Every day we hear reports of new cyber-threats, and every single time they point to the same culprit: people as the weakest link in cyber-security. In addition to my earlier rant on cybersecurity and human behavior, a great piece was posted a few weeks ago in Government Computer News that articulates the issue very well. A case in point is the recent drone virus revealed by Wired. It is a great example of the lack of appreciation for the tradeoffs you need to make when running missions. After the 2008 incident in which an infected removable media drive was the vector of entry for a worm into an overseas secret-level DoD network, the use of USB drives has been severely restricted throughout the military.
Predator and Reaper drone crews at the Creech Air Force Base in Nevada where a large number of drone missions are conducted, however, use removable hard drives to load map updates and transport mission videos from one computer to another, which is probably the entry vector for keylogger virus here again. But how else can you run drone missions? Want to try flying without a map? It turns out that manned aircraft resort to the same approach: pilots upload maps to their flight computers using removable drives. What’s the alternative? The cost of doing business in an environment where the most efficient practices are prohibited is unbearable, especially if the other side does not have such restrictions. Another layer of absurdity was added to the drone case when it was revealed by Wired again that even after the virus was discovered the Creech Air Force Base did not inform the Air Force cybersecurity unit – probably because they didn’t think it was a serious threat, or for fear of reprisal in case the infection was due to, say, military personnel playing Mafia Wars. Even though the Air Force denies this version (but many indicators suggest it is close to reality), it is again human behavior that amplified the potential security consequences of the threat. Okay, now what was the response from the DoD leadership? “Drone units at other Air Force bases worldwide have now been ordered to stop their use,” the Wired article reports. What about the missions? How do you upload the maps? What type of tricks do you think the pilots of unmanned or manned aircraft will use to do what they need to do? They will find a way around the ban because they have to. As a result, the fix may end up being worse than the initial problem, except now we don’t know what the counter-trick is. Great.
Along the same lines, the excellent Security Innovation Network or SINET, an organization dedicated to “advancing innovation and enabling global collaboration between the public and private sectors to defeat Cybersecurity threats”, recently announced their selection of 16 innovative security firms for 2011:
|CipherCloud||Cloud data encryption and tokenization|
|FIXMO||Mobile device risk management|
|Glimmerglass Networks||Optical signal management|
|Imanami||Group identity management|
|Invincea||Endpoint browsers and document security|
|KoolSpan, Inc.||Mobile device encryption engine|
|Mocana||Smart device security|
|Mykonos Software Inc.||Code level application security|
|Revere Security||High efficiency encryption technology|
|Rsignia, Inc.||Advanced servers for detection, mitigation, countermeasures and forensics|
|SilverTail Systems||Predictive analytics for detection and prevention of website fraud and abuse|
|SS8||Lawful interception and communication forensics|
|Stegosystems, Inc.||Malware execution prevention|
|Triumfant||Attack detection and remediation|
I have nothing against these firms, and I am sure that the SINET team did a great job of vetting their technological capabilities. But, just in case you haven’t noticed, they provide very little in the way of mitigating or shaping behavior.
To learn more about understanding the impact of human behavior on network defense and security, watch an example video.
Image Credit: PC Tech Notes