::: nBlog :::
This week’s bombshell cybersecurity news about the US Department of Homeland Security (DHS) and other US government agencies penetrated by foreign hackers has some very important underpinnings what comes to overall situational awareness of networks and systems deployed in critical infrastructures.
It turned out that the breach was made possible through a mundane update server of SolarWinds, a reputable company who has delivered network monitoring software since 1999; a dear traditional software package -type competitor in network management who we also collect data from at many large customers.
The service and update channel to customer premises has always been one of the most scrutinized and thorny components in BaseN, which has also made it complex to use with multiple authorizations and other safeguards, in addition to extensive accounting and logging in place. Time and again we’ve contemplated making it simpler via automatic tunneling to a centralized gateway, but always deemed any central controller too vulnerable to be replicated or spoofed when the attacker has access e.g. to global routing, like most state-sponsored actors naturally do.
No connected environment is absolutely impenetrable when the attacker has sufficient resources. The BaseN defense philosophy, akin to our military roots, is to make any attacks as visible and expensive as possible by collecting and analyzing data also from all internal systems and networks, in paranoid proportions. The internal data is also stored in real-time in multiple data centers, which makes covering tracks for the attacker extremely difficult.