In the preceding week I have attended the virtual InfoSecWorld conference, heard the news of certificate issues that affect 100% of UK businesses and written a paper on the leakage of a further 11 million medical records from a health provider – yet I feel compelled to write an article about a news story based away from the Information Security world.
The breaking news about the horrendous loss of life from the Germanwings Airbus crash is that it was intentionally flown into the Alps by the co-pilot who was alone on the flight deck. As shocking as this is, it’s not the first time such an incident has happened and the press are already condemning the airline industry for not implementing measures that could have prevented it.
The audio from the cockpit voice recorder has been leaked and it is being reported by the media that the co-pilot has crashed the plane as the act of a ‘Lone Wolf’ – where an individual has worked in isolation and out of the influence of all other factors. The actions of course can be both intentional or accidental, but without a second person to verify or prevent, they are always more likely to materialise as an impact.
Sat amongst a group of InfoSec engineers and architects, the discussion has turned to solutions that have already been proven in our industry that could have helped prevent these actions. Everything from the types of doors and locks that could have allowed the Captain to regain access to the cockpit, to the secondary technical solutions that could have allowed the control of the plane from another location (suitably secured of course). There was the obligatory discussion about AI and pilotless planes, the social acceptance and security measures that would be required before hundreds of people are propelled through the air controlled by something that was unable to make ethical or moral decisions, but that nothing different that what is trying to be resolved with driverless cars by Google right now.
All of these are of course technical controls, with the human factor being removed – rather than being resolved. The Lone Wolf scenario in the airline industry is a fairly new issue – because it has actually only been the recent couple of decades that has reduced the cockpit occupancy to two people. Then the events of September 11th introduced a further factor when the ‘compulsory secure door’ to the flight deck was enforced, which has successfully reduced unauthorised access to the flight deck at the cost of causing hindrance at all other times.
In the InfoSec world we often have to think about how we prevent the actions of a Lone Wolf, but also how we detect and prevent collusion. We follow principles that can be applied outside of our usual working environments. When you consider a modern vehicle (plane, train, boat, tube, car) is actually just a collection of mobile computing devices in symbiosis, our normal processes are all still valid. Why should the standard of a flight deck door be any different to the standard that controls access to an List X / IL-6 datacentre ? Should setting the autopilot require the ‘two man rule’, but with a break glass feature for times of emergency ?
All the above is so much easier to diagnose in hindsight and sometimes it takes the tragic disaster such as this week to kick start new solutions to old problems. As InfoSec professionals we all need to pro-actively promote not only our technical know-how, but also our best practices and procedures. We also need to remember that the loss of a bit of data isn’t the worst thing that can happen when we get it wrong in the grand scheme of things.
Orchestration with Splunk
Buzz word time, as 2015 seems to be finding new terms for things InfoSec people have...