From the editor’s desk: Integrate or fail

October 2018 News

The news earlier this month was that Bloomberg Businessweek published a story about Chinese cyber spies (well, with our media it has to be them or the Russians). Apparently, these devious spies had corrupted the supply chain for a company that makes circuit boards in China and inserted a tiny chip on the boards which would allow someone to gain full access to computers and networks.

The accuracy of the story is still not 100% verified, although it is pretty much accepted as accurate. There again, in the current climate of hysterical news opposed by hysterical censorship in the name of propaganda (and not only in America), who can be sure what the facts really are. You can read more at www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies (short link: securitysa.com/*bloom1), as well as comments from some of the companies involved at www.bloomberg.com/news/articles/2018-10-04/the-big-hack-amazon-apple-supermicro-and-beijing-respond (short link: securitysa.com/*bloom2), and a good summary of the whole saga at https://krebsonsecurity.com/2018/10/supply-chain-security-is-the-whole-enchilada-but-whos-willing-to-pay-for-it/ (short link: securitysa.com/*krebs3).

We’re not in a position to know how accurate the report is, but it does highlight a common weakness in security all over the world – silos. It’s standard that when a company or individual tries to secure their people, systems and assets, they concentrate on doing what is in their immediate scope and leave the rest to other people – assuming everyone else does the job properly. And this is where the problem lies.

You can make your little world 100% secure (if it was possible), but as soon as you interact with other people and systems, you have strangers coming onto your premises and data going in and out of your systems to unknowns. In other words, your supply chain.

You can’t control what anyone else in your supply chain does or doesn’t do, but working together to integrate your physical and logical security based on industry standards won’t risk anyone’s intellectual property, but will strengthen the chain from beginning to end. Unfortunately, as one of the authors above notes, this will require time and money (and mostly effort and support from the top), which is why it doesn’t happen.

On another cyber/physical security note, you may remember the Mirai botnet from a few years ago that used IoT devices, including DVRs and surveillance cameras, to form a botnet to launch denial of service attacks on some high-level websites – with great success.

Well, the authors of the botnet have been caught and convicted, but won’t spend any time in jail. Due to their “extraordinary cooperation” with authorities, they get probation and community service, and a fine.

Well, fine. To me it seems like a colossal omnishambles, much the same as we saw here with the Brett Kebble murder. I suppose it’s good to know that such Brobdingnagian blundering is not confined to the South African government. (After last month’s new word I discovered and mentioned in my column, someone suggested I introduce a new word in this column as well; so there it is, Brobdingnagian.)

Andrew Seldon

Editor



Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Leaders in risk and security: As long as there are people, there will be risk
Issue 5 2020, iFacts, Technews Publishing , Editor's Choice
Jenny Reid is a self-made success, focusing on people, the risks they create and the potential they have.

Read more...
Mitigating the human risk
Issue 5 2020, Managed Integrity Evaluation, Technews Publishing, iFacts , CCTV, Surveillance & Remote Monitoring
Hi-Tech Security Solutions asked Jennifer Barkhuizen and Jenny Reid for some information around background screening and vetting of potential new hires.

Read more...
SABRIC annual crime stats 2019
Issue 5 2020 , News
SABRIC, the South African Banking Risk Information Centre, has released its annual crime stats for 2019

Read more...
XProtect available on AWS
Issue 5 2020, Milestone Systems, Technews Publishing , Editor's Choice
Milestone recently announced the availability of XProtect on Amazon Web Services. Hi-Tech Security Solutions asked Keven Marier for more information.

Read more...
Adjusting to a new reality
Issue 5 2020, Technews Publishing , Integrated Solutions
COVID-19 to accelerate adoption of technology-enabled smart city resilience approaches: robotics, digital twins, and autonomous freight.

Read more...
From the editor's desk: We're back!
Issue 5 2020, Technews Publishing , News
Welcome to the fifth issue of 2020. If years were people, 2020 would have been hung, drawn and quartered...

Read more...
XtraVision moves to new premises
Issue 5 2020, XtraVision , News
Hot on the heels of the company changing hands, XtraVision, a distributor of electronic security and fire solutions in Africa and South America, has relocated.

Read more...
20 years of innovation in security and biometrics
Issue 5 2020, Suprema , News
Founded in 2000, Suprema has built a sales network in over 140 countries and has over 1 billion users.

Read more...
Fidelity ADT and Vumacam join forces
Issue 5 2020, Fidelity ADT , News
Fidelity-ADT recently partnered with Vumacam to roll out a surveillance network of cameras across a number of southern suburbs in Johannesburg.

Read more...
Dahua launches ECO Partner Programme
Issue 5 2020, Dahua Technology South Africa , News
Dahua Technology has launched its new technology partner programme, the Dahua ECO Partner Programme.

Read more...