The RedSeal Conversation


May 18, 2015 · 12:30 PM

by Dr. Mike Lloyd, CTO RedSeal

Recent headlines tell us that “Feds Say That Banned Researcher [Chris Roberts] Commandeered a Plane.” As always, there is more to the story. In fact, there are claims and counter-claims about what Chris Roberts actually did.  The FBI search warrant says he did actually send control commands that impacted the flight path of the aircraft, but this is currently unproven.  The whole incident brings focus on the issue of what is called lateral movement – can someone with access to, for example, the inflight entertainment system of an aircraft use that toe-hold to reach further in to the network to do actual harm?

Once, aircraft control machinery was effectively offline, not connected to any outside networks. But, as we’ve seen in recent coverage (including the loss of Malaysian Airlines Flight 17) aircraft are much more inter-connected than they used to be.  They connect to the outside world in several different ways, ranging from satellite-based networks for flight telemetry to networks used to provide Internet access from passenger seats.  As these networks proliferate, they inevitably touch; and any touch point is something an attacker can use.  The number of possible weak points multiplies over time.

The questions raised by this story are the current frontier of security, and apply well beyond aircraft.  We rely more and more on networks that we cannot easily see or understand.  Defects in one network can open up access to another. Attacks can work upwards like grass through cement, finding weak points and cracking hard defenses.  What all defenders need to learn to do is to use technology to monitor technology. As our networks grow larger than we can understand, human effort and good will are not enough. This is why the current emphasis in security is on automated testing of defenses. We look for lateral movement opportunities, so we can isolate the truly critical things – say an aircraft’s control network – from the far less important, such as the inflight entertainment systems.

Tags:

April 10, 2015 · 12:31 PM

by Dr. Mike Lloyd, CTO RedSeal

The watch-word for the SendGrid breach is “interdependence”.  In the online world, we may think we’re dealing with one company, but we’re actually dealing with them and with every other company they choose to deal with.  This makes an ever-widening attack surface.  (The breaking news about the Chinese “Great Cannon” software shows similar patterns.)  These days, if you visit a website, you can be confident you are actually talking to a huge variety of other organizations who may provide ads, services, traffic monitoring, or any other legitimate services.  One recent study of a popular news site showed that reading a simple news story meant your browser spoke to 38 distinct hosts, spread across no less than 20 different organizational domains!  The problem is that this array of services is very large, and a chain is only as strong as its weakest link.  Attackers only need to find one weak point to start an attack.

Tags:

Pages

RedSeal on Twitter

 

RedSeal On Facebook

 

Follow The Conversation

 

Stay informed on our latest blog entries.

Subscribe to RedSeal Conversation feed