Tuesday, 27 June 2017

Physical Data Security

Why a complete loss of trust in online security is the best thing that can happen to the modern world.

The internet has been around for decades. It connects digital devices and allows them to share information. As time goes on, more and more internet-connected devices will appear in our daily lives, collecting ever more information and transferring more of it more frequently. 
It is generally assumed that owners of the devices are aware of the information being collected and have control over how it is used. A third party should not gain access to the data, whether it is on the device or after it has been transmitted over the internet. 
WhatsApp's efforts to protect its users
The importance of security is proportional to the value of the information being stored and transmitted. Controlling access to your WhatsApp or Facebook Messenger, for example, becomes much more important when you have compromising photos or intimate messages on there. 

As the world economy continues on its path of digitization, greater amounts of wealth will be tied up in information stored on internet-connected devices. Having a million dollars stolen from a company is a loss equal to losing a company secret worth a million dollars on a laptop. 

However, internet security has been continuously eroded over the decades and there is a forseeable future where no security can be expected for digital devices. 

Internet security is at an end

It starts with us.

The general consumer is not fully aware of all the information collected on them by their devices. Voice-activated tools such as Amazon Echo or Apple's Siri record our conversations through a smartphone's active microphone, internet service providers log your browsing history for sale while modern cities take thousands of photographs of you parking your car, exiting the metro or walking in the park, every day. 


Facebook's face recognition.
We do not fully control how this information is used or transmitted either. You can be tagged on Facebook despite never having registered an account, your browsing history is sold to travel agencies and insurance companies certainly have access to more data than you willingly shared.    

Without knowledge or control, each device we own and use is a vector of attack for a third party. If the value we accord all of our personal data is commensurate with that of more tangible objects, it would be akin to dropping photocopies of our passports, social security numbers and family albums everywhere we went.

Usually, we as citizens defer to the government and law enforcement to protect us from attacks. If your home is broken into and robbed, you would call the police, report the crime and have investigators collect evidence to track down the criminals. This protection should extend to your data.

But what if the government is supportive of measures that erode security and enhance the effectiveness of attacks to further its own goals?

Examples include the UK's stance on internet security and privacy, or the USA's anti-terrorism and ISP laws. These measures actively weaken the defences we rely upon to protect our security and help private actors collect and distribute data we did not agree to share. Together, the personal lives of consumers and the wealth of companies is put at risk.
One method of encryption. 
The commonly proposed solutions to these security deficiencies is education and encryption. Education is how we learn about how attacks take place, which vulnerabilities they exploit and how the public and the private sector should behave to make these attacks less probably. Encryption is a sometimes cumbersome, sometimes expensive way of rendering data unusable to attackers even if it is extracted or intercepted. Insufficient encryption is as good as no encryption at all, so there is an incentive to use the best available cryptology.    

When this is at stake, we take measures to protect our data.

The best encryption works by scrambling the data in way that an attacker would take hundreds to thousands of years to piece it back together. There is a technology however that can do this in minutes.
Using quantum encoders to encrypt communications. 
Quantum computing has so far been a niche product, used mostly for testing and experimenting in computer science laboratories. Soon, it will realize its potential. It promises to explore many potential solutions for any problem simultaneously through quantum superposition and entanglement. The first consequence of this is the ability to solve any encryption in a matter of seconds, where a conventional computer would struggle endlessly. 

Like all other forms of computing, quantum processors will become widespread in use. Unlocking the world's digital secrets and cracking previously impregnable data forts containing millions in virtual value will make quantum decoding enticing to criminals, governments and their combination, black operations, alike. Quantum-based encryption can easily be disrupted.

Until then, there is are still problems with conventional encryption. Stronger encryption means a computer takes longer to secure a piece of data, and equally long to decrypt it for reading. As the threats facing data security become more numerous while data becomes more valuable, it will take ever longer to secure data to the point where encryption consumes more resources than encoding, compressing, storing, transmitting or even generating the data.  

The last bastion of digital security

One option to maintain data secure is to remove and separate data from the internet. 
If no-one touches the computer, data is secure. 
Virtual private networks can be seen as small-scale replicas of the wider internet, connected only at endpoints to transmit instructions and data in a more secure manner. 

Even better, 'air-gap' computers or networks cannot be connected to remotely. They are the primary form of protection for sensitive data used by governments around the world. Without any connection to another device, there are no vectors of attack... right?

We will now discuss a world in the near future where vulnerable consumers, spying governments and quantum code-breakers have together rendered internet security an oxymoron. How will it look like? How will a digitalized economy function? What are the solutions and consequences?

The components of physical security

An electronic device secluded from all connections still needs to transmit and receive data. It must also be protected against the ultimate attack: a hacker in direct contact with the device. 

The consequence of these two requirements is that a certain level of physical security must be maintained. By physical security, it is meant that no one other than authorized agents may approach and use the device. 

