Thursday, June 23, 2011

Third world networkers view of the internet, security and war

So i'm on 'fire' today. Just got from a lengthy workshop where some security questions were raised. Back at my desk, I couldn't wipe security off my head. I had to commit something to paper this blog, just so I can read it in the future and reflect on this moment.

So what does the internet have to do with drugs,food,sex,water,a roof over my head? Well to put it simply; I just can't do without it. It's become a basic need. Infact I posit that any country above third world would hyperventilate and die immediately if the 'internet' were to go off. Internet here being relative. I am so sure there would be social unrest in Kenya if facebook, google and twitter were suddenly unreachable.

We'd have mass walkouts. The impact of those outages would be felt more on the Kenyan streets than on wall street. We are so dependent on the internet in everything we do, it's just unthinkable to imagine a life without it. Sort of like asking me what life was like without without a cellphone - I have absolutely no idea.

The wizardly that goes on to make this work would make gandalf wince. There must be another set of wizards working in the heads of people trusting their key data to some of these networks. If an airline for instance hosts their reservation system with a cloud solution provider without an audit, or some very detailed due dilligence, they deserve whats coming to them at some point in the future.

The internet is an asset. Soon we'll be controlling our homes, security, spouses over the 'net'. We use it to control infrastructure, we network our armies with it, our financial institutions, governments; everyone. Now we're willing to throw sensitive data to a 'cloud'. Im telling you this just couldn't be made up.

If Ugandan's encroach,camp and fish at Migingo, everybody yells and accuses the government of laxity for not going to our borders defence. What if a Kenyan hacks into the Ugandan central bank? is that an act of war or just a crime?  Imagine if a tanzanian obfusicated an attack on a kenyan network, a major attack like on KPLC's main power facilities took it down but made it look like a Ugandan? think thats hard? start the thought process over again. Now would that be an act of war? against who?

We have Lulz and Anonymous wrecking havoc on very key facilities/sites world wide. Imagine what would happen if they set their sights on us. RSA was compromised, HID (Do you have any idea how many users/organizations use HID, if you have a key card, just have a look at the back, 90% are from HID) has been exposed, how many Kenyan companies use them without even knowing of these exploits.

Security is hard, rarely userfriendly, annoying and often ignored. This stuff is real, I could make it up but my imagination can't scale. Plus to some extent the internet scares me. I for instance only know how much I'm worth through some electronic data; bits, ones and zeroes, what if my bank lost it? where do they even keep it?, Imagine if we all went to ATM's later today and can't withdraw money, or clear cheques? How would we treat our girlfriends?

It could be anywhere this threat I perceive. Users for example can be total idiots me included. Perimeter security is totally impotent in the face of a failure of endpoint security – if your attacker is indistinguishable from a legitimate user  maybe because they have access or compromised the real user’s computer and can impersonate them digitally), your goose is cooked.

There is no amount of education or training or cajoling that can defeat a well-executed con (e-mail from a trusted coworker containing an Office attachment, drive-by malware hosted on a major website or ad network, etc.).  Your users have to have access to the network, so in this case the key to the gates of heaven, is also the key to the gates of hell. go figure.

What we need  are solid systems operating securely and reliably. Crippling cyber attacks can be directed at economic,transport, military,key infrastructure. Protect them, don't connect them to the internet, if you must, ensure you have a solid plan for security.

Trust me, worry or don't worry - anyone can be taken out....literary

No comments:

Post a Comment