INVITATION TO CYBERSECURITY 222 In Section 4.1.2.4 on supply chain attacks we mentioned the famous Turing Award lecture written by Ken Thompson called “Reflections on Trusting Trust.” Thompson’s point is that trust is inherent in computer security and can never be fully eliminated, but it should at least be acknowledged for the risk it poses. The principle of trusting trust states that trust relationships should be explicitly identified and examined so that they can be managed appropriately. The default, and easier, alternative is to ignore or downplay the levels of trust placed in others, but this leads to significant unacknowledged and unmonitored cybersecurity risks. Organizations depend on numerous trust relationships. They need to trust employees, customers, contractors, vendors, software, and hardware. This principle does not imply that these trust relationships are inherently bad, but only that they should be scrutinized and managed well. If there are ways to limit trust, similar to the principle of least privilege (see below), then those ways should be pursued. Measures should also be taken to verify trust—in other words, trust but verify. This means to the extent possible proper accountability and reviews should be in place to make sure that trust is not being abused. Trust is exercised whenever a person uses somebody else’s computer. As we saw in Section 4.1.2.3, keylogger attacks are easy to conduct. Could the owner of the computer be running a keylogger? If the computer is in a public space, is the organization responsible for it taking appropriate measures to prevent hardware-based keyloggers from being installed? Trust relationships also exist in technology on networks. In computer networks computers and devices typically have special access to other computers and devices on the same network. This trust can be abused by hackers because by gaining access to one computer, they can easily pivot to other computers and devices. For this reason, trust relationships on networks should be limited to only what is necessary, and additional authentication steps should be considered even if it poses an inconvenience. After examining some relationships, it may be the case that the trust relationship should be eliminated. For example, the United States has had a complicated trust relationship with computer hardware and software originating from China, an adversary of the United States. The United States government at different times has warned citizens not to trust certain devices or apps because they could be used to spy on Americans. China denies any wrongdoing, in essence saying, “trust us.” But because they have a motive to surveil United States citizens, and it is not generally possible to verify what they are and are not doing, one solution is to just reject this trust relationship, and the United States government has done just that on occasion. Individual computer users also maintain trust relationships that should be scrutinized. When online, users need to be careful about divulging personal information and details. When we provide personal information, we are trusting the person or organization we are sharing them with. Is this trust well-placed? Will they safeguard our information from
RkJQdWJsaXNoZXIy MTM4ODY=