users love the simplicity of getting information in one place. But a Google data center, Harple said, “is literally a big NFS file mount for all that data.”
The issue with cloud aggregation and market consolidation is that risk aggregates in clusters. “VSAs and portals put massive amounts of information in one place because it’s efficient, but that facilitates massively efficient cybercrime,” he said. “In a world where everything’s interconnected, cyber actors that penetrate a VSA’s defenses can wipe out huge swaths of data. The cloud has become their lowest common denominator, making the Internet their prime environment.”
Though his company works with different industries to develop blockchain solutions for specific uses cases, he emphasized that he differentiates between blockchain utopians and blockchain pragmatists. “I'm not here to pitch anybody on blockchain,” he told attendees. “In fact, I'm going to tell you everything that’s bad about it — from all the hype to claims that it’s free and easy-to-use — and then talk about how it retrofits into enterprise solutions that companies can actually use.”
One of the big hurdles that organizations need to overcome to improve their cybersecurity programs is their mistrust of decentralized systems, which actually increases their cyber risk. “At the end of the day, if we can’t trust our systems and networks, we create a huge opportunity for cyber criminals,” said Harple.
But blockchain, he believes, has the opportunity to foster decentralized trust. It incorporates distributed ledger technology (DLT) that records the “who, what, when, and where” of every component developed by every organization within a given supply chain. By having manufacturers attest to the authenticity of every component they develop for, say, a car or medical device at inception, cryptographically encoding it, and registering it in their DLT, a blockchain solution can be track it throughout its lifecycle. Blockchain technology can trace any malicious firmware that impacts a finished product back to its developer.
“For us, blockchain means tracking the digital threat from inception to end of life,” said Harple. “When we cryptographically encode a developer’s attestation so it can never be changed and register that, that indicates a high degree of trust that a component is what it’s supposed to be.”
This is the eighth in our series of posts presenting key takeaways from our 2018 CyberCrime Symposium, held November 1-2, 2018. The program — “The Future of Privacy and Security” — featured an incredible line-up of speakers. If you couldn’t get a seat at the event or want a refresher on various sessions, this is a not-to-be-missed series!