In 2004 (Feb 14, The Buzz) ABC’s Radio National broadcast an interesting interview with an American post graduate student whose research work caused major security concerns, so much so that Richard Clarke, former White House cyberterrorism chief, declared that it should be burnt!
What did the student do to create such antagonism at security levels?
Critical Infrastructure Database
His thesis was on critical infrastructure in the United States, with a focus on information infrastructure. As part of his work in analysing the infrastructure and its vulnerabilities as preparation for determining a set of tools to deal with the vulnerabilities, the student put together an integrated database. The dataset consisted of a large collection of geo-spatial data on where the fibre optic lines were in the country, both long-haul lines that connect cities up, the metropolitan area networks within cities, switching centres and data warehouses that house and direct traffic on the network. The data carried on theses lines included a wide variety of critical sectors in the US economy and global economy including financial transactions, military command and control, emergency response, telephone calls, government communications. “Pretty much everything runs over fibre except for satellite transmissions” he said.
He worked quietly away at his research for a number of years – and by the way all of the data in his database was gathered from the public domain! – until the Washington Post wrote an article about his work, and then things started to get a little heated. Top security people then spoke with his university and wanted to know what security precautions were being taken with the database. The University asked government agencies what security precautions would be taken within their domain and then tried to replicate as best as they could within the university.
Safeguarding the Database.
This is what they did: The graduate explained “The computers that the data is housed on are not connected to any network and are in a secure room behind cipher locks. We have a vault that we take the removeable hard drives to and put them in there for storage.. and things along those lines.”
Integration
What I found interesting about this story is that as long as the data was available in a distributed form, on individual websites all over the country, there was no great hue and cry. Admittedly the student started his research in 1996, which pre-dated Sep 11.
However, the general lesson remains – integrated databases are more valuable because they allow us to do things that distributed databases don’t. In the student’s case it made it possible to analyse national vulnerabilities.
Within the security community one of the approaches is Reliance on Security Through Obscurity, and is often regarded as a security weakness, since anyone sufficiently motivated can work out the secrets. For example, most physical padlocks are trivial to pick open without the key, manufactures rely on people not bothering to learn how to do it. Security by Design, or Open Security approaches rely on the design being good, and the ‘key’ being the only secret. In the case of locks, the design is assumed to be known by thieves, but so good that the key must be had to open the lock.
An example of where Security by Obscurity has been improved is in the utilities industries – there used to be many interconnections between the supervisory systems, and public communications networks to facilitate maintenance and administration. These connections were obscure, but trivial to hack. There is now underlying design to protect these communication paths from intruders, and processes to ensure new infrastructure is secure from the start.