Western governments, especially in Europe, have been criminally negligent in their handling of the Internet, Communications and Electronics Industry (ICE).
Valiant attempt, but you’re way outside your skills area here. I’m a recently retired cybersecurity analyst, so here’s my tuppence worth.
You’ve concentrated on hardware, at which China is the main threat. Chinese network kit has already been removed from government systems, and the low level chips involved in avionics have Western specifications and have been tested. It is unlikely they can even be shut down remotely.
Quantum computing is even further away than nuclear fusion, that is its unlikely to be realised any time in the next 20 years. If it gets closer, defences can be developed, meanwhile let the Chinese waste whatever resources on it they like, similar to us leaving US corporations to blow trillions trying to achieve Advanced General Intelligence using Large Language Models. Neither is happening.
Retaining cash - yes that’s a good idea. Also control every connection coming into the UK, although we don’t know to what extent that’s already happening. GCHQ is far better equipped than most people realise.
Last point, even the daft NHS is unlikely to allow nurses’ phones to join their networks.
The bigger cyber threats come from Russia and North Korea. This war has already started, and civilian onlookers have no idea how it is being waged.
You could be right. We have every possibility at the outbreak of a war from the entire Internet being shut down to a spate of conventional software attacks on civilian networks that are rapidly dealt with. The big question is where is the West on this spectrum?
What is clear is that many organisations have not covered all the bases and use suspect comms and computing hardware. There is no evidence that proper certification has been applied.
Hardware Trojans are very problematical. Obvious Hardware Trojans such as tiny components placed in ethernet ports and unspecified wifi devices in solar panels etc. have indeed been found (although affected companies have denied some of these reports).
More sophisticated Trojans in microprocessors are tricky to locate. (Arduino style microcontrollers are all over modern kit). Ordinary tests will not expose the Trojan because they are designed to permit normal processor operations. Detecting variations in lithography between chips is very time consuming. It is even possible for adversaries to use dopant Trojans that look like the original spec under an electron microscope but function differently when triggered. The safest and cheapest solution is not to use components made in China in defence applications. That would also be good for Western chip producers.
Estimates of when an error corrected quantum computer with sufficient qubits to break 2048 bit cryptography vary. NIST says 2030 - https://www.ibm.com/think/topics/quantum-safe-cryptography - this article also discusses quantum safe, non quantum, cryptography as a potential solution. HOWEVER, it is in the interests of those making these estimates to up the fear level.
Senior Nurses may log into NHS systems from home. However, the recent ransomeware attacks on the Co-op, M&S etc. involved impersonating IT help desks to break into organisations. IT operations staff often work from home, especially on the night shift. SSH control of servers is fine unless your home computer is compromised..
But you could be right. The article mainly discusses risk and the apparent lack of precautions. The problem could be slight. There is another point: China would not activate most Hardware Trojans unless war were imminent because they would be revealed and China would lose all of its contracts and sales.
I am staggering unconvinced that our war aircraft are dependent on Chinese Arduino chips complete with defeat devices to confound all inspections and tests. If you have seen documents suggesting such, I suggest you consider those documents as possible misinformation.
I have seen NIST’s quantum computing predictions before. They made me think that someone was bucking for a budget. None of the anti quantum decryption methods I’ve seen yet have been particularly convincing either. It is too early to know how to defend against the highly exaggerated threat of quantum decryption.
Remote workers connecting to any corporate networks do so using corporate devices. Bring Your Own Device (BYOD) got knocked on the head years ago. Corporate devices are constantly swept for shitware like TikTok; if anyone has enough admit permits to install it (unlikely), they face disciplinary proceedings for doing so.
IMHO you make one very good point and one very bad one. Corporations are only investing in security when ignorant executives think they can’t get away with it any longer. I presume governments have given up on trying to persuade them otherwise, and I’d recommend we all follow Tobias Elwood’s advice and stock up with at least 72 hours worth of emergency supplies for likely outages
You make the rookie mistake of concentrating on the penetration step of the kill cycle. Penetration is easy, you just threaten an administrator’s family. Security depends far more on detecting criminal activity before the payload is delivered, and designing network components so that e.g. stores can still order when the stock system is compromised, and online transactions can be recovered and start operating again in the shortest times possible.
You just caught me 'in' between the charging the car and inspecting under the floorboards in the loft with an endoscope :) I should be watching telly with my wife. Anyway, I hope you are right. Fingers crossed.
I would like, at the very least, to see a National Firewall in place ASAP (inc. a deal with Musk etc. to only use specified and certified ground nodes for UK satellite Internet access - they can pay for this in return for not being jammed).
