Internet-connected Product Bans: How Do You Avoid Future Issues?

Junaid Islam March 7, 2018

Recent actions by DHS signal a closer monitoring of technology being purchased by the U.S. government, especially technology created and or controlled by foreign governments. In some cases Internet-connected products controlled by foreign governments have already been banned, and there are indications more may be coming. For cybersecurity personnel the product bans will require a new approach to procurement policies (especially endpoint and BYOD policies).

2018 started with a ban of Kaspersky software and was quickly followed by Senator Rubio calling for a ban on Huawei and ZTE. Given the high political cost of banning a product the US Government typically only takes action if there is overwhelming evidence. Subsequently cybersecurity personnel should take such actions very seriously.

Internet-connected security software and mobile phones are problematic as they upload data as a normal part of their operation. For example, anti-virus programs upload any signature or group of packets they don’t understand to a cloud-based analytics engine. Similarly mobile phones upload usage data to improve coverage. For DHS to ban an Internet-connected product means there is evidence that data uploads go beyond the stated functions. In the case of Kaspersky it seems they were uploading the entire hard drive.

Company-owned computers on which banned security software is installed should be discarded. As security software operates at the kernel level simply de-installing software won’t do anything. Unless you’re an expert in re-flashing hardware don’t take the risk of using a tampered laptop. If you do decide to re-flash a laptop you should label the device so users are aware then you’re re-circulating a tampered system. Unfortunately for banned mobile devices there’s nothing you can do except remove the SIM card and discard the device.

BYOD presents a bigger cybersecurity challenge for enterprises. In many organizations cybersecurity personnel don’t even know what’s on the remote device. Moreover standard countermeasures such as encryption don’t help if the device itself is the attack vector. Thus enterprises will have to take the difficult step of approving BYOD purchases.

What To Do To Avoid Future Bans?

To avoid the cost of discarding a device here are five requirements for Internet-connected products you should consider before purchasing or recommending them:

Data Location Where is the data stored? Additionally are there any remote analytics programs that have access to the data?

Internet Function What is the function of the Internet-connected service? Is the functionality locked down?

Anonymization Process Are Internet-connected services implementing a one-way non-recoverable hash to ensure data is anonymized?

Data Security How is access to the data managed? Additionally how is the network that transports the data protected?

System Verification What is the vendor doing to ensure all the things they promised are really happening.

Don’t wait for DHS to ban a product. Be proactive and avoid disaster.

About Junaid Islam

Junaid Islam, veteran Counter Terror Operations, Secure Communications Expert

Gain Powerful Insights Into The Future With OODA Loop’s Technology Tracking

In a continuation of our journey to bring the best, most actionable technology content to enterprise decision-makers we have merged our research and reporting activities into the OODAloop.com site (both CTOvision.com and OODAloop.com are owned and operated by OODA LLC). CTOvision will focus only on one small niche, a vision for a technology enabled future. […]

CTOvision and OODA: Big Changes Coming Soon

In a continuation of our journey to bring the best, most actionable technology content to enterprise decision-makers we are merging our research and reporting activities into the OODAloop.com site (both CTOvision.com and OODAloop.com are owned and operated by OODA LLC). This will give our community access to the same technology summaries we currently produce as […]

Give Your Career A Boost By Learning From Experienced Decision Makers

Our video and audio podcast, the OODAcast, provides content that can help accelerate your career and improve your decision making. The series is based on interviews of some of the greatest most accomplished enterprise technologists we can find. We ask questions designed to pull out lessons applicable to accelerating the career of any professional. We […]

Think Twice Before Deciding To Use A Personal VPN: You could be getting some really bad advice

From the 1930s to 1950s (far too long) the medical community just would not wake up to the fact that cigarettes could cause harm (see More Doctors Smoke Camels). Why did they stick with this misperception for so long? When so many good people come to the wrong conclusion it probably means some deeply human […]

Please help spread the word: USNI and NIP Essay Contest: This year’s challenge area a key one for the nation

Please help share the content at this link to any thinker/writer you know: 2020 Information Warfare Essay Contest This contest is open to all contributors, active-duty, military, reservists, veterans, and civilians. Generally the winners have had a solid understanding of the nature of modern conflict, but really any thinkers/writers should look over the contest and […]

Centripetal wins historic $2.6-$3.2 Bil vs. Cisco Systems; largest US patent infringement award to date

Editor’s note: I am proud to say I have a history with Centripetal Networks serving on their board and then later as an advisor. It was horrible to learn that a Tech Titan like Cisco was infringing on their patents. It is good now to see when the facts were reviewed justice was done. -bg […]

Super Bowl Ads Indicate Big Businesses Think You Are Afraid of AI

Tom Loftus provided an insightful review of some of Super Bowl ads in the 4 Feb 2019 Wall Street Journal. Like AI parody in SNL, these ads really poked fun at computers: Seriously, did anyone catch the commercials? If the Super Bowl is the zeitgeist, then it is safe to say that America is not […]

HBO’s Westworld: The Man In Black is a special kind of Twitter user

HBO’s Westworld is a modern take on the Michael Crichton SciFi tale of a robotic amusement park. The HBO version has a new twist. The creators/writers were all exposed to years of Twitter, which has influenced every episode and the entire arch of two seasons of the show. Now that season two is wrapping up, […]

All Enterprise Techies Should Watch HBO’s SciFi Epic Westworld: It will help us dialog over shared experiences on what we will not be creating

Westworld season one was a great mix of science fiction and drama and action and it was done in a way that should help people think through many tech ethics questions, like how do we want to treat our robots? Does treating robots with violence change our nature? Can robots become sentient? HBO has a […]

Related