Wednesday, May 20, 2015

Security = Futility or Utility?

Or put another way: How secure are we really? depends upon how empty or full you see your cup!

For those with a predilection for full, let me introduce you to the emergence of Weapons of Mass Cyber Destruction (WMCD).

Forget externally implemented Denial of Service attacks, think of previously embedded Denial Of Operation tools.

Think not of Back Doors, think of built in Kill Switches, either surreptitiously, or worse openly, installed by the manufacturers of the devices.

We already have EMP Nuclear Bombs that can destroy our unprotected electronic devices. By far the majority of our electronic devices would be permanently taken out by an Electro Magnetic Pulse triggered by the explosion of such a device. Few nations have the capability, or the capacity to develop such devices. So most electronic devices remain unprotected.

A single dedicated and suitably motivated individual could develop a digital equivalent of the EMP. However there are large corporations who have already demonstrated a predilection for developing and implementing digital kill switches.

Such code has been developed to "kill" or degrade charging cables not manufactured by Apple. It only takes a small step inside the innards of any electronic device to determine the capability of installing kill switches. The answer is simple: all could have one built in, most could have one added, the important question is how many already have? In the case of the Apple charging cable it is as a result of a licensing program that gives contracted companies the right to make Apple Cables, to achieve this right, they must build MFI Authentication chips into their devices. Apple has written code into the iPhones and iPads to allow them to degrade the performance of non licensed cables and then stop them working at all.

If it walks like a "Kill Switch" and quacks like a "Kill Switch"....

Apple is currently requiring that Home Automation Manufacturers build the same MFi Authentication chips into their devices if they want to interact with HomeKit. They will likely be building in the same kill code to disable operations of device manufacturers who have stopped paying the HomeKit licensing fee, as they have done with their cables. This sounding frighteningly close to a protection racket.

There is clearly a need for Trust Perimeters, and for a Digital Fabric that enables the development of e-trust, which is a requirement on the journey to true Cyber Agency. The challenge is to ensure that e-trust and Agency are achieved in an open, transparent and arguably free manner. Walled Gardens that do not allow the free flow of trust and agency will be a major disabler for economic growth in the not to distant future

But perhaps worse is that the practise of embedding "kill switches" into products, in the interest of protecting revenue generating license fees, may one day, be used against us all. Why would we allow the installation of components and/or code into our devices that enable Mass Cyber Destruction? It is quite clear that Nation States could trigger already embedded kill switches at a mere whim....

What systems do you already own that could be disabled by miscreants or manufacturers?

More importantly what systems have you sold to your customers that could be disabled by miscreants or manufacturers?

In an increasingly interconnected world of Things, protecting the Agency of our Citizens/Customers, must be one of our highest priorities, after delivering them value for their tax/money. Though protecting the Agency of our own enterprise is as equally important. Be aware of each and every reduction of Enterprise Agency, some of these reductions may be done for good business reasons, but be sure they are. Miscreants and Entropy acts on Agency in the most surprising of ways, just like the frog relaxing in a warm pool of water, we should always be very cognizant of the importance of Situational Awareness. For like the dozing frog, we may never come to the realization that it is in fact a pot on the stove, and never wake up!

No comments:

Post a Comment

Thanks in advance for sharing your thoughts...