The Gaping Hole in Cybersecurity

The attention being paid today to computer network and information security is ever-present. High-profile news stories, and even the priorities of national defense and democratic elections, are surrounded by questions of computers and security. It is, perhaps, the biggest story of our age, and almost certainly the issue with the widest footprint.

Yet, for all this priority and profile, computer network and information security currently carries with it a huge, inviting gap. While mysterious, remote, and invisible threats occupy the center of our attention, Internet experts of every kind are recruited hungrily by corporations, governments, and enterprises all over the world to bolster computer network and information security against the likes of hackers. However, the Achilles heel, the unnoticed vulnerability in this whole picture, is the one element that’s visible and tangible – the USB data ports and unlocked cable connections that are hiding in plain sight. There are literally more ports and connections in the world than there are computers, and all but a precious few are unguarded.

Two real-world stories illustrate the magnitude of this physical threat to computer network and information security.

How a Thumb Drive Took Down an Emerging Nuclear Threat

A nation that was steadily developing nuclear weapons capability that would destabilize a belligerent region and, indeed, threaten the world, was set back by what some say was a decade or more when a virus was introduced to the computer network that supported that nation’s uranium enrichment program, completely overcoming and bypassing elaborate computer network and information security measures there.

Was this virus uploaded remotely by a genius in cyber network security and launched from a top-secret online lab?

No. A simple thumb drive – a common USB flash storage device – dropped at just one of this country’s facilities carried this virus, now legendary in cyber-warfare circles. The planners who designed the operation knew that a “found” or “free” thumb drive is practically irresistible, even to the most intelligent users of computers.

The impulse for a person to add to his or her personal storage and transfer tool kit is somehow more powerful than all the policy manuals, warnings, signs and security cameras that can be directed against it. Apparently even the smartest people are susceptible. Even the most disciplined military and security personnel are not immune to this impulse to use the stray thumb drive.

This phenomenon was researched by the experienced, sophisticated national security service of a NATO country recently. The operation deposited anonymous flash drives on desks and floors and in coffee rooms and conference rooms at the offices and work facilities of several defense suppliers and military installations. The usage rate of the planted thumb drives was greater than 100%. Yes, not only were all the Trojan horse flash drives picked up and plugged in, but many were used more than once, at more than one data port. Fortunately for the purposes of this research operation, the stray flash drives contained nothing more damaging than a program that enabled researchers to trace their use.

In a less dramatic study, a U.S. university research project found that more than half of thumb drives that were left in parking lots were picked up and plugged into PCs within hours of being found. The controlled experiment at the University of Illinois concluded that a flash drive attack is not only effective, with an estimated 45% to 98% of dropped drives connected, but also expeditious, with the first drive connected in under six minutes.

Even the U.S. Department of Homeland Security is Vulnerable

In yet another example, it was widely reported in 2011 that, as part of a study, the U.S. Department of Homeland Security randomly dropped USB and optical drives in government and private contractor parking lots – and more than half of those who picked one up readily plugged it into their work computer. Bloomberg News reported that 60% of those workers and contractors who picked up the drives plugged them into office computers. The report also said that 90% of found drives stamped with official government logos were plugged in.

Clearly, this proves the viability of attacking computer network and information security with the simplest-possible approach. As to the reasons why professionals could be so careless, it seems that an element of human nature includes seeing oneself as an exception – or seeing this instance as an exception. That, evidently, is all the permission that people need to plug an unidentified flash drive into even the most “secure” computer network.

The lesson here is that intentional attacks are far from the only way that sinister viruses and malware come into data ports. In fact, intentional attacks are most likely the minority.

The broader threat is unintentional. A thumb drive that gets used at home and then at work brings with it anything the home computer might have picked up along the way in the form of bugs and bleeps from the vast Petri dish of the Internet.

USB flash drives are not, by any means, the only devices that serve as carriers of computer viruses and malware. A smart phone that was synced to the home computer brings these viruses and malware to work just as thoroughly, and if an employee plugs in at work to charge, then the viruses and malware find a new home at the office.

Computer Network and Information Security Measures You Can See

Fortunately, the missing computer network and information security measures that prevent these pernicious attacks and casual carelessness are just as visible as the threat. The Connectivity Center deploys an evolving array of USB port blockersnetwork port locksfiber optic port locks, and dozens of other devices that overcome these threats of attack or infection.

The Smart Keeper series offers port blocking with the additional feature of serialized keys that enable access only from authorized users. With Smart Keeper, you can make sure that access goes only to those persons with “need to know” and “need to use” authority within your organization, without the expense and complication of Network Access Controls.

The cables that connect computers in your network are another point of vulnerability, because a malicious user can unplug a device from the opposite end of a tethered cable. With Link Lock connectors from The Connectivity Center, this other way into your network can be effectively secured. Adding yet another layer of computer network and information security is the Link Lock Hub, which not only serves as a secure USB hub for your attached USB device, but also locks your devices so that they cannot be removed without authorized access.

The Connectivity Center reminds you that without securing the ports and connectors within your computer network, your cyber-security profile cannot come close the 360computer network and information security protection demanded by today’s environment. And this is just one part of the product portfolio and the programs we offer. Our history and heritage bring quality, value, variety, and versatility to the present moment in this data-rich world.