Ironically, the first thing I learned when I started in the network industry was the principle of not connecting things to a network if you didn’t need to. It imagines a class of computer whose function, or the information on it, is sufficiently valuable that its loss cannot be tolerated.
With typical geekiness, the concept of keeping some computers physically separated from the network has been described in great detail, analysed and even given a name. The air gap firewall.
Leaving aside the decision to record such sensitive and valuable information on a computer in the first place, and the remaining difficulties of securing even a physically isolated computer, the value of the air gap firewall has become apparent many times over my career. We forget the principle at our peril.
Better improving DDoS prevention
In 2001, for example, a UK teenager launched a distributed denial of service (DDoS) attack aimed at someone who had annoyed him online. The attack had a knock-on effect on the servers and systems of the Port of Houston, Texas, preventing pilots and other shipping users accessing critical navigation data. The prosecutor later said that the attack “could have had catastrophic repercussions for those reliant on the computer in the Port of Houston.”
Distributed Denial of Service (DDoS) attacks are particularly interesting in this regard. They have the ability to damage a system without breaching defences. The Port of Houston incident was the first to remind us that we are growing increasingly reliant on access to computer systems for all aspects of our lives and simply denying us this access can put our careers, relationships and even our lives at risk.
When I heard of this incident, I asked myself the question “Who was in charge of the network at the Port of Houston who had decided to connect the critical control and command servers to the public Internet?” They seemed to me to be more culpable than the teenager in the dock. The Port of Houston would have benefited greatly from investing in the simplest of security measures – an air gap firewall.
However this warning of what happens when you connect critical systems to the Internet is clearly not enough for industries now obsessed by connecting everything together as cheaply as possible.
In 2015, security researchers Charlie Miller and Chris Valasek, demonstrated the ability to take control of a car remotely whilst it was being driven. They had managed this by exploiting flaws in the car’s electronic entertainment system. This system is connected to a mobile phone network, and also happens to be connected to the critical command network in the car.
I cannot afford to lose control of the car I am driving and thus I am incensed by the decision by car manufacturers to connect the critical systems in cars to an outside network. If we ignore the value of the air gap in modern network design then we are not learning from the mistakes of the past and it is really us asleep at the wheel.