Polymorphic Networks

           The art of protecting network systems has most often involved building barriers that can only be unlocked with the proper permissions. Although continually updated and maintained in response to emerging threats, these systems remain the same during day-to-day operations, i.e. they are static defenses. While initially an effective fortification in the early days of computer networks, the practice of building and maintaining static defense systems has given rise to an asymmetric advantage favoring the attacking forces. With ample time to prepare, attackers can study the system, identify vulnerabilities, and plan an offensive to take advantage of any weaknesses. In response, defending personnel can employ countermeasures to identify and track the assailants but their arsenal is limited by the network structure. Attackers are now well aware of the tactics deployed to defend static systems and have developed a multitude of means to bypass the defenses. An alternative method of defending network systems is moving target defense.

           Unlike information technology systems built to operate in relatively static configurations, moving target defense involves controlling change across multiple aspects of the system to increase uncertainty and complexity. By constantly shifting and changing the configuration of the network, attacking forces must work harder to analyze the system and identify vulnerabilities and have little time to carry out their offensive before the network mutates again. The result is a more secure, resilient, and defensible system with an ever-changing surface structure, also called a polymorphic network. In the past, implementing such a network topology required an immense amount of personnel and funding, and as such was reserved for only the most sophisticated and financed organizations. Now, due to increased automation in the construction of polymorphic networks, these systems can be sourced affordably from industry providers.

           The benefits of moving target defense are numerous and can be of great use in securing industrial control systems. Facilities that could cause serious damage and bodily harm if compromised by a cyberattack including chemical plants, pharmaceutical manufacturers, and water and wastewater treatment facilities are prime candidates for moving target defense. Considering the increased connectivity of industrial systems for the purpose of remote access and monitoring, it is more important than ever to ensure that these systems are secured and protected from cybersecurity threats. A polymorphic network topology could be the answer to your cybersecurity needs.