Critical infrastructure protection: Secure the hubs, not the spokes
This principle is a direct consequence of the first principle. Critical infrastructure
sectors are organized as networks with hubs. The hubs are the critical nodes, so
the next step in infrastructure protection is to protect the hubs. Given limited resources and the fact that most
sectors are extremely large, we cannot afford to protect everything, so we opt to
protect only the critical nodes.
For example, the Internet is known to contain approximately 250 million servers;
all are important, but only a few are critical. The current strategy of protecting each
and every server is not effective and is very expensive. Information technology managers
are spending far too much time and money on cyber-security, anti-viral software,
and restrictive operating procedures.
An asymmetric alternative or counter-strategy to the current approach is to
protect the hubs of the Internet. These are the servers with the largest connectivity
to the Internet. In fact, the Internet is highly clustered around fewer than 250
servers—the top 250 hubs. What happens to cyber-security when these 250 or so
servers are hardened against computer worms and viruses? They stop spreading,
and eventually the malicious worm or virus dies out.
By securing the hub servers of the Internet, we protect all servers. This surprising
result is actually intuitive if you think asymmetrically about it. Consider this: Most
traffic, and thereby most worms and viruses, are propagated by the most active
servers, the hubs. If these "promiscuous" servers are protected, they cannot
spread worms and viruses, and if they stop the spread of malicious software,
nearly all propagation halts. This is intuitively obvious, but it will be demonstrated
in a rigorous manner in Chapter 13.
The critical node strategy can also be turned into network warfare by using hubs
to purposely spread "killer-virus" software. This software behaves just like a worm
or virus, but instead of damaging other computer systems and destroying important
information, a "killer-virus" destroys all other viruses. In other words, network hubs
can be used as an offensive weapon. In the case of the Internet, we can release
killer-viruses "into the wild" and let them hunt down and kill the malicious
viruses. The most effective way to do this is to launch them from hubs. Therefore,
critical nodes in the telecommunications and information sector can be used for
good or evil. Why not use the network structure of most critical infrastructure
sector to launch a counter-attack?
href=http://searchdatamanagement.techtarget.com/generic/0,295582,sid91_gci1141495,00.html>Read other excerpts and download more sample chapters from our library