The Crucial Role of Tackling Insider Threats to Your Cybersecurity
-Michael Fowler
In today’s interconnected digital reality, the battle to secure sensitive data and maintain the integrity of computer systems has never been more critical. But while the security spotlight often shines outward toward external hackers and malicious software, there’s another, much closer peril deserving your keen attention: Insider Threats.
Case Study
In 2018, a disgruntled Tesla employee used false usernames to change a vital element of the company’s manufacturing operating code. He also exported gigabytes of sensitive data, including trade secrets, to unknown third parties.
His motive for the attack? Revenge. He had expected a promotion, did not receive it, and decided to use his insider privileges to damage and sabotage the company.
Following the sabotage and data leak, Tesla’s share prices fell by five percent, and a production ramp-up was significantly delayed. (Source: RiskOptics)
The Nature of Insider Threats
An insider threat is usually a trusted individual or privileged user—an employee, vendor, contractor, associate, or business partner—authorized admission into an organization’s IT assets and information. Because of their access and familiarity with an organization’s systems, these users have the potential to exploit vulnerabilities, compromise cybersecurity, and cause significant damage with relative ease.
Insider threats come in various forms, each possessing its own potential to rupture an organization’s information security fabric. They can arise from employees who are dissatisfied and intentionally acting out, as well as from uninformed individuals who are unintentionally careless.
In terms of maintaining a robust cybersecurity posture, the importance of identifying these insider threats and thwarting the damage they can cause cannot be overstated.
The following are the three most common categories of insider threat:
- Malicious Insiders: These are individuals who misuse their internal privileges with malicious intent. Their motives can range from personal gain to revenge, and their actions can result in severe consequences, such as the data breaches and system sabotage that Tesla suffered.
- Negligent Insiders: These insiders may not harbor any ill intentions, but their actions can compromise cybersecurity nevertheless. From falling prey to phishing attacks to unwittingly sharing sensitive information, their slip-ups can pave the way for unauthorized access to sensitive information.
- Compromised Insiders: In these cases, external actors manipulate an insider’s credentials to gain unauthorized entry into the organization’s IT infrastructure. This possibility underscores the importance of monitoring employee behavior and scrutinizing unusual network activities that might indicate a compromised insider.
The Power of Early Identification
The first line of defense in thwarting insider threats is identifying them as early as possible. Detecting insider threats involves closely observing employee behavior, tracking network activity, and recognizing patterns that could indicate an impending breach. Early identification is crucial for several reasons:
- Swift Intervention: By spotting suspicious activity promptly, organizations can intervene and mitigate potential threats before they escalate into full-blown crises. Detecting anomalies in data access, unusual log-in patterns, or uncommon data transfers can help flag potential insider threats.
- Tailored Risk Management: Identifying insider threats early on enables organizations to assess the severity of the situation and allocate resources accordingly. The organization can then take targeted, appropriate security measures as appropriate.
- Escalation Prevention at an Early Stage: Organizations can often eliminate the motivations for malicious actions by addressing the root causes of insider threats. Tackling employee dissatisfaction, enhancing training, and shoring up system vulnerabilities can significantly lower the potential for hostile activity.
Strategies for Preventing Insider Threats
Effective prevention of insider threats requires a multifaceted approach combining technological solutions, well-established policies, and a pervasive culture of security awareness. Here are some preventive methods to consider:
1. Controlled Access and Privilege Management: Limiting access to sensitive data based on an individual’s roles and responsibilities helps minimize the risk of data misuse. Rigorous access controls and regular privilege reviews ensure that employees only have access to the information relevant to their tasks.
2. Security Training and Vigilance: Educating employees about cybersecurity and the perils of insider threats is essential. Regular training sessions enable employees to identify phishing attempts, comprehend secure password practices, and promptly report any suspicious activities.
3. Surveillance and Analytics: Utilize advanced monitoring tools that analyze both employee actions and network activities to reveal anomalies. These tools can generate alerts for potential insider threats and provide valuable insights leading to further investigation.
