From the editor’s desk: Integrate or fail

October 2018 News & Events

The news earlier this month was that Bloomberg Businessweek published a story about Chinese cyber spies (well, with our media it has to be them or the Russians). Apparently, these devious spies had corrupted the supply chain for a company that makes circuit boards in China and inserted a tiny chip on the boards which would allow someone to gain full access to computers and networks.

The accuracy of the story is still not 100% verified, although it is pretty much accepted as accurate. There again, in the current climate of hysterical news opposed by hysterical censorship in the name of propaganda (and not only in America), who can be sure what the facts really are. You can read more at www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies (short link: securitysa.com/*bloom1), as well as comments from some of the companies involved at www.bloomberg.com/news/articles/2018-10-04/the-big-hack-amazon-apple-supermicro-and-beijing-respond (short link: securitysa.com/*bloom2), and a good summary of the whole saga at https://krebsonsecurity.com/2018/10/supply-chain-security-is-the-whole-enchilada-but-whos-willing-to-pay-for-it/ (short link: securitysa.com/*krebs3).

We’re not in a position to know how accurate the report is, but it does highlight a common weakness in security all over the world – silos. It’s standard that when a company or individual tries to secure their people, systems and assets, they concentrate on doing what is in their immediate scope and leave the rest to other people – assuming everyone else does the job properly. And this is where the problem lies.

You can make your little world 100% secure (if it was possible), but as soon as you interact with other people and systems, you have strangers coming onto your premises and data going in and out of your systems to unknowns. In other words, your supply chain.

You can’t control what anyone else in your supply chain does or doesn’t do, but working together to integrate your physical and logical security based on industry standards won’t risk anyone’s intellectual property, but will strengthen the chain from beginning to end. Unfortunately, as one of the authors above notes, this will require time and money (and mostly effort and support from the top), which is why it doesn’t happen.

On another cyber/physical security note, you may remember the Mirai botnet from a few years ago that used IoT devices, including DVRs and surveillance cameras, to form a botnet to launch denial of service attacks on some high-level websites – with great success.

Well, the authors of the botnet have been caught and convicted, but won’t spend any time in jail. Due to their “extraordinary cooperation” with authorities, they get probation and community service, and a fine.

Well, fine. To me it seems like a colossal omnishambles, much the same as we saw here with the Brett Kebble murder. I suppose it’s good to know that such Brobdingnagian blundering is not confined to the South African government. (After last month’s new word I discovered and mentioned in my column, someone suggested I introduce a new word in this column as well; so there it is, Brobdingnagian.)

Andrew Seldon

Editor



Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Pentagon appointed as Milestone distributor
Elvey Security Technologies News & Events Surveillance
Milestone Systems appointed Pentagon Distribution (an Elvey Group company within the Hudaco Group of Companies) as a distributor. XProtect’s open architecture means no lock-in and the ability to customise the connected video solution that will accomplish the job.

Read more...
SMART and secure estates in Cape Town
Technews Publishing Axis Communications SA Gallagher DeepAlert Nemtek Electric Fencing Products Editor's Choice
In February 2024, SMART Security Solutions emigrated to the Western Cape to host its first SMART Estate Security Conference in the region in many years. For the day, we took over the prestigious D’Aria Wine Estate.

Read more...
Integrated, mobile access control
SA Technologies Entry Pro Technews Publishing Access Control & Identity Management
SMART Security Solutions spoke to SA Technologies to learn more about what is happening in the estate access world and what the company offers the residential estate market.

Read more...
New ransomware using BitLocker to encrypt data
Technews Publishing Information Security Residential Estate (Industry)
Kaspersky has identified ransomware attacks using Microsoft’s BitLocker to attempt encryption of corporate files. It can detect specific Windows versions and enable BitLocker according to those versions.

Read more...
SMART Estate Security returns to KZN
Nemtek Electric Fencing Products Technews Publishing Axis Communications SA OneSpace Editor's Choice News & Events Integrated Solutions IoT & Automation
The second SMART Estate Security Conference of 2024 was held in May in KwaZulu-Natal at the Mount Edgecombe Estate Conference Centre, which is located on the Estate’s pristine golf course.

Read more...
Creating employment through entrepreneurship
Technews Publishing Marathon Consulting Editor's Choice Integrated Solutions Residential Estate (Industry)
Eduardo Takacs’s journey is a testament to bona fide entrepreneurial resilience, making him stand out in a country desperate for resilient businesses in the small and medium enterprise space that can create employment opportunities.

Read more...
From the editor's desk: Just gooi a cable
Technews Publishing News & Events
      Welcome to the 2024 edition of the SMART Estate Security Handbook. We focus on a host of topics, and this year’s issue also has a larger-than-normal Product Showcase section. Perhaps the vendors are ...

Read more...
Secutel wins OSPA Award for Outstanding New Security Product
Secutel Technologies News & Events Access Control & Identity Management
[Sponsored] Secutel Technologies’ NoKey Access Control solution won the Outstanding New Security Product category at the 2024 OSPAs in South Africa. The awards were presented at Securex 2024 where all category finalists were recognised for their contribution to the security industry.

Read more...
ONVIF launches new working groups for cloud, metadata and audio
News & Events Surveillance
ONVIF, the global standardisation initiative for IP-based physical security products, is announcing the formation of three new working groups to tackle standardisation work in cloud connectivity, audio, and advanced metadata.

Read more...
Inaugural Gallagher Security Johannesburg networking roadshow
Gallagher News & Events
Held at Johannesburg’s Foghound Coffee Company in Midrand from 11 to 12 June, security industry professionals gather at the inaugural Gallagher Security Johannesburg Networking Roadshow.

Read more...