Valiant attempt, but you’re way outside your skills area here. I’m a recently retired cybersecurity analyst, so here’s my tuppence worth.
You’ve concentrated on hardware, at which China is the main threat. Chinese network kit has already been removed from government systems, and the low level chips involved in avionics have Western specifications and have been tested. It is unlikely they can even be shut down remotely.
Quantum computing is even further away than nuclear fusion, that is its unlikely to be realised any time in the next 20 years. If it gets closer, defences can be developed, meanwhile let the Chinese waste whatever resources on it they like, similar to us leaving US corporations to blow trillions trying to achieve Advanced General Intelligence using Large Language Models. Neither is happening.
Retaining cash - yes that’s a good idea. Also control every connection coming into the UK, although we don’t know to what extent that’s already happening. GCHQ is far better equipped than most people realise.
Last point, even the daft NHS is unlikely to allow nurses’ phones to join their networks.
The bigger cyber threats come from Russia and North Korea. This war has already started, and civilian onlookers have no idea how it is being waged.
You could be right. We have every possibility at the outbreak of a war from the entire Internet being shut down to a spate of conventional software attacks on civilian networks that are rapidly dealt with. The big question is where is the West on this spectrum?
What is clear is that many organisations have not covered all the bases and use suspect comms and computing hardware. There is no evidence that proper certification has been applied.
Hardware Trojans are very problematical. Obvious Hardware Trojans such as tiny components placed in ethernet ports and unspecified wifi devices in solar panels etc. have indeed been found (although affected companies have denied some of these reports).
More sophisticated Trojans in microprocessors are tricky to locate. (Arduino style microcontrollers are all over modern kit). Ordinary tests will not expose the Trojan because they are designed to permit normal processor operations. Detecting variations in lithography between chips is very time consuming. It is even possible for adversaries to use dopant Trojans that look like the original spec under an electron microscope but function differently when triggered. The safest and cheapest solution is not to use components made in China in defence applications. That would also be good for Western chip producers.
Estimates of when an error corrected quantum computer with sufficient qubits to break 2048 bit cryptography vary. NIST says 2030 - https://www.ibm.com/think/topics/quantum-safe-cryptography - this article also discusses quantum safe, non quantum, cryptography as a potential solution. HOWEVER, it is in the interests of those making these estimates to up the fear level.
Senior Nurses may log into NHS systems from home. However, the recent ransomeware attacks on the Co-op, M&S etc. involved impersonating IT help desks to break into organisations. IT operations staff often work from home, especially on the night shift. SSH control of servers is fine unless your home computer is compromised..
But you could be right. The article mainly discusses risk and the apparent lack of precautions. The problem could be slight. There is another point: China would not activate most Hardware Trojans unless war were imminent because they would be revealed and China would lose all of its contracts and sales.
I am staggering unconvinced that our war aircraft are dependent on Chinese Arduino chips complete with defeat devices to confound all inspections and tests. If you have seen documents suggesting such, I suggest you consider those documents as possible misinformation.
I have seen NIST’s quantum computing predictions before. They made me think that someone was bucking for a budget. None of the anti quantum decryption methods I’ve seen yet have been particularly convincing either. It is too early to know how to defend against the highly exaggerated threat of quantum decryption.
Remote workers connecting to any corporate networks do so using corporate devices. Bring Your Own Device (BYOD) got knocked on the head years ago. Corporate devices are constantly swept for shitware like TikTok; if anyone has enough admit permits to install it (unlikely), they face disciplinary proceedings for doing so.
IMHO you make one very good point and one very bad one. Corporations are only investing in security when ignorant executives think they can’t get away with it any longer. I presume governments have given up on trying to persuade them otherwise, and I’d recommend we all follow Tobias Elwood’s advice and stock up with at least 72 hours worth of emergency supplies for likely outages
https://sdpjim.substack.com/p/you-need-to-have-72-hours-of-emergency
You make the rookie mistake of concentrating on the penetration step of the kill cycle. Penetration is easy, you just threaten an administrator’s family. Security depends far more on detecting criminal activity before the payload is delivered, and designing network components so that e.g. stores can still order when the stock system is compromised, and online transactions can be recovered and start operating again in the shortest times possible.
You just caught me 'in' between the charging the car and inspecting under the floorboards in the loft with an endoscope :) I should be watching telly with my wife. Anyway, I hope you are right. Fingers crossed.
I would like, at the very least, to see a National Firewall in place ASAP (inc. a deal with Musk etc. to only use specified and certified ground nodes for UK satellite Internet access - they can pay for this in return for not being jammed).