The components of physical security are therefore:
-Location/Case
-Agents
-Exit point
-Temporary storage device
-Transport
-Entry point

The location component involved protecting the area where the device is stored or worked upon from intrusion. Walls, locks, guards and surveillance are the norm. The same applies to the device's casing if it must be mobile. The protection must also extend to sonic and electromagnetic leaks for reasons explained below.

Agents are the humans that work for the company and are directly or indirectly in contact with the device. Vetting, trust and incentives are ways of ensuring that the people working for the company will not be tempted to compromise security. Although the 'human factor' is usually considered a weakpoint in secure systems, they are in this case more reliable than automated agents, especially in combination with biometric data.

Exit point is where the data contained in the device is copied into the temporary storage medium. It is an opening for attackers to intercept data leaving the device. 

The temporary storage device can be as simple as a USB stick or as complex as quantum entangled photons set to collapse if tampered with. It must keep its data secure during transport and remain immune to parasitic attacks that try to use it to intercept the data at the entry and exit points. The temporary criteria is so that no trace of the data remains after the task is complete.

Transport is how the temporary storage device is physically moved from the exit to entry points. Physically moving data prevents it from being compromised on the internet or intercepted by most forms of government regulation. This is a critical component of overall security and will likely function as a 'physical net' between devices. Compromises have to be made to maintain a useful data transfer speed, so this might end up being the only weakpoint of a secure system.

Entry point. The destination of the data. Care must be taken to verify that the temporary storage device has not been compromised and that the data has not been modified or corrupted while in transit. Quantum computing can be used here to run through the data received to weed out any hacking tools included intentionally or not very quickly. 

Why this could be a great opportunity

The list of components of physical security might sound like a massive task that would force an undue burden on a digitized economy. How would a company compete if every computer must be kept under lock and key, and if it must absolutely trust every employee working for it? Would this cause the collapse of the data-reliant systems we depend on to produce wealth?

Not at all! In fact, a reversion to the absolute necessity of physical security is a great opportunity for a new phase in society and a solution to many of the problems caused by increased automation. 

Consider this: today's society relies more and more on data handling systems that are entirely virtual, producing value stored only as 1s and 0s, and eliminating human intervention at every turn. Automation and artificial intelligence cut into the human workforce without recourse while concentrating wealth in fewer and fewer hands. Online activity means that server farms, corporate headquarters, company employees and data centers can be located anywhere on the globe, which promotes cherry-picking of the most exploitable characteristics available: cheap IT from India, low latency in New York, cold climates in Greenland and low taxes in Ireland. 

How would things change if physical security was the only way to maintain this empire?

Humans would become important again. They are the guarantors that data is secure. Transportation will have to improve and many concepts such as supersonic air travel become viable again. Localization becomes paramount: companies will have to make hard choices as to where they want to operate and to dedicate their efforts. Less work will be outsourced, more companies will install complete headquarters in their areas of operation: money will stay where it is generated.

It does not necessarily mean the end of the internet either. As mentioned before, insufficient encryption is as good as no encryption... so why not openly transmit information you can afford to 'lose' to enemy hands? 

What we might end up with is a tiered security strategy. The lowest tier is as secure as the radio: broadly transmitted information over existing infrastructure. This will contain the bulk of consumer data use, such as Youtube videos or web pages. Intercepting this information is as easy as it is pointless, as it will have very little value. 

The highest tier is the Maginot Line of data. Billion dollar weapons programs, drug research and financial data are kept in hermetic bunkers. People are moved around to work on the data instead of risking the data being moved. The security investment will be immense, with the money moving into reinvigorated sectors such as air transport, security contractors and spy agencies. 

In short:

-Increased human value
-Localization of investments
-Potential shield against the effects of automation
-Increased investment in sectors neutered by telecommunications
-Run-on effects of increased mobility (hotels, restaurants, property markets...)

Further discussion of particular effects below.

Air gaps and countermeasures

In networking, an air-gap is a physical isolation of a computer from any external network. No wires, waves or any forms of communication can access these devices from the outside. 

Is sufficient control is exercised on what data goes in, then an air-gapped computer cannot be infiltrated. Protocols put into place to prevent unwanted persons and careless behaviour can prevent information from leaking out through unauthorized access.

All it takes is one un-vetted USB to compromise an air-gapped computer. 
However, even such a system is not impregnable. Deceiving the human operators can permit certain programs to be installed on these computers. The physical security can be penetrated. A resourceful attacker might even sidestep the problem by pre-installing spyware on all devices likely to be used in an air-gapped network, a tactic likely employed by governments today against Microsoft OS systems. 

A famous example is the Stuxnet case. It was the largest malware project ever, involving the development of a computer worm meant to take down or severely handicap the development of the Iranian nuclear program. The problem is, the computers that controlled the uranium refineries were air-gapped and isolated from the outside world... until a combination of spy work, social engineering and international co-operation penetrated these defences. 


