Friday, April 24, 2009

Nothing on line is secure

First came the Wall St Journal story about enemy hackers planting "take-over-this-computer" code in critical machines running the electric power grid. If it works, the enemy will be able to turn out the lights in America come war time. Then comes a second Journal story, about vast amounts of data on the F22 fighter plane stolen by somebody.
The F22 story has a few loose ends. The Journal didn't say whether the data was classified or not. Loss of classified data is much more serious, because classifed data is never kept on a machine connected to the public internet. Loss of classified means either someone violated security procedures, or the enemy has learned how to invade secure networks.
The take away from these two stories, is simple. Data on corporate networks is easily taken by anyone. Think about acquiring your competitor's designs, drawings, test procedures, customer lists, payroll, build costs, in short every bit of intellectual property he has. Think about your competitor doing the same thing to you. How long can you compete in the market if all your plans are public knowledge?
The fix is simple. Don't put important stuff on the corporate network. Your corporate computers all run Windows, the most vulnerable operating system known to man. The network linking them together is all run by Windows. Windows can be cracked by highschool kids.
Corporate networks tied to the public internet closely enough for email to work, are vulnerable and despite corporate IT's best efforts, the hackers can get in. The only solution is to keep important data OFF the network.
Let the hackers wade thru zillions of chitchat emails. That will keep 'em busy. Don't feed them red meat.

No comments: