Schneier on Security

Clive Robinson • November 2, 2016 6:21 AM

@ Otherwise,

Such do not exist on any computer system interfaced to an unclassified network.

And as Ed Snowden and several others have demonstrated, secrets can not be kept on computers connected to classified networks either.

I have a couple of pieces of advice I trot out from time to time, for those wishing to limit disclosure damage.

First and formost though one that defines the basic reason information leaks in one way or another from repositories,

Efficiency -v- Security

It applies from below Layer 0 all the way through Layer 9 and above in the computing stack. It manifests it’s self in side channels, increased complexity, increased attack surface and way too much privilege in individual entities and other lack in their control.

Information leakage comes in two basic forms intentional and unintentional. The former are considered to be forms of insider attacks, but they also occure due to what are excused as “poor engineering choices”[1] in place from before day zero of any project. The latter are side effects of the laws of physics and thermodynamics, thus ever present if not eternal foes.

The way to deal with information leakage below Layer 8 was known as “air gapping” and “perimeter minimization and control” from Layer 8 upwards.

Unfortunatly as is now obvious to those who can read an “air gap” is insufficient to stop information leakage due to those fundemental laws of nature. Why this has taken so long to become apparent to the majority of security practitioners, is a cause of puzzlement. Put simply anyone who actually understood the basic physics they were taught at school prior to being a teenager, could with a little thought have realised that what was needed was,

Energy Gapping not just Air Gapping

Even of those in the security domain who had heard of what became known as TEMPEST or EmSec, apparently few of them realised that the channels and transducers by which information gets transported are bidirectional. Thus failed to recognise the potential of the “black arts” of “Susceptibility attacks” developed by those who did. This was even though the mechanisms of it were talked about publicly and openly since the 1980’s as ElectroMagnetic Compatability (EMC) it rarely if ever crossed the mental gap in most security practitioners heads…

The reality is there are only two ways to limit the effects of energy based security issues be they by emission or susceptibility. The first is to minimize the information per unit of energy and secondly minimize the information per unit of time. The ways to achive these minimizations are many and varied and also supprisingly for some form part of Layer 8 and up “Perimeter Minimization and Control”. One way this enhanced security can be achived is in effect to go backwards in technology for the three modes of information usage, storage, communication and processing.

We’ve been led to believe for “security reasons” the Russians have gone back in time to manual, (not electric) typewriters, Roneo / stadler style alcohol mimeograph machine copiers, carbon papers, type through stencils, filing cabinets with combination locks and safes in locked and armed guard defended bunker like repositories.

Having served some time when younger in such an environment, the hard security is obvious, as is the perimeter minimization and entity control. Whilst the lack of electrical energy for motors and electronics is also easily seen less obvious is what it does in minimization of information communication unless you think about it. A typed sheet of paper holds at best 3500 characters of information with words on average taking six charecters in the standard English alphabet. Thus little information is impressed on a physicaly large object, that is in turn difficult to, copy, conceal and communicate the information out of a such a controled security area. Which in turn minimizes the amount of information per unit of time / oportunity.

There are other advantages to typed documents, which is why I advise,

Paper Paper Never Data

to those with requirments to minimize potential harms. It’s also what I talk about when trying to minimize the harm caused by “electronic discovery”. Which is something that has just poped up in the news again over an illicit server and now a laptop that might have over half a million mostly “gone missing” emails that the authorities are taking interest in…

[1] “Poor Engineering Choices” is most often a “managment euphemism” used to pass the buck downwards to avoid responsability for their own failings.

Clive Robinson • November 2, 2016 7:05 AM

@ Bruce,

Now that we know they held things back, there could easily be more releases.

Let us hope so on the sunlight/disinfectant principle.

As for being surprised, there are two very old military maxims to remember. Firstly, “Keep your powder dry” and secondly “Draw the opponent out”.

Keeping the powder dry, has changed it’s meaning from the apparent stating the obvious, it now means keeping things in reserve, often secret, so the opponent gets a false sense of your capabilities and reserves, thus when drawn out they find that things are rather not as they thought, thus in effect they have advanced into a trap.

We saw this in the gulf war when the Iraqi power, water and communications and other infrastructure were attacked as the first order of battle. Such behaviour where the fall out would be mainly agaist civilians would once have been not just unthinkable but also illegal under international law.

But it also had in it the seeds of it’s own failure, in that a decade or more down the road Iraq is still a broken country, with some of those civilians now armed and out for not just themselves but to extract payback.

Who ever designed and deployed these attacks on what is arguably targets of “economic interest” only has not only caused harm[1] to civilians, they planted a seed that has grown and there is now a price to be payed. Thus the question of “What price the reaping?”.

[1] If you look back at what went on in South Korea, the North alledgedly developed from nowhere very sophisticated and targeted cyber-attacks. Against amoungst other things the GPS systems used by aircraft and shipping, the banking sector causing instability and more. Some believe understandably that the North Koreans did not develop or deploy so effectively such advanced technology without any sign of testing… Thus the question of who had the knowledge and ability to test such attacks. The US MSM that went further than the knee jerk headlibe reactions looked where they were directed which was towards China. But again the attacks were not of their MO. Thus with the revelation of this information I suspect a number of South Korean interests will examine the data very attentively looking or correlation. And perhaps the US MSM might look a little closer to home, after all the US DOD is known to have carried out quite indepth and extensive testing of the GPS systems for vulnerabilities. Likewise the US IC is known to have carried out many and varied forms of attack against targets of “economic interest” over many decades. So the attacks that caused harm in South Korea, are standard fare for US Military / IC entities…