Big news this past week that U.S. President Barack Obama’s sensitive
(but unclassified) e-mails were accessed by Russian hackers. It is
surprising this news is surprising. The U.S. government’s unclassified
network suffers from the same problems that have led to and will
continue to promote other high profile attacks, including Sony, Home
Depot, etc. Despite immense expenditure on IT security, these
organizations are at the mercy of well-funded, sophisticated attackers,
because computing infrastructures are fundamentally flawed, due to the
following “Trifecta of Death”:
Any organization with a large number of users (the U.S. State Department has 34,000 employees) is an easy spearfishing target, no matter how much IT trains users.
And because users and computers in large enterprise networks require Internet access, one spearphish is easily converted into complete control via Internet-borne malware. The commandeered system can then be used to leisurely explore and infect the rest of the network, aiming for more juicy targets – like archived e-mail.
How can enterprises address this problem? The enterprise must first understand its high value resources – where disclosure or loss of function would have catastrophic consequences. For a tech company, this might be some source code, designs, or strategic plans. For a pharmaceutical or beverage company it might be product formulas and research. For a money management firm, it might be the PII and financials of its wealthiest clients. For a hospital, it might be the network managing robotic surgeons. Enterprises must not expose these digital crown jewels to the Trifecta.
Avoiding the Trifecta means employing strict network segregation, where the crown jewels are colocated in partitioned computing resources, accessed only by operating environments that are not (ever) connected to the Internet. This may seem heavy-handed, and many scoffed at former US Cybercom chief Keith B. Alexander’s call for an isolated network for critical infrastructure, but he was spot on. The trick is to ensure segregation does not stifle productivity. Obama accesses information from a plethora of operating environments (BlackBerry devices, tablets, laptops, desktops), each never permitted to cross classification boundaries.
But few people in the corporate world would tolerate having to manage such a large set of computers. Solutions like BlackBerry Balance on mobile devices and virtual machines on laptops and desktops can be used as multi-network access solutions. Entry into the ultra-sensitive network from PCs should be guarded by VPN and dual-factor authentication – but allow users the convenience of using their mobile device as the secondary authenticator.
Finally, limit access to the ultra-sensitive network to the smallest possible group with need-to-know and encrypt data (e-mail, files). If the network grows too large, consider further segregation. In the Obama e-mail exposure, it was reported that his BlackBerry device and communications were never accessed. In addition to the obvious security advantages of a BlackBerry device, Obama’s BlackBerry contacts are purportedly limited to only 10 to 20 people.
In order to protect high value resources against sophisticated attack threats, follow these least privilege, defense-in-depth guidelines, anchored by strong network isolation made user-friendly by trustworthy multi-platform access solutions. And for those networks with many users and connections to the Internet: expect their data to be disclosed, just like Obama’s unclassified e-mail. All the expensive firewalls and UTMs in the world won’t prevent that.
- widespread use of general-purpose computers
- computers connected to the Internet
- large number of humans accessing those computers
Any organization with a large number of users (the U.S. State Department has 34,000 employees) is an easy spearfishing target, no matter how much IT trains users.
And because users and computers in large enterprise networks require Internet access, one spearphish is easily converted into complete control via Internet-borne malware. The commandeered system can then be used to leisurely explore and infect the rest of the network, aiming for more juicy targets – like archived e-mail.
How can enterprises address this problem? The enterprise must first understand its high value resources – where disclosure or loss of function would have catastrophic consequences. For a tech company, this might be some source code, designs, or strategic plans. For a pharmaceutical or beverage company it might be product formulas and research. For a money management firm, it might be the PII and financials of its wealthiest clients. For a hospital, it might be the network managing robotic surgeons. Enterprises must not expose these digital crown jewels to the Trifecta.
Avoiding the Trifecta means employing strict network segregation, where the crown jewels are colocated in partitioned computing resources, accessed only by operating environments that are not (ever) connected to the Internet. This may seem heavy-handed, and many scoffed at former US Cybercom chief Keith B. Alexander’s call for an isolated network for critical infrastructure, but he was spot on. The trick is to ensure segregation does not stifle productivity. Obama accesses information from a plethora of operating environments (BlackBerry devices, tablets, laptops, desktops), each never permitted to cross classification boundaries.
But few people in the corporate world would tolerate having to manage such a large set of computers. Solutions like BlackBerry Balance on mobile devices and virtual machines on laptops and desktops can be used as multi-network access solutions. Entry into the ultra-sensitive network from PCs should be guarded by VPN and dual-factor authentication – but allow users the convenience of using their mobile device as the secondary authenticator.
Finally, limit access to the ultra-sensitive network to the smallest possible group with need-to-know and encrypt data (e-mail, files). If the network grows too large, consider further segregation. In the Obama e-mail exposure, it was reported that his BlackBerry device and communications were never accessed. In addition to the obvious security advantages of a BlackBerry device, Obama’s BlackBerry contacts are purportedly limited to only 10 to 20 people.
In order to protect high value resources against sophisticated attack threats, follow these least privilege, defense-in-depth guidelines, anchored by strong network isolation made user-friendly by trustworthy multi-platform access solutions. And for those networks with many users and connections to the Internet: expect their data to be disclosed, just like Obama’s unclassified e-mail. All the expensive firewalls and UTMs in the world won’t prevent that.
Comments
Post a Comment