Newer tools are constantly being devised. The most effective tools attempt to extract information from a computer through passive 'sniffing' of internal electromagnetic leaks, or ex-filtrate it from an infected computer through sound, power spike, screen defects and so on.
This phone's FM radio is listening to signals generated by the infected computer's GPU.

Most importantly, the case highlights the fact that the critical factor to penetrating air gaps is to have human agents working for you, physically or facilitating the physical access of malware into the protected environment. Designing defences against human attack is much more intuitive and straightforwards than cyber defences, which is a good outcome for writers and worldbuilders who want to set out exciting scenarios for the audience. 

Biometrics

Trust only goes so far. 


You might trust your closest friends or people who have invested as much into a project as you have. This circle of trust cannot be extended to cover all the employees of a large corporation or multi-million dollar projects, as it involves a rotating roster of hundreds of individuals.

The technological solution to the problem of trust is identification. 

UK passport with biometric chip.
Modern identification relies on certification: documents that assure you that the person in front of you really is who they claim, on the authority of the certifying body.

The problem with this approach is that certificates are a real-world object protected by encryption. Today's governments are aware that breaking the security of the documents or the certifying body through cyber attack allows the attackers to create documents proving they are whoever they want them to be. This has resulted in a push for biometric data to be included on passports.

Different sorts of biometric data in use today.
In a future where physical security is the last line of defense, biometrics will be intensely developed. Instead of fingerprints and DNA swabs, less easily falsifiable data such as brain wave scans, heartbeat audio recordings, infra-red snapshots and even body odour will be included in databases. 
It is quite difficult to replicate any of this data and fool a scanner, but impossible to do so for all of them combined. 

Of course, biometrics alone are insufficient as a form of protection. It cannot determine that the person has been turned into an attack vector by a third party, nor can it prevent situations where attackers completely bypass the verification checkpoints. There's also the problem of the reference database for the biometric profiles being a weakpoint for the entire system and that the users must trust that the data handlers will not use personal data for nefarious purposes.  


De-centralization and isolation

Having to rely on the physical transport of data to ensure its security increases the cost of communications for any project or company that operate in more than one location. 

Businesses will try to reduce this cost by decreasing the frequency and cost of these communications, both by increasing the independence of each site and the distance the data travels. By independence, it is meant the ability for local headquarters to make decisions without consulting higher-level management, or a research team to have all its resources pooled nearby and other similar cases.

The proper term for all this is de-centralization.



It would be interesting to have many more Apple Campus 2 buildings around the world.
Just as companies will start building larger, more self-sufficient regional centers, governments will relegate more power to local authorities and consumers will prefer to pay their taxes, do their banking and buy their products near where they live.  

There are positive and negative effects to de-centralization.


De-centralization is an added layer of security on its own, as an attack cannot easily propagate to other data centers. It is a trend that the internet is returning to through the use of block-chain technology

Job markets will lose the volatility and insecurity that came with very mobile employees and the possibility of outside hires. On a national level, having large companies replicating the full corporate structure wherever they go prevents them from 'sniping' regional advantages without giving anything in return. More importantly, this means that money sticks wherever it is produced and actually helps back regions that provide lower wages or tax breaks instead of putting local populations in conflict with commercial interests. By the same token, there is much less advantage to simply expand companies instead of improving their performance. Multiple, small enterprises will compete with billion-dollar value brands on the same footing, leading to more innovation, more product choice and higher quality products for each price point. This only helps consumers. 
Most of the world's trade happens between a handful of financial centers.
On the other hand, de-centralization means corporations lose out on the savings of single-center administration. Solutions to problems the company faces will be varied and sometimes contradictory, so this will increase running costs. Small companies becoming very competitive will cause large companies to very carefully research their investment opportunities and still hesitate: money will flow more slowly. Higher quality services and products cost more to make without the savings of global data sharing, so profit margins will be lower and only lean and mean marketing strategies will become successful. For the consumer, this can be seen as every product being aggressively pushed into every ad space and air time. Family businesses will suffer despite being fully local and while the local job market will become more favourable to employees, it will hurt developed countries' economies in favour of developing countries.  

Transport and temporary storage devices


Data will need to be moved to be useful.
As mentioned before, storage devices will be loaded with data and transported between exit and entry points to maintain the chain of physical security.

No reason for this trend to end.
A common temporary storage device is a USB stick: a removable flash drive. It is small, can hold a lot of data and cannot be accessed wirelessly. Due to its small size, it is cheap to add electromagnetic protection, such as faraday cages to prevent the drive from being wiped by an EMP attack, and physical protection, such as a steel box to prevent the drive from being destroyed by a car crash.

The list of security requirements and the level of protection required will grow with the value of the data. Extremely sensitive data, such as weapon blueprints, state secrets or trading algorithms have two routes for physical transport.


The first is already used today: security through secrecy. 