4. Incident Response Planning: A well-defined incident response plan streamlines the process of addressing suspected insider threats. The plan should delineate protocols for investigating incidents, managing risks, and transparently communicating with stakeholders.
5. Encouraging Open Reporting:
Cultivating an environment where employees feel comfortable reporting unusual activity without fear of reprisal can go a long way. Establish anonymous reporting channels, which encourage open dialogue and timely threat reporting.
6. Continuous Evaluation:
Regularly assessing and refining your organization’s security policies and procedures allows you to adapt to the evolving threat environment. Security audits and risk assessments will help identify potential vulnerabilities and areas needing improvement.
7. Fostering a Culture of Cybersecurity
An impregnable defense against insider threats hinges on fostering a culture steeped in security consciousness across the organization. Elements of an organizational culture of cybersecurity consciousness might include:
Effective prevention of insider threats requires a multifaceted approach combining technological solutions, well-established policies, and a pervasive culture of security awareness. Here are some preventive methods to consider:
1. Controlled Access and Privilege Management: Limiting access to sensitive data based on an individual’s roles and responsibilities helps minimize the risk of data misuse. Rigorous access controls and regular privilege reviews ensure that employees only have access to the information relevant to their tasks.
2. Security Training and Vigilance: Educating employees about cybersecurity and the perils of insider threats is essential. Regular training sessions enable employees to identify phishing attempts, comprehend secure password practices, and promptly report any suspicious activities.
3. Surveillance and Analytics: Utilize advanced monitoring tools that analyze both employee actions and network activities to reveal anomalies. These tools can generate alerts for potential insider threats and provide valuable insights leading to further investigation.
4. Incident Response Planning: A well-defined incident response plan streamlines the process of addressing suspected insider threats. The plan should delineate protocols for investigating incidents, managing risks, and transparently communicating with stakeholders.
5. Encouraging Open Reporting:
Cultivating an environment where employees feel comfortable reporting unusual activity without fear of reprisal can go a long way. Establish anonymous reporting channels, which encourage open dialogue and timely threat reporting.
6. Continuous Evaluation:
Regularly assessing and refining your organization’s security policies and procedures allows you to adapt to the evolving threat environment. Security audits and risk assessments will help identify potential vulnerabilities and areas needing improvement.
7. Fostering a Culture of Cybersecurity
An impregnable defense against insider threats hinges on fostering a culture steeped in security consciousness across the organization. Elements of an organizational culture of cybersecurity consciousness might include:
- Leading by Example;
- Consistent Communication;
- Incentives for Vigilance;
- Cross-Functional Collaboration; and
- Lifelong Learning.
In the cybersecurity arena, insider threats present a formidable challenge. But through a blend of proactive identification, robust prevention strategies, and a steadfast culture of security awareness, organizations can fortify their cybersecurity defenses against both internal and external adversaries. The mission to safeguard our digital domain begins within our own walls.
In the cybersecurity arena, insider threats present a formidable challenge. But through a blend of proactive identification, robust prevention strategies, and a steadfast culture of security awareness, organizations can fortify their cybersecurity defenses against both internal and external adversaries. The mission to safeguard our digital domain begins within our own walls.
The Crucial Role WiFi 6 Can Play in Defending Schools from Cyberattack
—Michael Fowler
The digital age is having a profound effect on the educational experiences of children around the world. In America, K-12 schools increasingly use technology in the classroom to enhance teaching and lesson delivery. And the rise of remote learning has led schools increasingly to rely on IT network infrastructures to support their operations.
Unfortunately, this heightened reliance on technology has also made K-12 schools more susceptible to cyberattacks. To protect schools and other vulnerable targets from these threats, advanced security measures such as WiFi 6 are essential. WiFi 6’s security protocols can efficiently fortify school networks against potential cyberattacks.
