Security is found off-line

June 17, 2013

More than a decade ago, I ordered a book from a publisher specializing in technical books. I then received notice that my credit card information, along with hundreds of others, had been compromised by an Internet hacker who had penetrated the publisher's computer files.

Yet I had placed my order by phone. There was no need to involve my order with the Internet.

From this, I learned a lesson not yet learned by many: Sensitive information should not be stored on any computer connected to the Internet, directly or indirectly. Any corporation of any size needs to have an intranet not connected to the outside world. This single step would have preserved my information, and the plans of the F35 fighter, and the security of the Iranian nuclear centrifuges. So how is Internet-based business and communication to be handled? There are multiple solutions.

My father (a career U.S. Army officer) told me that there was no such thing as perfect security. The objective is to make finding your secrets very difficult and very expensive, in the hope that some of them at least would be preserved. But security measures are themselves inconvenient, difficult and expensive. They are the price of doing business in a wired world.

A first step is to adopt less popular and therefore inherently more secure systems software. This means Linux instead of Windows, Apache instead of IIS. No one ever hacks my computer or plants a virus in it. And I have no anti-virus software.

Or a custom set of operating system and Internet host software could be developed and kept secret for use only by certain government offices. A merchant doing business via the Internet could set up a system whereby every order is immediately printed out in a standard format. As soon as the order data was in queue for the printer, the original data would be deleted. The printed orders would then be scanned into a scanner attached to the local intranet. An OCR program would translate them back into a data file. This system is a bit awkward but it is near 100 percent safe from hacking via the Internet. A hacker would have to intercept every order as it was completed. And the internal delay is minor.

An aerospace company could and should store all its blueprints and other classified data on a local intranet. If any of them needed to be shipped to another branch, another company or the DOD, paper or microfilm copies could be shipped via the U.S. Postal Service or by private courier.

There is always the human element. Those who have access to secret material could always compromise that material. This means that the eagerness of NSA and others to get the brightest young minds needs to be tempered by security concerns. And large organizations need not a single intranet but several, sealed off from each other.

Communications to and from field installations of the military and the U.S. State Department could be accomplished by courier pouch. Electronic means should be reserved for true "flash" messages in times of crisis.

Security is everybody's business. Abandoning the great convenience of the Internet to a degree is the price we must pay.

John Culleton, Eldersburg

Baltimore Sun Articles
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.