There is no need to carry your USB stick in a metal cage if no-one knows you have it. There is not need to add protections if your data is being carried in a chip hidden the screw cap of a pen you negligently dropped next a stranger in a train station...
Armored convoy.
The second is to insure the protection of the data yourself. It is not a task you can delegate or assign blame for, like car insurance, because by then the data would be lost in an attack and no amount of money will bring it back. This means that valuable data is carried at your own cost, however much you can afford.

For high-value data, this might take the form of armored convoys travelling down special street lanes and authorized to use lethal force. 



Naturally, such a show of force will cost a lot. In most cases, moving the people who use the data, instead of the data itself, will be a more economical measure. De-centralization already means that the engineers or scientists that use the data would live near their place of work. Massive investments on short-distance point-to-point transport of people is to be expected. 
Elon Musk's Boring company is an example of such an investment.
This might spur the development of transport solutions such as road trains or fleets of autonomous cars. These are much less costly than expanding underground rail or adding multi-level roads to handle the traffic. 

Another concern is speed.


A USB stick in your pocket can only travel as fast as you do. A fully developed intercity transport network would not have an effect on travel speeds beyond city boundaries.

Gigabit transfer rates on two wheels.
High-speed communications are still possible in a physically secure world. The trick is to take a lot of data and carry it quickly where it needs to go. For example, a 100 terabyte hard-drive carried across a city to another office building in a half-hour drive would average a data transfer rate of 55.6GB/s which is about a thousand times faster than modern fast internet. 

For rather less important data that can be packed into small containers, an accelerated postal service might be the solution, ranging from hourly Hyperloop trains carrying data banks between cities to courier services that ensure nothing leaves human supervision.

LAPCAT's supersonic jet concept.
Supersonic air travel would become popular again. Hypersonic transportation will be developed, as they would allow data to be shared and synced across continents within hours. Something like Space X's Falcon 9 could be used to take top-level executives or critical engineers across the globe in an hour
My morning commute.
Between hypersonic data carriers synchronizing data several times a day and any personnel available anywhere an hour, a physically connected world would not suffer much compared to one reliant on wireless transmission.

Human factors


Having people travel would boost the services industry, meaning that hotels, restaurants and dry cleaning would spring up around any business centre. 


Trained professionals would be needed to handle the protection of data forts. Para-military organizations are well suited to this task, though agents trained to be more discreet would also be useful. 

Relying on human elements to protect data replaces one vulnerability by another. Trying to buy employees' loyalty against their employers is a very expensive task. It is much more effective to 'turn' employees through ideological or psychological attacks, so corporations will need internal control and testing of employee motivation. Psychologists would be in vogue, and psycho-medical research would be funded by paranoid employers.
An honest work environment.
There would also be shift in the value of low wage jobs. Today, low wages are paid to people performing menial, repetitive or simple jobs. Very high wages are paid to specialized engineers that work on advanced computing and robotic work. If the shift from digital to physical security is realized, automation would handle menial tasks that we can afford to fail. Human hands would need to observe, check and protect the flow of data. Their worth has to be proportional to the value of the data, otherwise the least well paid human handlers would not have the incentive to prevent security from being compromised. 

Worldbuilding


How would a physically secure data network affect the world? How would we build a setting out of this premise?


A cyberpunk dystopia can easily be fashioned from this premise. If humans become the central vulnerability for a physically secure system, then managing this risk is the way to reduce or remove this vulnerability. Employee monitoring, invasive collection of biometric data, psychological and psycho-medical regimes... these factors open the door to an oppressed workforce where employers fear their employees and equate cruelty with security. 

Corporate power could expand under the premise of protecting their data. Hiring protection services and buying armored vehicles basically puts military power in private hands. Incidents where this power can be abused are easily engineered. 


Criminals and revolutionaries would bolster the system if they try to take it down. Intercepting data convoys, kidnapping key engineers and penetrating air-gapped networks would make exciting set-pieces for a game, but also strong arguments to reduce the restrictions on corporate power. 


On the other hand, a better society can be built out of this premise too.


Having humans protect data and handle it along all points of its distribution is a great counterpoint to the argument that automation will destroy jobs. Expanding sectors such as transport and other services further employs greater numbers without requiring higher education degrees. 



Gated communities are an example of a population that shares locally. 
Localizing and de-centralizing corporations might reverse the trend towards the hegemony multi-nationals have over small governments in developing countries. Having a smaller, better defined customer base might lead towards a greater respect of local cultures and less insensitive advertising campaigns. It might also encourage companies and communities to give back and develop their neighbourhoods in a more social manner, as they do not fear that their money will be taken elsewhere. 

Co-operative or dystopian, a setting with physical security for data is an interesting playground for any author.

Summary

The increasing burden of encryption, or its complete failure through quantum de-coding, coupled with government-imposed scrutiny of the internet and the widespread availability of hacking tools to the public means that the transition to a fully digital economy is riddled with vulnerabilities and openings to attack.

The only sure way to defend data worth millions is to physically separate it from any vectors of attack using air gaps and human surveillance.

