From the editor’s desk: Integrate or fail

October 2018 News

The news earlier this month was that Bloomberg Businessweek published a story about Chinese cyber spies (well, with our media it has to be them or the Russians). Apparently, these devious spies had corrupted the supply chain for a company that makes circuit boards in China and inserted a tiny chip on the boards which would allow someone to gain full access to computers and networks.

The accuracy of the story is still not 100% verified, although it is pretty much accepted as accurate. There again, in the current climate of hysterical news opposed by hysterical censorship in the name of propaganda (and not only in America), who can be sure what the facts really are. You can read more at www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies (short link: securitysa.com/*bloom1), as well as comments from some of the companies involved at www.bloomberg.com/news/articles/2018-10-04/the-big-hack-amazon-apple-supermicro-and-beijing-respond (short link: securitysa.com/*bloom2), and a good summary of the whole saga at https://krebsonsecurity.com/2018/10/supply-chain-security-is-the-whole-enchilada-but-whos-willing-to-pay-for-it/ (short link: securitysa.com/*krebs3).

We’re not in a position to know how accurate the report is, but it does highlight a common weakness in security all over the world – silos. It’s standard that when a company or individual tries to secure their people, systems and assets, they concentrate on doing what is in their immediate scope and leave the rest to other people – assuming everyone else does the job properly. And this is where the problem lies.

You can make your little world 100% secure (if it was possible), but as soon as you interact with other people and systems, you have strangers coming onto your premises and data going in and out of your systems to unknowns. In other words, your supply chain.

You can’t control what anyone else in your supply chain does or doesn’t do, but working together to integrate your physical and logical security based on industry standards won’t risk anyone’s intellectual property, but will strengthen the chain from beginning to end. Unfortunately, as one of the authors above notes, this will require time and money (and mostly effort and support from the top), which is why it doesn’t happen.

On another cyber/physical security note, you may remember the Mirai botnet from a few years ago that used IoT devices, including DVRs and surveillance cameras, to form a botnet to launch denial of service attacks on some high-level websites – with great success.

Well, the authors of the botnet have been caught and convicted, but won’t spend any time in jail. Due to their “extraordinary cooperation” with authorities, they get probation and community service, and a fine.

Well, fine. To me it seems like a colossal omnishambles, much the same as we saw here with the Brett Kebble murder. I suppose it’s good to know that such Brobdingnagian blundering is not confined to the South African government. (After last month’s new word I discovered and mentioned in my column, someone suggested I introduce a new word in this column as well; so there it is, Brobdingnagian.)

Andrew Seldon

Editor


Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

TAPA: The role of an effective treasury function in business risk management
June 2019, Technews Publishing , News
Neil Le Roux, the Founder of Diligent Advisors will speak at the TAPA SA (Transported Asset Protection Association) annual conference on 26 July 2019.

Read more...
iLegal 2019: Enhancing and empowering your control rooms
July 2019, Technews Publishing , News, Conferences & Events
iLegal 2019 will be held on 12 September 2019 at The Rosebank Crowne Plaza in Johannesburg. iLegal is the surveillance industry’s premier one-day conference hosted jointly by Hi-Tech Security Solutions and Dr Craig Donald.

Read more...
Residential Estate Security Conference 2019: Managing for efficiency
July 2019, Technews Publishing , News, Conferences & Events
The Residential Estate Security Conference 2019 will be held on 20 August 2019, once again at the Indaba Hotel in Fourways, Johannesburg.

Read more...
Spending to save
August 2019, Technews Publishing , News
As residential estates and complexes grow like weeds across South Africa, often promoting themselves as more secure than a stand-alone house, many are finding that close proximity to a neighbour or a ...

Read more...
Risk assessment or product placement?
August 2019, Technews Publishing, Alwinco, SMC - Security Management Consultants , Editor's Choice, Security Services & Risk Management, Residential Estate (Industry)
Hi-tech security solutions asked a couple of experts to provide estate managers and security managers with some insights into what a ‘real’ risk assessment includes.

Read more...
Renewable energy for estates and homes
August 2019, Drensky Technologies, Technews Publishing, Specialised Battery Systems , Security Services & Risk Management
While individual homeowners might choose to install solar photovoltaic (PV) systems for when there’s load shedding or a power failure, for an entire estate to harness its energy requirements from solar, and particularly their crucial security systems, would require that a large area of the property be dedicated to solar panels.

Read more...
From the editor's desk: The difference between potential and skills
August 2019, Technews Publishing , News
This issue of Hi-Tech Security Solutions includes our annual Local Manufacturing feature and it’s great to know that local security manufacturers are still going strong, even if the general manufacturing ...

Read more...
A customised solution for backup power
August 2019, Specialised Battery Systems , News, Integrated Solutions
Specialised Battery Systems designed and implemented a bespoke solution for Stallion Security Electronics to deploy at almost any site.

Read more...
Addressing risks in the healthcare sector
August 2019, Secnovate, Technews Publishing, ZKTeco , Healthcare (Industry), Security Services & Risk Management
The healthcare sector poses unique challenges and risks. Hospitals, for example, need to have a more-or-less ‘open door’ policy when it comes to people entering the premises and the main reception area.

Read more...
Patient critical – healthcare’s cybersecurity pulse
August 2019, Wolfpack Information Risk , News, Cyber Security, Healthcare (Industry)
The healthcare industry has become one of the leading cybersecurity attack vectors worldwide for several reasons.

Read more...