The Growing Cyber-Threat Landscape
Cyberattacks targeting educational institutions have become prevalent in recent years. Hackers, motivated by various factors, exploit weaknesses in school networks to gain unauthorized access, steal sensitive data, disrupt operations, or even engage in ransomware attacks. The ramifications of such breaches can be profound, affecting students, teachers, and the entire educational system.
Understanding WiFi 6’s Security Features
WiFi 6 is the latest generation of wireless technology, boasting significant advancements over its predecessors. One of the most critical improvements is in its security protocols, which eliminate the vulnerabilities that existed in earlier standards. The security features that make WiFi 6 such a powerful defensive solution include the following:
- WPA3 Encryption: WiFi 6 incorporates the latest WiFi Protected Access 3 (WPA3) encryption, making it significantly more difficult for attackers to crack passwords and gain unauthorized access.
- Enhanced Authentication: WiFi 6 provides improved authentication methods, reducing the risk of brute-force and dictionary attacks on login credentials. This improvement adds an extra layer of security to protect against unauthorized users attempting to infiltrate a targeted network.
- Target Wake Time (TWT): TWT is a power-saving feature of WiFi 6 that schedules specific times for devices to transmit and receive data. This helps conserve battery life, but it also minimizes the exposure of devices to potential threats when they are not in use.
- Orthogonal Frequency Division Multiple Access (OFDMA): OFDMA improves data-transmission efficiency by dividing channels into smaller sub-channels. This feature also enhances security by reducing interference and making it harder for attackers to intercept data.
Defending Vulnerable Targets
Often operating on limited budgets, schools can be low-hanging fruit for cybercriminals. Their relatively open environments and numerous connected devices create attractive targets, especially because of the wealth of sensitive data—including student records and financial information—they contain. WiFi 6 can significantly improve the cybersecurity posture of these networks and serve as a powerful deterrent against potential attacks by using such features as:
- Real-time Threat Detection: WiFi 6 security protocols enable real-time threat detection and prevention measures, identifying suspicious activities and blocking potential threats before they can wreak havoc on vulnerable networks.
- Scalability and Device Management: As schools embrace technology in various forms, the number of connected devices will increase. WiFi 6 easily handles dense device deployments while maintaining the security of all attached devices.
- Secure Remote Learning: The recent pandemic highlighted the importance of remote learning. WiFi 6 provides a secure platform for distance education, ensuring that sensitive student data remains protected during virtual interactions.
As schools embrace information technology and integrate it into their educational environments, robust cybersecurity measures become ever more critical. WiFi 6’s advanced security protocols provide formidable defenses against cyber threats. By investing in WiFi 6, educational institutions can safeguard their networks, protect sensitive data, and ensure a safe learning environment for their students and staff.
Threat and Risk Assessment is the First Step in Safeguarding Your Network
—Michael Fowler
Sophisticated networks of greedy, malicious cybercriminals are proliferating around the world and across the Internet. They constantly probe corporate and government networks of all sizes, looking for vulnerabilities they can exploit to steal data, identities, and money.
Therefore, your organization must conduct a detailed and comprehensive evaluation of its network and data vulnerabilities. Assigning a team of talented cybersecurity experts to identify potential weaknesses in your systems’ defenses is known as threat and risk assessment (TRA).
What is a Threat and Risk Assessment?
Threat and risk assessment involves identifying, assessing, and correcting potential data and network vulnerabilities before malicious actors can exploit them. By determining potential security weaknesses and taking the appropriate actions to reduce their impact, TRA is critical to managing and preventing the threats presented by cyber criminals.
What is the Process?
Every organization has its own procedures for threat and risk assessment, but the typical approach generally includes the following phases:
- Phase I: Data Collection
In the Data Collection phase, the TRA team will use their unrestricted access to data and information to analyze the organization’s overall security posture and create a threat analysis. The TRA team might use intrusion incidents, detection-system logs, exploitation reports, firewall records, digital forensic analysis, and other information sources to generate their assessment. What are they looking for?
