• Skip to content
  • Skip to primary sidebar
  • Skip to footer
  • About
  • Contact Us
  • Newsletters
  • Tech Guide
  • Cyber War
  • Pro
  • Members Only
  • Sign in

CTOvision.com

Context for the CTO, CIO, CISO and Data Scientist

You are here: Home / Cyber War / Internet-connected Product Bans: How Do You Avoid Future Issues?

Internet-connected Product Bans: How Do You Avoid Future Issues?

March 7, 2018 by Junaid Islam

Share this:

  • LinkedIn
  • Facebook
  • Twitter
  • Reddit
  • Email

Recent actions by DHS signal a closer monitoring of technology being purchased by the U.S. government, especially technology created and or controlled by foreign governments. In some cases Internet-connected products controlled by foreign governments have already been banned, and there are indications more may be coming. For cybersecurity personnel the product bans will require a new approach to procurement policies (especially endpoint and BYOD policies).

2018 started with a ban of Kaspersky software and was quickly followed by Senator Rubio calling for a ban on Huawei and ZTE. Given the high political cost of banning a product the US Government typically only takes action if there is overwhelming evidence. Subsequently cybersecurity personnel should take such actions very seriously.

Internet-connected security software and mobile phones are problematic as they upload data as a normal part of their operation. For example, anti-virus programs upload any signature or group of packets they don’t understand to a cloud-based analytics engine. Similarly mobile phones upload usage data to improve coverage. For DHS to ban an Internet-connected product means there is evidence that data uploads go beyond the stated functions. In the case of Kaspersky it seems they were uploading the entire hard drive.

Company-owned computers on which banned security software is installed should be discarded. As security software operates at the kernel level simply de-installing software won’t do anything. Unless you’re an expert in re-flashing hardware don’t take the risk of using a tampered laptop. If you do decide to re-flash a laptop you should label the device so users are aware then you’re re-circulating a tampered system. Unfortunately for banned mobile devices there’s nothing you can do except remove the SIM card and discard the device.

BYOD presents a bigger cybersecurity challenge for enterprises. In many organizations cybersecurity personnel don’t even know what’s on the remote device. Moreover standard countermeasures such as encryption don’t help if the device itself is the attack vector. Thus enterprises will have to take the difficult step of approving BYOD purchases.

What To Do To Avoid Future Bans?

To avoid the cost of discarding a device here are five requirements for Internet-connected products you should consider before purchasing or recommending them:

Data Location Where is the data stored?  Additionally are there any remote analytics programs that have access to the data?

Internet Function What is the function of the Internet-connected service?  Is the functionality locked down?

Anonymization Process Are Internet-connected services implementing a one-way non-recoverable hash to ensure data is anonymized?

Data Security How is access to the data managed?  Additionally how is the network that transports the data protected?

System Verification What is the vendor doing to ensure all the things they promised are really happening.

Don’t wait for DHS to ban a product. Be proactive and avoid disaster.

 

 

  • About
  • Latest Posts

Junaid Islam

Member at OODA
OODA is an organization of technology experts who have supported US national security missions.

Latest posts by Junaid Islam

  • The Internet Has A New Problem: Repeating Random Numbers! - February 18, 2019
  • AWS Snowball Edge And Hyper Converged Infrastructure Will Revolutionize Global Enterprises - August 1, 2018
  • Smart Cities Cybersecurity Challenge - July 17, 2018

Related

Filed Under: Cyber War

Start Your Free Two Week Trial of CTOvision Pro



CTOvision Pro is our subscription only research and analysis service which provides exclusive content to enterprise IT professionals. We deliver actionable insights that will make direct contributions to your success.

About Junaid Islam

OODA is an organization of technology experts who have supported US national security missions.

Primary Sidebar

Your account

Sign in

Featured Content

The Internet Has A New Problem: Repeating Random Numbers!

Ethical Concerns of AI

CTOvision Assessment on the Megatrend of Cloud Computing

AWS Snowball Edge And Hyper Converged Infrastructure Will Revolutionize Global Enterprises

Smart Cities Cybersecurity Challenge

Inform Your Cybersecurity Strategy With Lessons From July 1861

Secure Enclave Vidder Junaid Islam

Secure Enclaves: Foundation For The Cloud-Based Enterprise

CTOvision Assessment On The Megatrend of Artificial Intelligence


OODA

CTOvision Pro Free Trial

CTOvision Pro Members Only Section

Disruptive IT finder

CTOevents

CTOvision Mobile

CTOvision Newsletterss

Footer

CTOs on Facebook
CTOs on LinkedIn

CTO Events
CTOvision Mobile App

Free Newsletters and Tech Reports
CTOVision Pro: Exclusive Content
Crucial Point LLC

Copyright © 2019 · Magazine Pro on Genesis Framework · WordPress · Log in

loading Cancel
Post was not sent - check your email addresses!
Email check failed, please try again
Sorry, your blog cannot share posts by email.