Digital Transactions Authoritative, insightful and timely information for payments professionals
Gideon Samid – Gideon@AGSgo.com
Defeatism is toxic, but over-confidence is equal- ly poisonous. That’s why the mental disposition we impress on our clients is that of “The Unending Cyber War” (also the title of my recent book). Don’t expect the banner “Mission Accomplished” to be displayed any time soon. The threat is ongoing.
In short, a good security strategist will plan for the day after, for recovery after a crisis.
Let me first focus on a simple device that is easy to put in place, requires no maintenance, and is perhaps the most powerful tool in your recovery kit. Our brand name for it is Recovery Sticks. It is simply a repository of strings of random bits.
Puzzled? Here’s some background. Unless you watch a cook at work, you are not fully aware of how much salt is used in just about every dish. Similarly, if you are not exposed to the inner working of cryptographic algorithms, you are not fully aware of how much randomness is employed in all our crypto products.
Randomness, like entropy and chaos, is a tantalizing concept with a clear on-its-face explanation (randomness is lack of order), and a black-hole mental trap for anyone who tries to think it through. Cryptographers use series of unordered, unpatterned bits to devise encryption and decryption keys, to engineer remote authentication protocols, to hash, to sign, to hide, and protect our data, our money, and our intellectual assets.
If Alice and Bob each holds a twin Recovery Stick, then they can communicate over an open channel with mathematically proven security. They may authenticate each other, and Alice can safely and securely download to Bob the entire database that got wiped out because of a disgruntled employee (who also vaporized the backup disk), or because of a surprise electromagnetic shock such as a solar storm, or because of a scenario that we are too unimaginative to expect. All that is required is for Alice and Bob to share a twin Recovery Stick, and keep it virgin (sealed and unused until the moment of crisis) and locked away.
That’s it. No maintenance, and no replacement needed. It is hard to think of anything so simple, yet so versatile. The actual use of the bits will depend on the nature of the crisis. If there are enough bits, then they can be used in a protocol known as One-Time-Pad, which comes with a mathematical proof of unbreakability. So, unlike AES, RSA, IBE, and all the commonplace ciphersystems in use today, the One-Time-Pad is not vulnerable to a smart adversary or to the coming shock of quantum computing. It is a robust means to reload a wiped-out computing center. One has to ensure a few things, though, such as the randomness of the bits and their virginity. And you must remember where they are stored.
Another simple way to prepare for recovery is hard copy. Unwieldy printouts are out of fashion. We’ve become screen-bound, addicted to wireless, dependent on the flux of electromagnetic radiation. But this radiation is also emitted from the flaring sun and other cosmic sources, and recently has been fashioned as a weapon—an electromagnetic bomb—designed to play havoc with anything electronic. If that happens, then hard copies are the only copies that will survive. We strongly advise our clients to define a small kernel of super-critical data that should be kept constantly updated, and always in the form of hard copy.
There are several more tools that make up the bounce-back toolkit, but to use these tools judiciously it is necessary to train oneself in crisis-management thinking. Questions of what-if and damage assessment are critical. We recently worked out an estimate for a financial outfit of the amount of transactional value that is unsettled at any given moment. That would be the amount in limbo should a sudden blow hit the system. It’s daunting to go through these numbers, but it is much better to think of a solution when you are not emotionally distressed by a real crisis.
Thinking a crisis through will lead you to map knowledge required to knowledge available. This mapping will identify any pockets of required knowledge for which you don’t have enough expertise. I was involved in a crisis where all the application programmers and database experts were at hand, but the hardware needed priming, and nobody knew how to reload the BIOS firmware.
Always remember: Bounce-back planning can be done any time. Still, while now is never too late, any time never comes!