- The identity of attackers and their probable motivations;
- The vectors or exact methods of attempted intrusions;
- Measures that would strengthen the organization’s defenses against future such attacks.
- Phase II: Threat Analysis
In this phase, the TRA team tests the organization’s security tools against the information gathered in the Data Collection phase. They evaluate the probability that an attack would be successful and the consequences if it were. The team assesses the attack’s potential impact on the availability, confidentiality, and integrity of the organization’s data and processes. The types of threats the TRA team examines include:
- Phishing attacks
- Unsecured WiFi exploitation
- Threats presented by removable media (thumb drives, etc.)
- Viruses and malware known to be currently circulating
Because the nature and variety of threats presented by cybercriminals are constantly changing, the Threat Analysis phase of TRA should be repeated on a frequent and regular basis, especially when there are changes or additions to the technological or operational structure of the organization.
- Phase II: Remediation and Acceptance
Once the threat and risk assessment team has identified and reported the organization’s potential vulnerabilities, its executives must determine which vulnerabilities to remediate and which to allow to remain in their current state. Those decisions are usually based upon:
- The expense or difficulty of a remediation;
- The probability of a particular type of attack;
- And the potential of a remediation measure to disrupt the organization’s everyday operations.
Risk Management Involves the Entire Company
Cybersecurity is as much about culture as it is about technology. Many people assume that network security and data protection are the sole responsibility of the IT team. As a result, they make careless mistakes that can increase the odds that their company will be compromised.
Every member of the company has a role to play in TRA and threat reduction:
- The CEO should establish a culture of security, discussing cybersecurity with direct reports and the entire organization. Supporting the IT leaders, taking the results of their threat assessments seriously, and taking the lead in ensuring that staff members follow their recommendations will go a long way toward securing your company from attack.
- The cybersecurity team leads the threat risk assessment, thoroughly analyzing security hazards, studying threat statistics, conducting facility walk-throughs, and collating information and data from multiple sources. Based on these, they will form a comprehensive understanding of the company’s current vulnerabilities and assess its compliance with industry practices and applicable laws.
- The IT team must ensure software patches are up-to-date, perform regular testing and backups, and endeavor to minimize the amount of data stored on the organization’s premises—properly implemented cloud storage is inherently more secure for many reasons.
Threat and risk assessments collect essential cybersecurity information and expose potential weak spots in your organization’s defenses. They also explain the possible consequences of a security breach. Finally, they can help improve an organization’s security practices preventing incidents in the future. While it is impossible to avoid all cybersecurity incidents, risk assessments are vital for protecting any organization.
Take an exclusive look at our press release on Hakeem Thomas!
Winchester, Virginia, June 12th—Hakeem Thomas of Winchester-based Netmaker Communications has been named 2023 Volunteer of the Year by Bloomsburg University of Pennsylvania. Thomas received the honor during a ceremony held on June 2nd.
Among his volunteer activities, Thomas was recognized for mentoring Bloomsburg undergraduates; speaking at student conferences about academic and industry issues; and participating in career boot camps with mock interviews, resume reviews, and social-media advice for students. He was also recognized for arranging internships and helping students secure permanent positions in the cybersecurity industry as well as personally funding certification exams and training courses for over half a dozen Bloomsburg students.
“Receiving this award is a true honor,” Thomas said after the ceremony. “Bloomsburg University means the world to me; without the faculty, staff, and my fellow classmates, I would not be where I am today. So, giving back to the university and helping the next generation of Bloomsburg students is my new mission in life.”
Thomas graduated from Bloomsburg University in 2017 with a dual major in digital forensics (BS) and criminal justice (BA). He is now the lead cybersecurity engineer at Netmaker Communications and has become an acknowledged expert on IT and networking security. He serves on the board of directors for Bloomsburg University alumni association, and his volunteer work for the school continues.
The Federal Bureau of Investigation (FBI) has warned about a significant upsurge in smartphone SIM swapping.
SIM swapping, or SIM hijacking, is nothing new, but the FBI issued the alert because of a massive leap in reported cases.
“SIM” means subscriber identity module; it’s the small, removable chip card used in cell phones. Each SIM card is unique and associated with a mobile account. If you remove the SIM card from one phone and place it in another, the phone number and account data are transferred along with the SIM card.
SIM swapping involves fraudulently transferring a victim’s mobile phone number to a new SIM card controlled by a criminal. The attacker can then intercept sensitive information—such as two-factor authentication codes, text messages, and phone calls—and use it to gain unauthorized access to victims’ accounts, steal their money, or commit identity theft.
Smartphones are critical tools for accessing online services that use text messages to send sign-in codes. So, SIM swapping is a serious problem—if criminals can hijack a SIM, they can access their victim’s email, social media, and bank accounts. And complaints to the FBI’s Internet Crime Complaint Center (IC3) have skyrocketed over the past year.
“Once the SIM is swapped, the victim’s calls, texts, and other data are diverted to the criminal’s device. This access allows criminals to send ‘Forgot Password’ or ‘Account Recovery’ requests to the victim’s email and other online accounts associated with the victim’s mobile telephone number,” the FBI’s IC3 warns.
The attackers typically gather information about a victim through phishing emails, smishing attempts, vishing, or other forms of social engineering (i.e., “tricking” people into cooperating).
Breaches of corporate and governmental databases are another major source of personal information, readily available on the dark web. In other cases, the criminals will simply bribe or extort mobile-carrier employees into assisting them with the transfer.
Using this personal data, the attackers will contact the victim’s mobile-service provider and pretend to be the victim, requesting a SIM card replacement.
Once the transfer is complete, the victim’s phone will lose service, and the attacker will receive all incoming calls and messages, including those containing sensitive information. This can allow the cybercriminal to quickly hijack their victim’s entire online existence.
How Can I Prevent SIM Swapping?
Fortunately, there are steps that you can take to protect against becoming a victim of SIM swapping.
- Watch for phishing emails, smishing attempts, and other methods that attackers use to gain information to help them convince your cellphone carrier that they are you.
- Don’t base your online security and identity authentication solely on your phone number, including text messaging (SMS), which is unencrypted.
- Boost your online accounts’ security with robust and unique passwords and personal-security questions only you can answer.
- Consider using an authentication app like Google Authenticator that provides two-factor authentication tied to your physical device rather than your phone number.
- Monitor your accounts: Regularly monitoring your online accounts for suspicious activity can help you detect and prevent fraud before it causes significant damage.
- Enable the Lock SIM function (or SIM PIN for iPhones) on your cellphone; this will protect you in the event of your SIM card being physically stolen, as well as helping to prevent SIM swapping.
- Set up multi-factor authentication (MFA) with your phone service provider, requiring a specific question-and-answer when contacting their customer-service department.
In addition, the FBI recommends that individuals take the following precautions:
- Do not post information about financial assets, including ownership of cryptocurrency, on social-media websites and forums.
- Do not provide your mobile-number account information over the phone to “representatives” calling and requesting your account password or pin. Verify the call by dialing your mobile carrier’s customer-service line.
- Do not store passwords, usernames, or other information on mobile-device applications.
- Avoid posting personal information online, including mobile phone numbers, addresses, or other personally identifying information.
What Should I Do If I Think My SIM Card Has Been Hijacked?
- If you suspect your SIM card has been hijacked, immediately contact your mobile service provider to report the incident and request a new SIM card.
- Report the incident to the FBI’s Internet Crime Complaint Center.
SIM-swapping fraud is a serious threat that can have severe consequences for its victims. By taking steps such as using strong passwords, enabling secure multi-factor authentication, monitoring your accounts, and being wary of phishing and smishing, and vishing attempts, you can reduce your risk of falling victim to this particularly insidious type of cybercrime.
If you have any questions about the perils of SIM hijacking, feel free to contact us here at Netmaker Communications; we’ll be happy to discuss them with you.
Email Phishing Is So Dangerous Because It Targets the Mind Instead of The Machine
During the past several months, the world has witnessed a spike in email-phishing occurrences—cyber-attacks designed to exploit vulnerabilities naturally inherent in human psychology.
Hackers began using the term phishing in the mid-nineties to describe a kind of “email angling”—sending out masses of email “hooks” in the hopes that a few gullible or vulnerable “fish” would take the bait. Those fish, of course, were people sitting at their desks, going through their in-boxes. These were attacks not against information technology, but against the natural tendencies of the human mind.
The stakes in “phishing” have only gotten higher over the years, and the threat has only gotten worse.
Email phishing is so difficult to combat because it relies on deception and on the natural human tendency to trust by default. While your hardware and software systems can be secured with multiple layers of electronic and algorithmic defenses, the human element—that is, the primary element—of your organization remains vulnerable to deception and manipulation unless very carefully trained and forewarned.
What does it look like to be Phished?
Email phishing attacks are designed to look like an authentic communication from a trusted source. A phishing attempt might appear to come from a bank, a shopping site, a trusted friend, or even a company looking to hire you.
The phishing attack will not directly you ask for sensitive personal information; instead, you’ll be asked to you click a link to “Verify Identity,” “Confirm a Purchase,” or something similar.
If you click the link, a number of things can occur, none of them good:
- You might be taken to an illegitimate, or “spoofed,” website, designed to look and feel just like the site you think you’re visiting. The idea is to make you feel safe entering any personal data the hackers are looking for;
- Clicking the link could also cause keystroke loggers or other information-stealing malware surreptitiously to be downloaded onto your device.
How Can I Avoid Being Phished?
One advantage the rest of us have is that phishing hackers often make some fairly sloppy mistakes in their hurried attempts to cast as many hooks as possible into their sea of potential victims. Keep an eye out for the following sorts of potential danger signs to avoid taking the bait:
- Obvious spelling or grammatical errors, indicating that the author of the email is poorly educated or is a non-English speaker.
- Noticeable inaccuracies in the design or colors of corporate logos, demonstrating that this email is not from the claimed organization.
- Unexpected package-delivery notifications—whether you’re expecting a package or not, no reputable delivery company will send you an email asking you to “Click Here” to verify your identification or address.
- Misspelled email addresses in the “from” fields are an easy-to-miss but obvious indication that something is not right about this email.
In general, and probably most important, is that you do not click any hyperlink within an email message. Legitimate sources are aware of the dangers that phishing represents and will provide you with alternative means of contacting them.
Netmaker Communications, LLC, is a widely-acknowledged expert on cybersecurity, and this blog will explore the topic of phishing in greater detail over the coming months.
In the meantime, feel free to contact us, and we’ll be happy to talk to you about Phishing and a variety of other dangerous online sports being played at the public’s expense.
The Internet of Things began humbly enough when a scientist connected a toaster to the internet back in 1990. The term was coined in 1999 to describe this process of physical objects being connected to the internet.
24 years on, IoT devices are rapidly becoming pervasive in our society. From Amazon Alexa to smart lightbulbs and thermostats, almost any object can be equipped with sensors and wireless networking to create a presence in a rapidly developing environment of mass data collection. Appliances, home-entertainment systems, cameras, and even the emerging “smart cities” are becoming accepted facets of everyday life.
As 2023 begins, IoT is poised to become an increasingly important element in economic activity across all sectors. A look forward at a few of these rapidly developing advances can help your business prepare for this new technological environment.
Digital Twins for Real-Time Management and Scenario Analysis
A digital twin is a virtual replica of a physical item, system, or environment. The data derived from IoT sensors allows for the creation of a very close digital duplicate of the associated physical object, whether it’s a piece of machinery, a retail space, a factory, or even an entire city.
This near-perfect emulation of the digital twin allows managers to run multiple simulations of various possible events and arrangements within the physical asset, enabling them to experiment with new organizational approaches or rehearse their responses to potential problems at virtually no cost. This ability to conduct repeated, virtual experimentation allows for the detection of potential problems early on and speeds the improvement of productivity and efficiency through process reengineering, all without having to interfere with the physical assets themselves.
The Internet of Medical Things (IoMT) Transforming Health-Care Delivery
In a continuation of a trend that first saw wide adoption during the COVID-19 pandemic, wearable IoMT devices and systems allow for ongoing telemetric monitoring of patients’ vital health statistics, allowing health-care professionals to detect a potential crisis much sooner. Among the most dramatic of these new IoMT applications is a wearable, continuously monitoring defibrillator.
The effectiveness of telehealth services can also be dramatically increased as IoMT systems allow the consulting physician to access real-time measurements of blood pressure, insulin levels, or virtually any other area of concern.
Edge Computing for Efficient IoT Performance
A typical IoT system works by continuously sending, receiving, and analyzing data in a feedback loop in near-real time. Placing computing services closer to the IoT sensors allows for faster, more reliable IoT performance by reducing latency of communication. Edge computing refers to this proximate location of processing and storage resources for an IoT system.
One close-to-home IoT/edge system can be found right in your kitchen, where Microsoft has announced a new refrigerator—elaborately outfitted with IoT devices and edge-computing processors—that will maintain a running inventory of the grocery items you normally keep, learn to recognize new types of objects, and inform you when stocks are running low. Reordering is a simple voice-command away for the hungry human, and an IoT-enabled drone might even deliver the groceries.
Of course, Alexa is always listening, responding to your commands to lower the temperature, turn up the lights—in fact, if you let her, Alexa will record every sound within your house; IoT/edge functionality provides you with an incredible, time-saving assistant, but she has a perfect memory and an unknown audience, whose interest in your personal affairs is completely unknown to you.
But as the security of IOT continues to improve and the advantages of this technology become more obvious, larger numbers of people will first accept and then demand participation in the new IoT environment.
Netmaker Communications is a widely acknowledged expert on the Internet of Things—its possibilities as well as its perils. So, if you have any questions about IoT, give us a call and we’ll be happy to talk to you about it.
Winchester, VA – September 9, 2019: This last week the Department of Defense (DoD) awarded a multi-billion-dollar award to General Dynamics Information Technology (GDIT) for what is coined as the Defense Enterprise Office Solutions (DEOS) contract. The scope of this contract is to deliver an office suite of applications and services to support DoD users such as email, collaboration tools and productivity software. Modelled around the Microsoft Office 365 experience, the DoD has been in pursuit of a cloud-based solution for several years now, beginning with then DoD Chief Information Officer (CIO) Mr. Terry Halverson. One of the biggest challenges the DoD has when wanting to consume commercial technology is providing the underlying network needed to support such technology. Why is that you ask?
The DoD unclassified network established well over ten (10) years ago is based on a now outdated IPv4 infrastructure that is largely operating on static IP address assignments and routing tables. Domain Name Service (DNS) has historically been used for interfacing with the Commercial Internet, but not used internally for managing dynamic routing decisions. To add to the complexity is the DoD’s lack of inherent trust between their internal agencies, components and combatant commands. The DoD does not work with “one” flat enterprise network like one would expect, but rather an internet of networks peered together through a multitude of firewalls and other security appliances. So, as you might imagine, getting anything to communicate end-to-end and between network enclaves is very challenging and often is met with failure. Cap that off with the fact that the DoD is still running an outdated “client-server” framework for their applications, deploying thick clients on their fielded workstations and laptops, and what we find is a network not ready for today’s trend in consuming commercial cloud like services.
So here comes the current DoD CIO, Mr. Dana Deasy, who is pushing the DoD toward Commercial Cloud type services. We have seen plenty of press surrounding the Joint Enterprise Defense Infrastructure (JEDI) acquisition which is to provide general purpose cloud hosting services., and now with DEOS awarded, it would appear the DoD has put the cart before the horse. There is no evidence that Commercial Cloud type services and technologies will work over a DoD network. Most commercial based technologies designed for datacenter hosting are designed to work over the public internet, which is an open trust network leveraging DNS primarily for making routing decisions and pointing web-based clients to hosted servers. Many commercial cloud hosted services depend on open source browsers such as Google Chrome as their consumer graphical user interface. Even Microsoft with their introduction of Edge is abandoning their legacy proprietary browsers for more open solutions.
With the optics on saving money and improving operational efficiencies, I can appreciate the DoD’s desire to take advantage of the commercial trends being exercised by Fortune 500 companies around the world, as well as some of our State sponsored competitors out there looking to compromise our national security interests; but until the current Defense Information Systems Network (DISN) is upgraded and the overall DoD Information Network (DODIN) flattened to eliminate the multitude of firewalls and private network instantiations that make up the DoD enterprise today, the potential of Commercial Cloud services being successfully deployed over the DODIN will never be realized.
Winchester, VA: March 16, 2019 — According to YouMail Robocall Index, nearly 48 Billion Robocalls Made in 2018. This annoyance to both consumer and commercial users of the new IP enabled Public Switch Telephone Network (PSTN) is only going to get worse as bot technology gets more integrated with Voice over IP (VoIP) networks. Fortunately, under the leadership of both the SIP Forum and the United States Federal Communications Commission (FCC), there are the beginnings of a means of combatting these nuisance calls. This new technology is known as Secure Telephony Identity Revisited (STIR) and Secure Handling of Asserted information using toKENs (SHAKEN).
STIR/SHAKEN uses public key cryptography (PKI) digital certificates to authenticate callers on the VoIP enabled PSTN. How this will ultimately be deployed on commercial networks is still being worked through by both the FCC and United States based telecommunications companies like AT&T and Comcast. In simple terms, each customer of a telephone network would be issued a “digital certificate” that would be installed on their end station device (i.e. mobile phone, IP-PBX, etc.) and calls oringated by that device would undergo an authentication challenge from a trusted digital certificate authentication authority. If your call attempt is coming from an authenticated end device, the distant end device being called would be informed that the call coming in is from an authenticated user. This would reduce the number of “spoofed” numbers being flooded over the VoIP PSTN today by a significant margin.
So how is number spoofing even possible? The answer lies in the foundation of current “defacto” standard for VoIP…Session Initiation Protocol (SIP). While the legacy telephone network depended on the ten-digit telephone number to locate a caller’s location, and which telephone switch they were associated with, SIP only use these legacy ten-digit numbers for the human interface convenience supporting a generation of users that don’t like change. Call routing is actually accomplished much like email traffic. Each user is provided a SIP identifier, which looks a lot like an email address (i.e. [email protected]). SIP calls are processed when a caller sends an “INVITE” to a distant end, and that distant end “answers” resulting in a media session being established between the two endpoints. To accommodate conservative consumers who don’t like change, their identifier could look like [email protected]. This allows ten digit numbers to be dialed to initiate a call instead of entering an “email” like address for originating a call. As you can see, anyone can spoof a ten-digit number as it can be associated with any number of domains (i.e. [email protected], [email protected], [email protected], etc.).
The current method many pop-up vendors are selling for addressing robocalls is by blocking ten-digit telephone numbers from “known” numbers associated with robo-callers. Considering software can be written to generate telephone numbers by the thousands in seconds and get these sent out over the internet tied to a variety of domains, no binary blocking technique will ever keep-up. You might as well be bailing out a canoe with a toothpick!
With the introduction of digital signatures, callers will now have to be verified using a well proven encryption methodology that is kept trusted by a certificate authority. Certificates can only be issued by this authority, and they cannot be “spoofed”. I’m happy to see the telecommunications industry embracing this exciting new technology and operationalizing it into their products and public/private telecommunications networks.