Threat Vectors and the “Parable of the Fridge”
I have touched on this topic previously; however recently joining infrastructure experts, Accordant, it has truly reminded me of several things.
Data security has been a headline topic since, forever…
When I began in the computer industry, security was pretty simple. If you couldn’t get in the data centre, then your data was safe… well pretty much. It was fairly simple for the security guard to see you running out with a bunch of tapes, a printout or a deck of cards!
This was what is now being called “First Generation” computing. In truth, I began my career at about V1.1, when networks were around Decnet, Token Ring, etc, but it was only when the 802 ANSI standard was ratified for Ethernet, that the rate of change simply exploded.
The ubiquity of networks happened pretty quickly. Data security concerns changed. Originally, if memory serves, most hackers were basically on the axis of “mischief” rather than the cynical and sinister activities we see today.
Through the second generation of computing, network ubiquity and standardisation of protocols, we have seen a whole industry develop, with ever increasing forms of threat prevention being engineered against increasingly more sophisticated threats.
As we move into the 3rd Digital Generation, the “Internet of Things”, (IoT), the opportunity for threats simply increases massively. Data will be stored and transmitted everywhere. It is really important, as we plan to move into this new era, that we take account of these facts. I accept many people believe that the massive increase in data will be founded on some relatively low threat – innocuous data, such as temperature information for controlling comfort at home. This may be the case, yet a couple of recent issues have illustrated some unusual and unconsidered threats.
A well-known car company started having its cars stolen, yet no-one could see how the thieves broke in. It was ultimately discovered that the criminals were using the DAB (Radio) antenna and accessing the in-car “Bus” that handles all the data flow in the vehicle, thereby hacking into the security module in order to “pop” the doors open.
Now it is certainly bad news to have your car stolen, but in the near future, features such as automatic toll payment will be incorporated within vehicles; therefore the potential for fraud must exist. And as a more extreme scenario, if they can hack the car, could they not “hack” the braking system, or “jam” the throttle wide open?
One of my favourite stories about the world of the 3rd generation digital world is this… (And I don’t care if it is an urban myth, it’s still a great story!). A service provider in California saw a massive “uptick” in traffic in one area in its network. When they identified the culprit, it turned out to be a fridge-freezer. The fridge had been hacked, and was being used to distribute hundreds of thousands of spam emails. As a story – Splendid fun! – yet it does also serve to illustrate what we are up against.
So the “Parable of the Fridge” is: “Prepare wisely for the next generation; we probably haven’t even as yet considered where all the threats will come from.”
The things we can do to prepare are:
- Absolutely understand where our data resides, and what it is being used for;
- Don’t ‘Sleepwalk” into this era, or you are doomed to fail; and
- Really, properly, get strategic control of your infrastructure.
Accordant Solutions have the experience, skills and tools to guide you safely into this new world.