Having humans handle data security has many benefits, ranging from protection against automation destroying jobs to a more stable future for developing countries.  

42 comments:

  1. Cylon virus from Battlestar Galactica comes to mind herr

    ReplyDelete
    Replies
    1. From the independent battlestations that couldn't be hacked all together, if I remember correctly?

      Delete
    2. Something like that, the older Battlestar, Galactica, did not have her computer systems connected, while the newer had everything connected and were more automated, but prone to Cylon cyberattack

      Delete
  2. As for fast intercontinental transportation: I think nothing (except a gravity train, which can't be used on Earth) beats a laserlaunch system launching capsules on suborbital hops. Why only go supersonic and consume limited fossil fuels when you can go hypersonic and powered by electricity, which can be generated by whichever means is the most interesting depending on circumstances.

    ReplyDelete
    Replies
    1. An intercontinental hyper-loop could also be a solution. It consumes much less energy and uses less advanced technology than a laser launch platform.

      As for fossil fuels... we can go down the route of CO2-derived ethanol for a sustainable long-term solution to both global warming and the energy density for transportation.

      Delete
    2. Wouldn't hyper-loops be much more expensive to build? And they are not as flexible (can't sent payloads to different locations with the same installation, can't send things into orbit, can't be used as part of anti-missile defenses, ...). Laserlaunch could be build with mostly of the shelf components. Focusing a laser through atmospheric disruptions on a moving target in a compact, efficient and mass producible system is already a reality. Rheinmetal, Raytheon, BAE, ... are either developing or already have developed multi-kW combat lasers.

      Delete
    3. Hyperloop data-trains would be focused on delivering packages between major cities. Laser launches with their sub-orbital velocities would lose out over medium ranges due to their lower efficiency and higher per-package cost. Plus, laser launches are likely to be outright riskier than hyperloops... there's the danger of having your package fall off the beam and parachute down into enemy hands.

      Maybe both can be used. Couriers within cities, tubes between cities, jets for long ranges and laser launches/ rocket launches for intercontinental deliveries.

      Either way, it would be much more interesting than today's wireless infrastructure.

      Delete
  3. Sorry to be picky, but I think the supersonic aircraft there is the LAPCAT- a Reaction Engines aircraft, not boeing.

    https://en.wikipedia.org/wiki/LAPCAT

    ReplyDelete
    Replies
    1. Thanks. I'll correct it. By the way, how do you like the changes to the blog?

      Delete
    2. I do like the changes! Was the background picture one you made yourself?

      Delete
    3. No, it is the work of u/GrokoDaemon on reddit.

      https://www.reddit.com/r/worldbuilding/comments/53ar0j/advanced_technology_demonstrator_isv_leto/

      Delete
  4. I thought that looked familiar...but at first I thought it was just convergent evolution on the part of the engines and airframe.

    ...Would a liquid methane SABRE-style or Scimitar-style engine work at all? Less cryogenic cooling, but the fuel is much more compact and less prone to leaking out through gaps in the molecules.

    ReplyDelete
    Replies
    1. Methane propellant performance just doesn't compete enough with Hydrolox. Its Isp is something like 350s at best, while Hydrolox reaches 450s or better in vacuum.

      The difference in mass ratio to achieve SSTO performance is just too great to handle.

      A rough calculation for 9000m/s deltaV gives me a mass ratio of 7.7 with hydrolox but 13.77 for methane...

      Delete
    2. IIRC, the cryogenic performance of hydrogen is mandatory for it to work, due to the massive amount of heat it has to get rid of from compressed air.

      Delete
    3. Yes, that was a critical component of Alan Bond's pre-cooled compression engines, now being tested successfully by Skylon.

      Although... It might be possible to achieve the same effect with some kind of physical compression and expansion engine. It would deliver the liquid oxygen in pulses, but no LH2 required...

      Delete
    4. There still needs to be some sort of heat sink or "cold side" to get rid of the waste heat, or you would need a very unreasonably sized expansion nozzle to cool things enough to liquify the Oxygen. Since the aircraft would be moving at supersonic or hypersonic velocity, the airstream surrounding the vehicle will be at extremely high temperature, so you can't dump the heat into the atmosphere. LACE and similar systems pump the heat into the Hydrogen and dump it overboard with the exhaust. In many cases, the hydrogen being dumped is far in excess of what is needed for thrust.

      Of course the extra weight and complexity is probably what is going to kill that idea, externally powered systems riding laser or microwave beams to orbit can be conceptually very simple indeed (see Leik Myrabo's early work on laser powered lightcraft, essentially shaping the bottom of the vehicle to act as a focusing mirror, no moving parts needed at all).

      Delete
    5. Unreasonable sized nozzle... but not if the choke point is very small and the expansion ratio extreme (1000+). You'd get a decently sized internal nozzle, just very tiny mass flow.

