Why is it crucial to improve the resilience of critical infrastructure now, and how to do it?
I’ve recently looked through a number of critical infrastructure attacks that have happened within the last ten years, all over the world. I’ve seen that quite often we are dealing either with stolen private keys or making malicious updates looking legitimate. I came up with a hypothesis on how to mitigate this attack vector.
Our Reality: Permanent Cyberwar
We live in an era of wars. Just a couple of days ago, the US Department of Defense was renamed the Department of War. On the 3rd of September, China held the largest military parade in its history.
"We do not choose times; times choose us," but it’s up to us to adapt. Today, wars operate both on the ground and in cyberspace. We do not see cyber attacks until the moment the lights go out for the whole city (e.g., Ukraine in 2015). Regardless of this, cyber attacks happen every day.
Government-funded attacks
Approaches have changed significantly, making the work of CISOs and cyber researchers orders of magnitude harder. From being driven mostly by economic objectives (e.g., malware), cyber attacks have turned into government-funded attacks with unlimited budgets and no moral red lines, driven by geopolitics. Before 2014, critical infrastructure, such as electricity facilities, was considered civilian targets that cannot be attacked according to International Humanitarian Law (IHL) under the Geneva Conventions. However, we all know that every system that can be exploited will be exploited, regardless of laws and conventions.
Attacking critical infrastructure has become legitimate
Since Russia set the first precedent of attacking critical infrastructure in 2015, it has become a ‘legitimate’ war tool for everyone. Targets include everything: from electricity and water facilities to nuclear powerplants, financial infrastructure, hospitals, and government authorities.
The offense game has changed; the defense game has to change too. We know of a technology that is not used today but has huge potential to elevate critical infrastructure resilience to the next level.
Zero Knowledge Cryptography: resilience level we haven’t met before
Computers used to be our friends, trusted buddies helping us get things done, such as speedy computations.
Are computers acting in good faith?
Today, the situation is more complex: computers are our best friends, our worst enemies, our strongest addictions, secret keepers, and everything in between. The number of third parties sitting in the communication between humans and their computers is at least several hundred for a regular user. Speaking of more complex systems, such as enterprise and industrial computers, the number of trusted third parties can reach into the thousands. As computer complexity increases, we can’t blindly trust that a computer acts in good faith and does whatever it promises to do. Today, we need to verify, and we can use zero-knowledge proofs for this purpose.
Definition of zero-knowledge proofs
Zero-knowledge proofs prove that a particular program was executed correctly on given inputs, providing integrity, while some inputs can remain private, ensuring confidentiality. Instead of just executing the program, we ask the computer to execute the program and generate a proof that it was executed correctly.
Provable computations empowering classical key encryption
Imagine the communication between a server and a computer executing the server’s commands. Today, it works as follows: the server and the computer make a handshake so that the computer is aware of the server’s private key. If the computer receives a command signed with this private key, it assumes that it is a legitimate command and executes it, even if the command sender is a malicious party who has stolen the key.
If, together with the command signed with a particular private key, the computer also requires a proof of how this command was computed, the attacker’s possible actions are limited to the set of the server’s legitimate algorithms. In other words, the only thing the attacker can do is execute the same legitimate program that the server would execute and receive the same legitimate output that the server would generate. This significantly decreases the potential attack surface and its impact.
From research to reality: the first true production-ready moment
Zero-knowledge cryptography has existed in academia since 1989. However, its performance has become more feasible only within the last several years, mostly thanks to the community efforts of hundreds of researchers and engineers in the blockchain domain who have invested in developing this technology.
The technology is still in its early stages, which is a perfect moment to run pilots and experiments. However, it will still require a good chunk of work to bring it to the production stage. But the reward is worth it: making computers accountable and allowing CISOs and other cyber experts to sleep better, as provable computations replace trust with verifiability.
Help us make it happen
We are currently exploring use cases in critical infrastructure to build proof-of-concepts, to battletest the tech, and to gain better clarity on how to bring it to the production stage and make provable computations serve humanity’s security.
If you have any ideas about where provable computations can be utilized in the resilience of electricity and water facilities, hospitals, transportation systems, telecom, nuclear power facilities, autonomous vehicles, and aerospace, please send me a letter and let’s chat: lisaakselrod@gmail.com