By Gary Sorkin
Any expert in cyber security will tell you no system is totally secure from hackers, but once I went to a secure facility which was, in fact, totally secure.
It was in the 1980s and I was selling DEC VT-100 terminals with a special PC card enabling the CRT to run both as a terminal and a personal computer. A really innovative gadget, at least for that time.
A government facility in the hills outside of the Bay Area of San Francisco wanted to try this on their underground DOD system, and had invited me to bring in a demo unit. So, after waiting weeks for my security clearance, I finally had a date – a Wednesday, as this was the only day in the week vendors were allowed on site.
(Later I found out the security clearance investigators actually drove out to my home and interviewed my neighbors, asking things like, “Has Gary been out of the country,” and “Do you notice any alcoholic beverage bottles in his recycling?”)
So upon my arrival to this nondescript gate house, which looked from the road to be a chicken coop, I went through double doors within a bullet-proof glass gateway, then received my radiation sensor and name tag. After an elevator ride some distance underground, it opened to a corridor with a “T” intersection – the Red Team would go one way and the Blue Team the other.
These teams were comprised of military personnel spending days at a time in some instances simulating nuclear warfare. Each corridor had a cafeteria first sharing a common kitchen, then sleeping quarters, then conference rooms and finally a NOC (Network Operations Center) or War Room as it was called. I noticed rubber cones in the hallway, like the ones you would see saying “Wet Floor,” but in this case they read, “Visitors Present – No Classified Conversations in Hallways.”
I raised an eyebrow thinking to myself how some PhD’s might be discussing something over coffee in the hallway whereas our nation’s security could rest on the dissemination of such information. Incredibly true yet bizarre levels of knowledge and information control.
So after my presentation, my host asked me if I’d like to see the computer room.
Sure, I replied. So we walked down another corridor where a US Marine was guarding a door, armed with an M-16. We walked into the room where the DEC PDP11/70 stood majestically on the raised access flooring, lights blinking and the disk drives humming. My host told me the walls in the room were lead lined to prevent RF and EMC emissions, normal by-products of microprocessors, which can penetrate a non-lined room, keeping any attempt of someone trying to sense what’s going on from the outside. Only electric power was brought into the room, with absolutely no phone, modem, or wireless connections going out.
Even if something broke or failed to operate, it would not be sent back for warranty repair, however brought to the parking lot and crushed by a heavy roller into pieces, then burned. Nobody but nobody got through the US Marine standing guard without proper authority.
Yep, that’s called secure. Once you hook up to communications, it is impossible to totally secure any network. However a layered approach using firewall appliances coupled with SIEM (Security Information Event Management) middle-ware can provide actionable defense methodology to hackers, making it more difficult – but not impossible.
If you want Impossible, seek out the US Marines to guard your computer room door, have a lead lined room, with no communication access.
Gary Sorkin has been a pioneer in the cyber security industry for the past 30 years working on many patented devices and methods for threat prevention and detection. He now consults with clients within the Smart Grid and Internet of Things sectors, with an emphasis on wireless communication.