Light Dark
August 29, 2023 By Mark Stone 4 min read
Risk Management

The security industry has always dreamed about an impenetrable internet where threats are neutralized and attackers cannot thrive. Many have tried to conceptualize this theory into reality, but for the time being, it remains a dream.

But one company, Dark Cryptonite, has already created this infrastructure.

If you’re still dreaming of a world where the internet is inherently secure, keep dreaming. That probably won’t come to fruition in our lifetime. But what if the internet as we know it can co-exist with an alternate internet? What would the impact be on business and the cybersecurity industry?

For one, the security industry would have to think differently about the tools and solutions we use. If this secure network infrastructure gained widespread adoption, everyone would need to find a way to balance it with today’s internet and continue to leverage current security solutions.

How would this all work?

Reengineering the cybersecurity framework

Dark Cryptonite’s co-founder, Tyler Cohen Wood, has extensive experience in special comms from her tenure with the Defense Intelligence Agency. In the context of cyber defense, “special comms” or “special communications” refer to secure, encrypted or otherwise protected communication channels that transmit sensitive information. Broadly speaking, special comms can also refer to any non-standard communication methods used for specific purposes or in specific situations. In a military context, special comms could refer to covert communication methods used for espionage or reconnaissance.

Throughout her time there, Wood realized that traditional methods of defense were increasingly inadequate as attackers continued to target the essential infrastructure of digital connectivity. According to Wood, the solutions that were once effective have now become part of the problem.

“Working with special comms… is a really out-of-the-box way of thinking,” she said. “You’re not using traditional channels, so you’re kind of hidden in the noise, off the grid. I started looking at the problem because I’ve been doing this for a long time, and I realized a few things.”

As the pandemic began, Wood concluded that cybersecurity awareness training was no longer enough. She referred to a report that in 2023, cyber vulnerabilities skyrocketed 589%, underscoring the crucial importance of cybersecurity.

“I started studying the bad guys because I wanted to see why they were winning, and I realized they were actually using special comms,” she said. “So it made perfect sense that was what the good guys had to do, too, because you look at those statistics, and we’re not winning, we’re losing.”

Embracing a new security paradigm

Of course, not all traffic has to be so secure that it has to be off the grid. “But for the things that do have to be completely secured where you cannot have them hacked, you would utilize a technology like Dark Cryptonite,” Wood said. “It gives you that protection, and it’s so obfuscated and goes through so many layers of encryption. And then when you consider that it’s an off-the-grid network, it completely changes the playing field.”

Because at the end of the day, if you have an IP address, they know where you live. If you don’t, they don’t know where you live. “If you have a system that can change its mode of entry on the fly, it can change what it’s connecting to,” Wood explained — such as when the infrastructure uses hashes instead of IP addresses. “It just changes everything.”

Dark Cryptonite is a paradigm shift from the traditional approach to cybersecurity. It doesn’t just add another layer of defense; it shifts the battlefield from where attacks are most potent. This solution operates “off the grid”, providing a secure and private environment for organizations to carry out their digital activities. Unlike conventional solutions that offer more traps or hurdles for threat actors to overcome, Dark Cryptonite essentially takes away the road, making it not just resistant to typical modes of cyberattacks but virtually invisible to them.

Wood envisions the internet as a series of train tracks and malicious programs as the trains. “These malicious programs need a particular infrastructure to operate and propagate,” she said. “Our infrastructure effectively eliminates these tracks, leaving no path for the malicious train to follow. This way, it sidesteps the entire concept of creating more barriers, which attackers invariably find ways around, and instead removes the ground they tread on.”

Integrating secure and traditional infrastructures

Despite its fundamentally different approach, the Dark Cryptonite infrastructure is designed to work effectively within an organization’s existing technology assets. Wood and her engineering team have ensured the solution incorporates a zero trust capability by design. Its Infrastructure as a Service (IaaS) is also in compliance with every standard and regulation.

Wood explained that within the secure environment, organizations cannot remove or copy files or take them home on a laptop, for instance. “Again, not all traffic has to be super secure,” she said. “Your crown jewels do, as do communications between the executive leadership and the board. But not all data needs to be secured at that level.”

Of course, organizations leveraging the infrastructure will still have (and need) endpoint management and firewalls because not all traffic and not all work needs to be at this super secure level. Examples of other crown jewels include backups, intellectual property or mergers and acquisition data. “That information has to remain private and not hackable,” Wood said.

So why has no one thought of this before? Many have pondered the concept of a separate, secure “internet”. But turning these ideas into tangible, workable solutions is a significant challenge.

“It’s the execution that has made the difference,” she said. “We have to really shift that mindset that there’s another way of doing things. And I think about the potential to change our economy. Because if companies are not always under threat of being hacked, they don’t have to have ransomware payments laying around, and a lot more money goes into what that company actually does, right?”

Does all this version of two internets living as codependents sound too good to be true? Time will tell, but a solution like this, at the very least, provides a glimmer of hope.

 |  | 
Mark Stone

More from Risk Management
April 24, 2024

Researchers develop malicious AI ‘worm’ targeting generative AI systems

2 min read - Researchers have created a new, never-seen-before kind of malware they call the "Morris II" worm, which uses popular AI services to spread itself, infect new systems and steal data. The name references the original Morris computer worm that wreaked havoc on the internet in 1988.The worm demonstrates the potential dangers of AI security threats and creates a new urgency around securing AI models.New worm utilizes adversarial self-replicating promptThe researchers from Cornell Tech, the Israel Institute of Technology and Intuit, used what’s…

April 17, 2024

What should Security Operations teams take away from the IBM X-Force 2024 Threat Intelligence Index?

3 min read - The IBM X-Force 2024 Threat Intelligence Index has been released. The headlines are in and among them are the fact that a global identity crisis is emerging. X-Force noted a 71% increase year-to-year in attacks using valid credentials.In this blog post, I’ll explore three cybersecurity recommendations from the Threat Intelligence Index, and define a checklist your Security Operations Center (SOC) should consider as you help your organization manage identity risk.The report identified six action items:Remove identity silosReduce the risk of…

April 16, 2024

Obtaining security clearance: Hurdles and requirements

3 min read - As security moves closer to the top of the operational priority list for private and public organizations, needing to obtain a security clearance for jobs is more commonplace. Security clearance is a prerequisite for a wide range of roles, especially those related to national security and defense.Obtaining that clearance, however, is far from simple. The process often involves scrutinizing one’s background, financial history and even personal character. Let’s briefly explore some of the hurdles, expectations and requirements of obtaining a…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature