This is a ”developing story.” It has the reputation of Bloomberg and its reporters behind it, and the story has been updated to speak to its sources. However, both Apple and Amazon have denied the roles attributed to them. While it originated months ago, the government has been silent. We need to wait for verification from the government. However, we should use the time to think about what to do assuming that the story is verified. What do we do in the face of un-trusted and potentially hostile hardware?
It is time to abandon the password for all but trivial applications. Keep in mind that passwords put the user and the system or application at risk. Steve Jobs and the ubiquitous mobile computer have lowered the cost and improved the convenience of strong authentication enough to overcome all arguments against it.
It is time to abandon the flat network. Secure and trusted communication now trumps ease of any-to-any communication. It is time for end-to-end encryptions for all applications. Think TLS, VPNs, VLANs and physically segmented networks. Software Defined Networks put this within the budget of most enterprises.
It is time to abandon the convenient but dangerously permissive default access control rule of “read/write/execute” in favor of restrictive “read/execute-only” or even better, “Least privilege.” Least privilege is expensive to administer but it is effective. Our current strategy of “ship low-quality early/patch late” is proving to be ineffective and more expensive in maintenance and breaches than we could ever have imagined.
Finally, we must consider abandoning the open and flexible von Neumann Architecture for closed application-only operating environments, something more like iOS or the IBM iSeries with strongly typed objects and APIs, process-to-process isolation, and a trusted computing base (TCB) protected from other processes.
Oh, I almost forgot. We must monitor traffic flows. Automated logging and monitoring of the origin and destination of all traffic moves from ”nice to do” to ”must do.”
These measures are now timely, whatever the facts of the Bloomberg story. While nothing will completely protect one from using hostile hardware, these measures will raise the cost of attack and reduce the risk. We know what to do. We described it generations ago. Do we have the will?