      However, if you do not consume the liquid oxygen during ascent, only store it, then a few dozen minutes of flight as you ascend on another propulsion system might get you a 'free' load of LOX. In an LH2/LOX engine where oxygen represents 90% of your propellant mass, this might be a significant boost to your payload fraction.

      I agree with your views on laser launch. Its our best option as the technology gets cheaper. Leik's funnel-shaped lightcraft was featured on my post on laser launches.

      Delete
  5. The importance of security is proportional to the value of the information being stored and transmitted.

    I take it you mean this in the context of a given device or system, and I disagree. I would say the importance of security, even for a given device or system, is proportional to how security is prioritized by the society of users in question. This is because security serves a second purpose beyond immediately securing information: it also reminds the user of the relative importance of security as a value.

    For example, every time I lock or unlock the front door of my house, I am reminded of why my house needs a lock in the first place. If my house somehow knew who I was and used an invisible and inaudible mechanism to lock or unlock itself whenever I was coming or going, I would not have this reminder, and my prioritization of security might change. This is somewhat similar to the cliche of the anti-war protester who has never encountered the threat against which his country is fighting.

    Conversely, some people have very valuable personal information, but security is not important to them so they freely broadcast personal information to strangers.

    ReplyDelete
    Replies
    1. I agree with you, as security is a sliding scale that sometimes reaches extremes on personal levels, but I would tend to insist that if a company has several million dollars tied up in its data, then it will install appropriate security measures.

      Afterwards, if the employees do not heed guidelines and misuse their data, then the effective protection they are getting out of their security measures will be much lower.

      Delete
    2. It depends on your definition of "appropriate," I think. You've probably heard of companies being sued because their privacy protocols were so not-invested-in as to be considered negligent, and valuable (employee, customer, IP, etc.) information was put at risk.

      Delete
  6. I have had to deal with security in several of my jobs in the past, and I can say with 100% certainty that the greatest risk factor is "stupid user tricks". Regardless of what security is in place, what procedures are used and what physical security is in place, someone is going to be lazy, stupid or malicious and either render your security irrelevant or accidentally or purposely bypass security in the same of "convenience".

    Perhaps the most visible example is Hillary Clinton's infamous email server, which had 10's of thousands of classified documents on it, documents which had to have been downloaded from secure "air gapped" State Department systems and carried out of Level 2 or Level 3 secure facilities and delivered to the server.

    The "hacking" of the DNC server exposing the emails of collusion between the DNC and the Clinton campaign to ensure Bernie Sanders was almost certainly the work of insiders as well, sending the damning emails to Anonymous to be broadcast to the world at large

    In my own work, the potential for damage might not have been quite so great, but people setting up easy to break passwords, downloading sensitive material on USB flash drives and then losing them, or getting laptops stolen out of their unlocked cars was not unusual. "Phishing, "Spear Phishing" and other social media exploits are also common events, but we also occasionally discover people trying to use "social engineering" in face to face encounters to figure out who in the organization is important enough to target, or attempt to discover other possible entry points.

    So even writing things down on paper and sending it by snail mail or armed courier may not be enough, so long as the actual users are not taking proper precautions or following procedures.

    ReplyDelete
  7. Thanks for the insight. I think the trend today is to move critical systems and decisions out of the hands of fallible employees. Automatation and AI.

    The point of this blog was to ask the question: what if the opposite was true, and automation would become less secure than the employees? It might lead to security efforts directly focused on employee behaviour.

    ReplyDelete
  8. The true an swear is "both". Finding or exploiting employees and contractors who havre access to the system allows for entry, and then automated attacks and exploits against the system itself can be launched.

    The attack on the Iranian nuclear program using SUXNET, FLAME and perhaps other as yet undetected cyber attacks needed someone to intentionally or inadvertently bring the malware into the secure site and then download it. If James Bond isn't involved, perhaps a user friendly torrent site has lots of attractive movies and songs, which some employee downloads and brings to work. Who doesn't like listening to their own playlist on a long and relatively routine shift, and playing it through the speakers of your own computer (or using a headset plugged into the computer) makes it less obvious to the boss you are bringing the MP3 player into the level 3 secure faclity, Of course, hidden in the file is something else....A somewhat different vector of attack is poorly designed and mapped networks. Bringing in that extra printer to deal with all the work was a godsend, wasn't it......

    ReplyDelete
    Replies
    1. This reminds me of the fact that even if you impose the most stringent controls over employee behaviour and do thinks such as videotaping them at their desks and checking their bags upon entry and exit... you cannot escape malware pre-installed on the equipment you are already using.

      Basically, you cannot prevent your Microsoft OS from being hacked if it is being sold with a backdoor.

      Things of course would change quite a bit if your human-oriented attacks would be sufficient to bring down any project or extract any data, since quantum computers or pre-built backdoors make the computer-oriented attack of negligible difficulty.

