View this email in your browser

Nothing To Declare — travels in a connected world 

Bulletin 26 July 2019. On air gaps, cloud hopper hackers and breaking Google 

All Plaxo’s fault

Anyone remember “air gaps”? The notion was, and remains simple — if you don’t want a computer or its data to be hacked, don’t connect it to a network; to transfer data, stick it on remove-able media (for example, an external hard drive) and export it from one computer, then import it to the air-gapped other. 

Why wouldn’t you, as a way of protecting your more sensitive stuff? A thousand reasons, not least that the time taken to export/import is too great. Or is it? I have to say, I am wondering, given news such as the Reuters investigation into Chinese ‘cloud hopper’ hackers, who first compromised some of the bigger service providers (looking at you, IBM and HPE) and then went after their clients. 

The hidden message at the heart of the article is, organisations feel they have no choice but to connect all of their systems to the global network we call the Internet. “Teams of hackers… penetrated HPE’s cloud computing service and used it as a launchpad to attack customers, plundering reams of corporate and government secrets for years,” say the authors.  

But what if it didn’t have to be so? Are we really in a situation where every single thing we digitise has to be considered accessible to, well, everybody? I’m not so sure of the answer: of course if we make it inaccessible, we can’t get to it remotely either; of course data integration offers many advantages; of course we should be able to put security mechanisms in place that actually work. 

At the same time, however, I wonder if we have managed to convince ourselves that everything needs to be connected, by default and without exception, and we should deal with the consequences even if we are no good at doing so (or indeed, we don’t get round to it); or indeed, expect third parties to do a better job than us, even if they show they cannot. 

I picked up one article last week which suggests that they know they cannot, either: that Google pays large sums of money to people who can find security holes in their code. The term used is “reward” though I can’t help thinking that we should be saying “pay-off” — it’s almost a reverse-bribe, made official and announced in advance.

I spend an inordinate amount of time writing about how people should get better at cybersecurity, and rightly so because they, that is we, should. But while we are not so good, perhaps we should not be so blasé about what data we allow to swish around. 

It’s almost as though we have given up. I was suddenly reminded of Plaxo, that address-book-sharing app that pre-dated Facebook (founded by Sean Parker, who was ousted from the board and who then convinced Mark Zuckerberg not to let himself get into the same position — we all know where that has ended up). Connect everything, and teh world will be a better place! was the theory, anyway. 

Which brings to other reasons for air gaps. Doing anything on a computer these days sometimes feels akin to trying to get a day’s work done in a fairground. I remember, back in the day, when I would get something done, then actively connect to upload it, catching up on any downloads at the same time. It felt quite peaceful, and no doubt still would. 

I’m not saying we should switch everything off, or indeed, disconnect like heroes in a dystopian novel — just that it would be nice to have a choice. Uncoincidentally, I’m talking to a few companies right now that offer various forms of network segmentation, so you can create private connections across cloud-based microservices. 

Perhaps this could be extended to work between yourself and your stuff, enabling a facade of dis-connectedness. Just putting it out there. 

Thanks for reading, Jon

P.S. Thank you to Ian M for the ‘cloud hopper’ story!


Copyright © 2019 Inter Orbis, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Email Marketing Powered by Mailchimp