The security industry has always dreamed about an impenetrable internet where threats are neutralized and attackers cannot thrive. Many have tried to conceptualize this theory into reality, but for the time being, it remains a dream.

But one company, Dark Cryptonite, has already created this infrastructure.

If you’re still dreaming of a world where the internet is inherently secure, keep dreaming. That probably won’t come to fruition in our lifetime. But what if the internet as we know it can co-exist with an alternate internet? What would the impact be on business and the cybersecurity industry?

For one, the security industry would have to think differently about the tools and solutions we use. If this secure network infrastructure gained widespread adoption, everyone would need to find a way to balance it with today’s internet and continue to leverage current security solutions.

How would this all work?

Reengineering the cybersecurity framework

Dark Cryptonite’s co-founder, Tyler Cohen Wood, has extensive experience in special comms from her tenure with the Defense Intelligence Agency. In the context of cyber defense, “special comms” or “special communications” refer to secure, encrypted or otherwise protected communication channels that transmit sensitive information. Broadly speaking, special comms can also refer to any non-standard communication methods used for specific purposes or in specific situations. In a military context, special comms could refer to covert communication methods used for espionage or reconnaissance.

Throughout her time there, Wood realized that traditional methods of defense were increasingly inadequate as attackers continued to target the essential infrastructure of digital connectivity. According to Wood, the solutions that were once effective have now become part of the problem.

“Working with special comms… is a really out-of-the-box way of thinking,” she said. “You’re not using traditional channels, so you’re kind of hidden in the noise, off the grid. I started looking at the problem because I’ve been doing this for a long time, and I realized a few things.”

As the pandemic began, Wood concluded that cybersecurity awareness training was no longer enough. She referred to a report that in 2023, cyber vulnerabilities skyrocketed 589%, underscoring the crucial importance of cybersecurity.

“I started studying the bad guys because I wanted to see why they were winning, and I realized they were actually using special comms,” she said. “So it made perfect sense that was what the good guys had to do, too, because you look at those statistics, and we’re not winning, we’re losing.”

Embracing a new security paradigm

Of course, not all traffic has to be so secure that it has to be off the grid. “But for the things that do have to be completely secured where you cannot have them hacked, you would utilize a technology like Dark Cryptonite,” Wood said. “It gives you that protection, and it’s so obfuscated and goes through so many layers of encryption. And then when you consider that it’s an off-the-grid network, it completely changes the playing field.”

Because at the end of the day, if you have an IP address, they know where you live. If you don’t, they don’t know where you live. “If you have a system that can change its mode of entry on the fly, it can change what it’s connecting to,” Wood explained — such as when the infrastructure uses hashes instead of IP addresses. “It just changes everything.”

Dark Cryptonite is a paradigm shift from the traditional approach to cybersecurity. It doesn’t just add another layer of defense; it shifts the battlefield from where attacks are most potent. This solution operates “off the grid”, providing a secure and private environment for organizations to carry out their digital activities. Unlike conventional solutions that offer more traps or hurdles for threat actors to overcome, Dark Cryptonite essentially takes away the road, making it not just resistant to typical modes of cyberattacks but virtually invisible to them.

Wood envisions the internet as a series of train tracks and malicious programs as the trains. “These malicious programs need a particular infrastructure to operate and propagate,” she said. “Our infrastructure effectively eliminates these tracks, leaving no path for the malicious train to follow. This way, it sidesteps the entire concept of creating more barriers, which attackers invariably find ways around, and instead removes the ground they tread on.”

Integrating secure and traditional infrastructures

Despite its fundamentally different approach, the Dark Cryptonite infrastructure is designed to work effectively within an organization’s existing technology assets. Wood and her engineering team have ensured the solution incorporates a zero trust capability by design. Its Infrastructure as a Service (IaaS) is also in compliance with every standard and regulation.

Wood explained that within the secure environment, organizations cannot remove or copy files or take them home on a laptop, for instance. “Again, not all traffic has to be super secure,” she said. “Your crown jewels do, as do communications between the executive leadership and the board. But not all data needs to be secured at that level.”

Of course, organizations leveraging the infrastructure will still have (and need) endpoint management and firewalls because not all traffic and not all work needs to be at this super secure level. Examples of other crown jewels include backups, intellectual property or mergers and acquisition data. “That information has to remain private and not hackable,” Wood said.

So why has no one thought of this before? Many have pondered the concept of a separate, secure “internet”. But turning these ideas into tangible, workable solutions is a significant challenge.

“It’s the execution that has made the difference,” she said. “We have to really shift that mindset that there’s another way of doing things. And I think about the potential to change our economy. Because if companies are not always under threat of being hacked, they don’t have to have ransomware payments laying around, and a lot more money goes into what that company actually does, right?”

Does all this version of two internets living as codependents sound too good to be true? Time will tell, but a solution like this, at the very least, provides a glimmer of hope.

More from Risk Management

Are you ready to build your organization’s digital trust?

4 min read - As organizations continue their digital transformation journey, they need to be able to trust that their digital assets are secure. That’s not easy in today’s environment, as the numbers and sophistication of cyberattacks increase and organizations face challenges from remote work and insider behavior. Digital trust can make your organization’s digital transformation stronger. A lack of digital trust can do irreparable harm. However, according to ISACA’s State of Digital Trust 2023 report, too many organizations struggle to define and implement…

Most organizations want security vendor consolidation

4 min read - Cybersecurity is complicated, to say the least. Maintaining a strong security posture goes far beyond knowing about attack groups and their devious TTPs. Merely understanding, coordinating and unifying security tools can be challenging. We quickly passed through the “not if, but when” stage of cyberattacks. Now, it’s commonplace for companies to have experienced multiple breaches. Today, cybersecurity has taken a seat in core business strategy discussions as the risks and costs have risen dramatically. For this reason, 75% of organizations…

How IBM secures the U.S. Open

2 min read - More than 15 million tennis fans around the world visited the US Open app and website this year, checking scores, poring over statistics and watching highlights from hundreds of matches over the two weeks of the tournament. To help develop this world-class digital experience, IBM Consulting worked closely with the USTA, developing powerful generative AI models that transform tennis data into insights and original content. Using IBM watsonx, a next-generation AI and data platform, the team built and managed the entire…

How NIST Cybersecurity Framework 2.0 Tackles Risk Management

4 min read - The NIST Cybersecurity Framework 2.0 (CSF) is moving into its final stages before its 2024 implementation. After the public discussion period to inform decisions for the framework closed in May, it’s time to learn more about what to expect from the changes to the guidelines. The updated CSF is being aligned with the Biden Administration’s National Cybersecurity Strategy, according to Cherilyn Pascoe, senior technology policy advisor with NIST, at the 2023 RSA Conference. This sets up the new CSF to…