      Delete
  9. As a layman, I can't comment on the technical aspects of this to any great degree. However, it seems that another approach would be what I call: "distributed ignorance," "not putting all your eggs in one basket," or decentralized storage- secure information is compartmentalized in such a manner that even if some information is compromised, not enough is to endanger what is being protected. As applied to the human element: it would be telling no one enough to do much damage, because they really don't know very much...

    ReplyDelete
    Replies
    1. This may be used in a few cases, but there are restrictions to this method. Your data must be easily broken down and reconstituted for it to be broken down this way. You have to make sure that data does not accumulate in one person's hands, so you need some way of tracking which part of the data is where... a 'master table' of the data's location and some way of identifying it creates a massive vulnerability as the attackers can just steal the master table.

      You also need to bring all the data holders together every time you need to use the full data set, such as financial information to prepare a tax report. Every meeting is an attack point, and a massive burden on the company to verify and check the data hasn't been modified or corrupted in the meantime.

      Its a big workload and won't work for most sorts of data. There are a few cases where it would be useful, such as a list of passwords or biometric data where the parts are as useful as the whole, but for the rest, you need other ways to protect it.

      Delete
  10. Of course having all the eggs in once secure basket isn't the best approach either, The White House was hacked by the Russians in 2014 (a real hack, not the imaginary things being floated by the media today), and it was revealed in 2015 the Chinese had hacked the enormous database which houses the personal information of every American who has applied for a security clearance.

    In the case of the Chinese hack, they can now take warfare to a whole new level, applying all the power of the State against individual Americans (blackmail, corrupting their personal data, identity theft, link analysis and a host of other potential avenues of attack, up to physical attacks on individuals, should that be wanted).

    There have been other huge data spills from USG institutions like the IRS inadvertently exposing tax information, and of course private industry has seen the release of credit card information on massive scales as their databases are compromised as well.

    It is difficult to see what the solution actually is, since using huge databases is a competitive advantage in a multitude of settings (for example "Big Data" analysis of large uncharted datasets), big enough that people will actively resist any attempt to limit data collection or fragment their databases, regardless of the security implications

    One other thing to consider is that data by itself isn't important, it is the coalition of multiple pieces of data, the analysis of the information and the understanding of the meanings of the results of the analysis. In the last US election, the Clinton campaign obviously either ignored the results of their data collection and analytics, or were so predisposed to believe their "narrative" they built their campaign around assumptions rather than facts (with the results we all know today).

    Perhaps rather than attempting to lock up data like pirates treasure, discovering effective ways to confound analytics and understanding are the ways to go. Russian "Hybrid Warfare" doctrine makes extensive use of propaganda, deception and filling information channels with "noise" to affect the decision makers and target populations, paralysing their will to take action (or in extreme cases, even fight. Several Ukrainian units in Crimea actually came over to the Russian side, and virtually all military formation in Crimea failed to actively resist the appearance of the "Little Green Men" and their takeover of important infrastructure. Giving Russian Spetsnaz units free reign in your territory is never a smart idea.....

    ReplyDelete
    Replies
    1. Yeah, it does get complicated when governments go against each other with corporate and private security as their battlegrounds.

      In my opinion, insurance companies are security nightmares. Personal, medical and life (financial history, marital stories ect) data are held by people with the incentive to reduce spending on security. The only purpose that data collection serves is to wring out more money from the most vulnerable segments of society while providing a literal goldmine for any interested, unscrupulous party.

      I hadn't known all that about the US election and its relationship with data analysis, bot use and online propaganda. I guess what you see on TV is less than half the story.

      However, I can't visualize how we could confound analysis of simple to read yet possibly damaging data such as someone's medical condition that would get them fired, someone's DNA code with predisposition markers or someone's secret employment that would blow their security clearance...

      Delete
    2. I think one solution might be to attach personal data to the person. As in, you carry around a USB stick that has all the data requested of you or that you need, instead of trusting it to one big vault outside of your reach or control.

      Delete
  11. Thank you, Matter Beam and Thucydides. Perhaps a useful presumption would be:
    in cyberwar/security matters, the attackers have overwhelming firepower and defensive measures would be ineffective/impractical. What will change if most organizations can't keep their secrets safe- David Brin's "Transparent Society'?

    ReplyDelete
    Replies
    1. If a combination of de-encryption and mass surveillance overwhelm any notions of privacy and data security... I think the last line of defense would be to mitigate your vulnerability to your data being used against you.

      For example, mental training to counter ultra-specific and relevant advertisements. Legal protections against people copying your work in the slightest. Police enforcement of stock trading companies not being allowed to act on market information before it has been officially released. That sort of protection-in-plain sight that defeats the information advantage gained by other means.

      Delete
  12. Thanks, Matter Beam. I think these are very rational, sensible, and (in large part) desirable. At the same time, I thought ToughSF concerns itself with solutions which can take place in the real world, and these measures are unlikely to be implemented, because there are too many powerful interests who would lose a great deal if they were. "It's Chinatown, Jake."

