Real Enterprise Networks

Summary

Excerpt From SECDEF Memo – Impacts on SCIF/SAPF Security Webinar/
Find Out More on Real Enterpise Networks in the brief video below /
CTO Dr. Brett Walkenhorst discusses the challenges involved in expanding a variety of new devices into business networks in the clip below. There are still gadgets with wireless connectivity in super secure areas like SCIFs, which can be dangerous. This continues to happen despite efforts to put an end to it because more gadgets mean more opportunities for assaults. Strong security is essential because insiders can cause issues through both deliberate and accidental acts.

Video Transcript

But I wanna talk about the problem of the introduction of devices, not just in the fact that it extends our network where we think we have everything well mapped out. In a typical enterprise network, what we actually have is something that looks a bit more like this where our network diagram has just blown up because of the introduction of all kinds of devices, most of which actually have one or more wireless interfaces associated with them.

Now in a SCIF or SAPF environment, you might be surprised some of this stuff still exists. It may not be tied into the network directly, but we see things like industrial control systems that have, like, a ZigBee mode enabled by default. And when it first gets installed, we see that in the Bastille system.

We can see it fire up, and then maintenance comes in and they do something to it, and it ends up getting reenabled without anybody really realizing what was happening and it fires up again. So we see that kind of thing, but I think the bigger issue here is we have the potential to have personal devices being introduced to the space, not because they can attach to the network necessarily, but we get concerned because they offer a mechanism for some kind of surveillance that could collect data and extract it and exfiltrate it to outside of the facility.

And try as we might, we can't perfectly isolate those facilities, and these devices come into these spaces. We have systems deployed at customer facilities that have been there for years. And even after all that time, we still see daily infractions of policies that exclude wireless devices, and and we see them because we have a mechanism for bringing visibility to that space and therefore a mechanism that enables security to enforce those policies where previously without that visibility we had nothing.

So it is truly amazing to think of the ubiquity of devices and numbers of people who work in these areas where it's just the probability of an infraction is appreciable even on any given day. So so this is a very real concern, and the threat is primarily associated with the fact that vulnerabilities are numerous in this area.

The numbers of vulnerabilities for wirelessly enabled devices has been growing exponentially for a number of years. And, you know, as the complexity of the protocols increases as the devices proliferate, this is only going to get more and more problematic. And the only other thing I wanna say here is in addition to this growth, what we know about is only ever the tip of the iceberg.

This is just what's been published as CVEs. But, of course, there's other vulnerabilities that haven't been discovered or at least not by people who are friendly to us, and those can be exploited by bad actors. So that is the threat. It's both the winning insider to perform a bad action, but more importantly, it's the unwitting insider who may have a device that has been compromised.

And as we know, people who work in these facilities can sometimes be targets and very often are because they have access to information that our adversaries care about.