The Internet Is Not Secure By Design. What can we do about it?
Every day, our computers and smartphones receive updates with an endless array of security improvements. Headlines about hackers breaching major corporations and governments are so frequent that they become background noise.
Collectively, we expect that applications will forever have unforeseen issues and that it’s impossible for engineers to think of and proactively address all security issues of the past and future. Features come first, and security comes second, if at all.
But what about our infrastructure?
Unfortunately, the internet itself was also designed feature-first.
“…[W]e were honestly not thinking…as much about security as we were about just getting it to work reliably.” — Vint Cerf, a “Father of the Internet”
After all, the internet is, at its core, a collection of software jammed together over time, vulnerable to the same ever-changing security challenges that plague other applications. The internet was not created to be “secure by design”.
The good news is that there is hope — key security measures and designs implemented in the network infrastructure we do control can transform a network built on insecure internet protocols into an ironclad fortress.
Regardless of the state of global networking infrastructure, companies have a cybersecurity duty to their customers and employees. Whether driven by legal requirements, moral obligations, or fiscal responsibility, companies must find a way to make their networks secure by design without altering the underlying structure of the internet.
Here’s how:
Don’t Box Yourself In
When designing a Secure By Design corporate network that overcomes the internet’s inherent flaws, few have the luxury of starting from scratch. Some parts of the current network will remain.
Recognizing this, careful planning is essential to ensure that your network can adapt to future cybersecurity challenges.
In practice, this means steering away from vendors that lock customers into proprietary formats and opting for widely-used portable standards instead. This approach allows your network to remain modular, flexible, and unlikely to require a complete overhaul as threat actors and security standards evolve over time.
Free Network Designs from Real-World Constraints
Traditionally, communication systems are designed as if information were a tangible asset.
For example, imagine that we had two camps (endpoints), Camp A and Camp B, surrounded by high walls (firewalls) that needed to exchange information.
A messenger from Camp A would journey to Camp B where they would plead their case and guards could decide to admit them into Camp B to deliver the message.
Of course, if the guards make the wrong decision about who to trust, Camp B could suffer a (literal) Trojan Horse attack.
This communication model, while risky, is so familiar to us as to be nearly automatic. But why, in the 21st century, do we still limit ourselves to insecure, medieval communication designs?
Using digital tools without clear real-world analogues such as Zero Knowledge Proofs and outbound-only communication can provide orders of magnitude higher levels of communication security without adding additional complexity.
For instance, imagine if it was possible for Camp A and Camp B to exist without physical, public addresses, like they were shielded in an invisibility cloak. A messenger from Camp A could leave an encrypted message in a lockbox at a known middle location and walk away. A messenger from Camp B could later use a key to unlock the box, retrieve the message, and inspect it. If they determine it to be malicious, they can burn it right then and there, far outside the cloaked walls of Camp B.
Critically, this design is not the same as “break-and-inspect”. Camp B is inspecting the message contents themselves, not allowing a third (compromisable) party any access to the data whatsoever.
Designing robust networks requires careful planning and analysis. Simply using regulatory or compliance guidelines to secure a network is insufficient— compliance alone does not guarantee security, even with standards like NIST 800–207 (Zero Trust Architecture).
Warn Early, Warn Often
Regardless of how secure a network is designed, knowing what’s going on across a network at all times is of paramount importance. Ideally, “out-of-band” notifications should be implemented — that is created by an observer that is not reachable from the main network.
During modern cyberattacks, most rely on “in-band” notifications (e.g., IDS, IPS, firewall) to notify their administrators when something seems suspicious. But since these notifiers are part of the network that’s been attacked, there’s no assurance that they too haven’t been compromised in some way!
Secure By Design In Practice
Implementing the principles outlined above is not merely a theoretical exercise — commercial solutions such as Xiid’s Zero Knowledge Networking paradigm are specifically developed to be Secure By Design:
At a high level:
- Xiid solutions wrap portable, industry-standard formats and protocols, preventing lock-in to insecure vendors across any part of the network
- Endpoints don’t need public IP addresses and do not accept any inbound network traffic, and all authentication leverages Zero Knowledge Proofs to prevent stealable credentials from traveling over the internet
- Observers and notifiers are not directly addressable but can still access data that they need from across the network, making it significantly harder for malware to conceal themselves by infecting detection tools
For more information on Zero Knowledge Networking, check out our blog post “Is Zero Trust Enough?”
Given the strong demand for network security solutions, it’s evident that most recognize that “the internet is not secure by design”.
So why does it still feel so uncomfortable to openly acknowledge?
Perhaps it’s easier to identify vulnerabilities in our operating systems and applications and take comfort in knowing that they are patchable — that with enough time, “good” developers can defeat the “evil” hackers. Admitting that our far more rigid, nearly impossible-to-patch infrastructure is vulnerable feels radical. It’s one thing to replace an appliance in your house after an electric surge; it’s another thing entirely to replace the power grid itself.
Switching the style of power outlet in every home would be a tremendous undertaking, as would be completely re-wiring the internet. To ensure backwards compatibility, the (insecure) protocols we use today aren’t going anywhere anytime soon, making immediate replacement infeasible.
In technology as with life, it’s important to separate what you can’t control (the fundamental design of the internet) with what you can (the design of your network). Focus on improving the latter, and both your employees and customers, as well as the market, will thank you.
