The FBI’s Unrealistic Dreams For Network Security

When Shawn Henry, FBI executive assistant director, suggested during a conference in Baltimore that a second, secure Internet be created to protect critical infrastructure against increasingly sophisticated attacks, he made a good point. A separate secure network could help reduce serious attacks. However, he’s wrong when he suggests that this might somehow insulate this infrastructure from attacks. All it means is they will come from a different direction.

Henry’s plan is just impossible

There are several holes in Henry’s plan. First of all, to create a secure network you can only allow secure organisations to connect to it. But Henry wants this network to be used by power plants, banks, and other companies and organisations where an attack could seriously damage the national interest. This might be a good idea, but you would have to keep the power plants and banks from using it.

The big problem in creating such a secure version of the Internet is that it’s open to organisations that have no security capability of their own in the case of power plants or no effective network security in the case of banks.

Right now, power stations hire people who are supposed to be very good at running power plants. There isn’t and never has been any significant effort to implement the necessary security infrastructure and required practices and training used by (for example) the FBI.

This means that you’d have workers with no security clearance, no background check that relates to data security and no training in security with access to the supposedly secure network. How long do you think it might be before someone who works for a power company decides to fiddle with the secure network? Maybe a week?

Financial institutions are supposed to have at least some level of security, but do they really? Let’s see if we can count the number of data breaches that have happened to such institutions in the last 10 years or even in just the past 12 months. Can’t count that high? Neither can I.

The problem with creating a secure network such as the one Henry envisions is that every part of it needs to be secure. It doesn’t help if the network itself is secure if the institutions attached to it are insecure. Even if these institutions are extremely careful, a leak is bound to happen, probably sooner rather than later.

Henry’s other suggestion at the conference was that sensitive systems be taken completely off the Internet. This is the approach used by the Iranian government to protect the computers that controlled its uranium centrifuges. There was absolutely no connection between the computers that controlled the machines and the outside world. But then came Stuxnet. Someone should ask the Iranians how well that separation worked for them.

A stray USB can ruin the strongest network security

The fact is that separating the network will not provide security. The most it will provide is the illusion of security, which is a lot worse.  But after a little while people will get complacent, catastrophe will strike, the network will fall prey to the very people it’s supposed to protect against, and no one will be ready. After all, the network is secure, so why worry?

The same was true with the Iranian centrifuges. They were not connected to any external network. But when an employee found a USB memory stick in a men’s room and plugged it in to see what was on it, Iran lost its nuclear program. Security, it would seem, is fleeting.

Worse, the illusion of security is a trap. By making it seem as if the network or the computer is really secure, the operators or the users will drift away from good security practices and eventually they will plug in that fateful USB memory stick.

While a secure internet does have some advantages, the bottom line is that it’s only secure as long as all of it is secure. Several federal agencies already know this and are using a highly secure network that allows them to share data. These agencies are usually known by their initials, and every part of them is highly secure. This is why you don’t hear about data breaches at the NSA or the NRO. Every part of that network and every person who uses it is secure and cleared for access. They have full background checks. And everyone watches everything they do.

Such a massive security effort on a national, let alone a global scale isn’t just impractical, it’s probably impossible. Until the time comes when the banks and power companies are run by the intelligence agencies, such a thing will never happen. In some ways it’s probably better to live in the wilds of the Internet, know you’re in the wilds, and to take precautions and use great vigilance. If you design your systems right, you can minimise damage and slow down attacks.

Henry is correct that attacks against critical infrastructure will become more frequent and the risks are high. But the problem with creating an allegedly secure network is that it won’t be as secure as its users think, but in the meantime the attackers will develop better weapons. Ultimately, the real choice is to realise that the world is dangerous and to train accordingly, take precautions and find ways to minimise damage. To pretend otherwise is to ask for catastrophe.