There have been so many hacks of the Federal government these days that it is obvious they have not learned the first lesson of computer security, "You must prevent what you can't detect."
This was a basic rule when I was growing up, which for most of my readers, was a long time ago. Age has some advantages, and in this case, remembering the rules from long ago can sometimes be a benefit.
The hacking method used to get in is almost exclusively phishing attacks using RATS. Long ago (in 2000), RATS were called Remote Access Trojans and I have difficulty getting that term out of my head. Now, they are called Remote Administration Tools, a term meaning what it says. Hackers get remote access, at an Administrator level, to any machine they can get to with this tool. The method of getting to them is the phishing attack. Send them something they want, with the RAT embedded in it, and let the user open the document or graphic. We all do this every day. Hackers do their end every day too.
Why haven't we been able to stop this phishing- RATS method of attack? Because we forgot the first rule of computer security. We must prevent what we can't detect.
We can get better detection. The joke with Einstein was it was detecting known threats. Anti-virus tools can do that, and they don't cost nearly as much. That wasn't what it was supposed to do when DHS spent millions to develop it. If it can't detect the threat, find something that will, and stop spending so much on solutions that can't. There are filtering solutions that will detect embedded code or open attachments before they ever enter the network. It costs money and they have to give up some pet projects to make it work. Doing the same things over and over will not improve the outcome.
We can stop attachments to e-mail, however painful it might be. Still, it is an option that is too late for most people with security clearances or who pay their taxes.
We can get sensitive applications off the Internet. We spend millions to have networks that are separate from the Internet yet aren't secure, so we hold those up as examples of why we shouldn't spend money on separate systems. But we don't stop spending money on those systems either. There is no logic to this. Government systems shouldn't be on the Internet. Only the Chinese and Russians think it is a good idea for us to have every sensitive application we have doing business on the Internet. The Internet isn't safe enough for that to be done, and our Federal government has proven over and over that it can't protect data it uses there.
No comments:
Post a Comment