    ReplyDelete
    Replies
    1. Actually, ToughSF tries to discuss the best solutions for your setting rather than restricting them to whatever definition of realism others agree upon. In my previous comment, I was entertaining the possibility where loss of data security has created a situation quite dissimilar to the real world.

      You are correct. Today, such measures would not be acceptable as companies can successfully manage their own data security.

      Delete
  13. I've read an article on Bruce Schneier's blog that references an article about a paper that has been published on hardening internet security so that new quantum computers can't hack it.

    It's a work in progress and one theory is to make internet key exchanges quantum safe by a combination of two encryption protocols: randomly generated and ephemeral, which means two step encryption.

    So it seems that the cryptography community is already thinking of ways to secure data against these new technologies should they come into widespread use. I see this as akin to the Atlantic submarine war in WW2: somebody develops a new concept and the other side scrambles to counter it.

    Of course, despite all the new tech, there is still the human element, and focusing on that is the key to writing a good sci-fi book, imo.

    ReplyDelete
    Replies
    1. That's an interesting concept. It sounds like the quantum version of the public key/ private key set-up we currently have.

      My main objection, probably stemming from my lack of detailed insight into how quantum encryption works, is that such a 'quantum key' is a one-use-only device. This is perfect for maintaining security: attempts to read it wipes out the encryption so it cannot be used against you... but what about an attacker with a 'if I can't have it, you can't have it either' mindset?

      They'd just spam attempts to read the encryption, causing it to self-destruct (quantum wave collapse?) every time.

      Delete
    2. I asked a crypto specialist at my job a few days ago, he told me there are crypto algorithms today that are almost certainly quantum-insensible (as in, quantum computers don't give any serious advantage for breaking it), and such algorithms are already beginning to be used.
      He was referencing in particular something called "ideal lattice".

      He estimates that it will take at least 10 (and more probably 20) years before quantum computers are powerful enough to break current encryption, so critical infrastructure, when maintained, will be resistant at that point - that is, excluding the "still on Windows XP" cases we see today. But apart from those vulnerabilities, quantum computers won't change the deal that much.

      Delete
    3. Quantum insensible... sounds like something I should look into!
      You raise an important point though. The advent of quantum computing will be a revolution, and the only way to protect oneself form the negative side-effects is to upgrade to the crypto algorithms you mentioned.

      Upgrading every computer and system will be prohibitively expensive. I strongly suspect new hardware will be required. Some companies would jump ship relatively easily, others would struggle. It would exacerbate the divide between rich companies and their rich governments that can sponsor such a move... and the rest.

      Delete
  14. Hmmm... sounds like a war economy to me. Additional costs imposed by security risks, and enormous sums spent on security. Security-centric society. Interesting. Thank you.

    ReplyDelete
  15. Indeed. I can imagine a scenario like this occurring after one or more 9/11- or Pearl Harbor-type cyber attacks or some things which re-create an early 1950's Cold War/McCarthy era fearful national mood. I could see this fearful national mood forming and strengthening over the next 20-30 years, particularly as large numbers of (largely) young men are made unemployable by increasing automation and AI, worsening climate-change effects create further instability, and a "Smart Trump" comes to power naming enemies and promising great things to those who follow/obey. I really hope I'm totally wrong- it could make for some great writing, but not great living.....

    ReplyDelete
  16. @Law Wong, @Keith Halperin:

    Welcome to the blog!

    I imagined the impetus for such a drastic change would be due to great loss of money due to cyber-attack, causing a confidence crisis in traditional digital security measures. Something like the 2008 crisis, but I hadn't thought to draw parallels with a historical crisis!

    However, as I mentioned in the post, things aren't all bad. Forcing the need for human supervision would provide a healthy counter to job losses caused by increased automation. You'd need a researcher in every laboratory and a financial technician in every regional headquarters because you'd can't just share data between a single team - this would create a multiplied demand for high-skilled jobs.

    As for a future Smart Trump... that's a human constant throughout history. They'll come and go and we'll pick up the pieces.

    ReplyDelete
  17. Governments might just either offer you a "carrot", https://fee.org/articles/creepy-canadian-app-gives-citizens-points-for-making-government-approved-choices/

    but if you read the linked article you'll notice there is a catch:

    "In order to use the app, users are giving Carrot Insights and the federal government permission to “access and collect information from your mobile device, including but not limited to, geo-location data, accelerometer/gyroscope data, your mobile device’s camera, microphone, contacts, calendar and Bluetooth connectivity in order to operate additional functionalities of the Services.”

    How long before Canadians discover all new mobile phones and devices have this pre installed as a prerequisite for being sold in Canada? How long before access to government programs and services is contingent upon the amount of data you provide to the system (including daily logins?). "Engaging in Government Approved Messages" is Orwellian enough.........

    ReplyDelete
    Replies
    1. Once the moral and partisan quandaries are dismissed, implementation has never been an obstacle for governments.

      Delete