Black Cloud: How the Internet is Going Dark

The number of open listening ports on the internet is around 185 million. This means there is plenty of opportunity to exploit these open services — it is now possible to scan the entire internet in under 1 hour for a particular port or service. Can we somehow hide open ports on the internet or in the enterprise? Is there a method of making them invisible?

This idea has been around for a while. A method called Port Knocking was one of the first attempts to hide services. It works by requiring a specific sequence of connection attempts to closed ports before a firewall opens a port for access. Simple in concept, but fragile and difficult to manage at scale.

A more robust evolution is Single Packet Authorisation (SPA) — used in Software Defined Perimeter (SDP) architectures. SPA requires a single cryptographically signed packet before any service is visible to the requester. Without valid authorisation, the service simply doesn't exist from the network's perspective. There is no open port to scan, no banner to grab, no attack surface to probe.

This is the Black Cloud concept: making enterprise infrastructure invisible to the internet. No open ports. No exposed attack surface. Applications that only reveal themselves to authorised, authenticated identities.

Combined with Zero Trust principles — where trust is never assumed, always verified — the Black Cloud model represents a fundamental rethink of how we expose and protect enterprise services. Rather than building walls around a network, we make the network itself disappear.

The implications are significant. Ransomware, credential stuffing, lateral movement — all of these attack patterns depend on the ability to find and reach services. Remove the reachability, and you remove the attack path.