Tuesday, January 20, 2015

Intruder alert

Cyber attacks are in the news almost daily, and certainly high profile projects, or projects in high profile businesses are not immune. Indeed, theft of proprietary project information is high on many lists of the criminal mind.

Of course, your IT should be on the case, but it might help if you can talk to them a bit in their language about how safe are your project proprietary files.

Here's a nice primer from one the US national laboratories at Los Alamos. The article is in one of the back issues -- November 2013 -- of their Science and Technology Magazine (free online subscriptions)

Unfortunately, the theme of the article is: they're going to get in. The trick is detect the intrusion and then mount countermeasures. It's a play on: for success "they have to be right only once; you have to be right every time"

Of course, one is led directly to Nassim Taleb with two big ideas:
  1. Black swans: I can't imagine it could happen to me, but of course, it can! Thus: heads up! if anyone actually needs that advice in this day and time.
  2. Anti-fragile: I can sustain a big shock and keep on truckin' (or, if I am doing my systems right, I can sustain a big shock, else I am in a world of hurt)
And one is also led to one of the key principles of system engineering: loose coupling, and the ability to decouple quickly (read: instantly) -- that is, disconnect and isolate. We've been loosely coupling railroad cars since 1840 or thereabouts; we've had ejection seats in aircraft since the '50s... why not computer systems?

Personally, I keep anything important on a physically disconnected drive. It's only connected for short periods to get updates. The cloud is a step in this direction, but even clouds are not as safe as physically disconnected storage.

So, you've been warned, as if you've not read this stuff before elsewhere

Read in the library at Square Peg Consulting about these books I've written
Buy them at any online book retailer!
Read my contribution to the Flashblog