|Homepage / Publications & Opinion / Articles, Lectures, Preprints & Reprints (post 2002)
Our sinister silicon insiders
25 June 2010, Peter Cochrane, 360°IT
All CIOs worry about security and spend significant sums trying to protect users, information and infrastructure. At every meeting I attend, it is generally acknowledged that the 'insider threat' represents the most significant risk. But I reckon there is a new insider – and it aint human: it is the hardware and software that make up our networks.
We worry about rogue employees, part-timers, secondees, contractors, suppliers and visitors. We fret about firewalls, working practices, memory sticks, wifi, protocols, Trojans, worms, viruses and hackers. But there is something more sinister and serious right under our nose.
Today’s networks are built from equipment supplied largely out of China. The software comes from India, China and Russia, and it is all purchased and installed (more or less at random) right across the planet.
Consider the end-to-end process of surfing the web, sending an email, making an FTP transfer, a VoIP or video call, a fixed or mobile call, etc. There is a concatenation of optical, wireless, and electronic equipment purchased by individuals, companies, telcos and netcos, ISPs, server farms and more. Hubs, switches, routers and servers of unknown, uncertain or dubious origin now reside in all networks.
Many telcos for example have purchased vast amounts of digital equipment from China. They have also outsourced all software production. In effect, nothing is in their full control any more; they have become spectators in the game of innovation and supply, mere accountants and managers watching others design and build for them.
What about end-user companies and governments? No one knows - the picture is decidedly unclear, but cloned equipment from China is certainly very common. Many US and EU equipment producers also use components and services from other regions. So we have to assume that nothing is guaranteed pure, safe or bona fide.
The key question firms need to ask is whether there are any ‘back doors’ and other points of network weakness we just don’t know about. I think we have to assume there are and act accordingly.
Oh, and just one final thought - where was your mobile, PC, laptop, iPad, etc. built, and where did the software come from?
Peter Cochrane (OBE) is a respected technology business guru and co-founder of Cochrane Associates.
Tags: networks and communications, security, risk and compliance, information management, hacking, insider threats, data theft, organised crime, IT crime, IT security strategy, china, offshoring