The latest revelations about how thoroughly the NSA, GCHQ and friends have corrupted Internet security have got Bruce Schneier recommending an air gap.
Back in the late 90's I played a small role in the fight against the UK government's trusted third party / mandatory key escrow scheme on behalf of Ç-Dilla, at around the same time as the Clinton administration was pushing the Clipper Chip. It seemed that the fight was won, but apparently after being told no the spy agencies went and found a way to do it anyway.
The starting point is terrorists, because there is nothing that can't be justified by the war on terror. But all that data just wants to be used so it gets shared with the DEA, and then the IRS. And then LOVEINT. The implications for civil liberties and the economy aren't great but they're probably not the worst fallout.
The ending point is probably terrorists as well. Because by opening up back doors and sneaking weaknesses into the algorithms that we depend on for security we've opened up holes for the bad guys to exploit. Bad enough that your local nuclear power station is hooked up to the Internet but now we know the VPN and the Firewall that should be keeping it safe have been fatally compromised.
If we really wanted to save the most possible lives then the billions being sunk into the NSA would be better spent developing self-driving cars.
- More on breaking the Internet
- Securing the Internet of Things
- Routers to defend against rogue IoT devices
You Might Also Like
Air gaps are cheap and easy to implement provided you do not need to connect to external networks.
Our old method was to remove the coms ports from the motherboard soldering iron, and store the hard drive in a safe when the isolated PC was not attended, and rekey any data required, or have a secure way of transferring data from a physical medium to the pc. The problem is that floppy disks, USB key fobs etc etc have a habit of getting infected.
Fiber optic network and 3 meter air gaps between networks works well if you have to network a group of PC's together, with a dedicated PC for transferring data between networks e.g. back up email from one network transfer validate and then load onto the other network to get over the airgap. Data diodes and message pumps now make this easier, but you need to log and validate all cross traffic.
Unless you are working on military projects this is all over the top, but the problem was solved decades ago when we had serious adversaries in the form of the USSR etc.