thwart the insider threat: a proactive approach to personnel security
TRANSCRIPT
10
Sharing with the Chinese“The U.S. attorney in Detroit…announced charges of stealing tradesecrets against three former employeesof an auto supplier, saying economicespionage stabs at the heart of theMichigan economy and is a growingpriority among his federal prosecutors.
The former employees of MetaldyneCorp., arraigned in U.S. District Courtafter a 64-count grand jury indictmentwas unsealed, are accused of stealing thePlymouth, Mich., company’s tradesecrets and sharing them with Chinesecompetitors. They each face up to 20years in prison and fines of up to
$250,000 if convicted. Metaldyne,which has 45 plants in 14 countries,makes a wide range of auto parts forengines, drivetrains and chassis systems.The company has annual sales of $2 bil-lion and about 6,500 employees.”(Trade-secret theft charged in Detroit,Baltimore Sun, 7-6-06)
retrofitting security controls has its placefor those businesses that suffer from lowfunding, impending regulatory require-ments or just plain old legacy systems thatare difficult to migrate from. They can, inthe short term, benefit from retrofittingsome controls into an inherently insecurearchitecture. There will still be holes butat least some will have been filled?
But retrofitting security into an inse-cure architecture design will, in all prob-ability, cost you far more in the longrun. A more effective way of securingyour system architecture is by designinga new secure architecture utilising a suit-able methodology, such as below:1. Project definition–assist with security
assurance elements.
2. Requirements – Business context &IT environment, security policy, etc.
3. Requirements – actors, roles, businessprocesses, use cases.
4. Requirements – assets & owners.
5. Risk management – initial counter-measures.
6. Derive security design objectivesfrom requirements.
7. Derive security domains.
8. Derive security sub-systems.
9. Derive component models for securitysub-systems.
10.Derive operational models for securitysub-systems.
11.Revisit risk management – analyseanomalous flow.
12.Assistance with security assurance.
However, a note of caution; Utilisingseparate processes for solution architectureand security architecture is not best prac-tice when designing a system. The securityrequirements of the system should beinterwoven into the very fabric of theoverall solution architecture. Adding endto end security, throughout the design,build, test and implementation will, with-out a doubt, provide the most secure,manageable and adaptable architectureupon which the entire corporation canrely on today and build on into the future.
See an optician and getthe full pictureIt is not prudent to be either an architector a security consultant if you are shortsighted. If you find yourself seeing thefuture as tomorrow then you need to have your “industry” eyes tested or renewyour spectacles’ prescription. In the past
security threats have been predominatelysingle-mode and easily eradicated with justone product being applied to an infrastruc-ture. However, over the past few yearsthreats have evolved and become blendedthreats. These threats can no longer be pro-tected against by buying an antidote to asingle illness. They require enterprise secu-rity architectures to be developed andincluded into system architectures to pro-vide long term, in depth protection andprevention measures to safe guard both thecorporation and the corporation’s clients.
The question of strategyBeing able to determine a range of actionsthat a corporation may need to take inorder to reduce risk to an adequate, or atleast financially acceptable level, dependswholly on the business needs of the corpo-ration and the value of the assets to be pro-tected. Your security strategy has to matchbusiness needs, not the latest securityflavour of the month technology ormethodology. Your security architectureneeds to be adaptable to match changingbusiness needs. So the old adage of ‘buildit in is better than bolt it on’ needs amend-ing. ‘Build it in but build it flexibly andwith an eye to the future’ perhaps?
Computer Fraud & Security July 2006
WAR & PEACE IN CYBERSPACE
Thwart the insider threat:a proactive approach topersonnel securityRichard Power and Dario Forte
As we all move deeper and deeper into the global economy of the 21st Century, the spectre of economic espionage grows larger and larger.
Consider some recent news stories from around the world:
Dario Forte Richard Power
11July 2006 Computer Fraud & Security
WAR & PEACE IN CYBERSPACE
Coca-cola“US authorities last night charged threepeople with a cloak-and-dagger scheme tosell secrets from Coca-Cola to soft drinkarch-rival PepsiCo, which helped in theinvestigation… The offer of ‘confidential’information from Coca-Cola sparked anFBI investigation with an undercoveragent offering $US1.5 million dollars incash. The investigation was launched afterPepsiCo turned over to its cola rival a let-ter in May from a person identifying him-self as ‘Dirk,’ who claimed to be employedat a high level with Coca-Cola and offered“very detailed and confidential informa-tion,” a US Justice Department statementsaid… According to authorities, an FBIundercover agent met on June 16 withDimson, who was posing as ‘Dirk’ atHartsfield-Jackson International Airport inAtlanta. Dimson gave the agent “a brownArmani Exchange bag containing onemanila envelope with documents marked‘highly confidential’ and one glass bottlewith a white label containing a liquidproduct sample,” the statement said… ”(FBI lays charges on Coke secrets, TheAustralian, 7-6-06)
Korean tech firms“About a half of Korea’s top technologyfirms have suffered from leaks in industri-al know-how one way or another over thepast three years, although the companieshave increased preventive measures, areport showed. According to the reportreleased the Korea Industrial TechnologyAssociation on Monday, 11 of 20 Koreanfirms that had invested the most inresearch & development have sufferedfinancial damage due to technology leaksin the past three years.
When taking into account smaller firms,20.9% out of 459 firms said that they suf-fered from industrial espionage cases dur-ing the period. The rate is 6.4% pointshigher than three years ago, meaning thatfirms have become more vulnerable totechnology theft… As Roh pointed out,about 65% of the reported cases werefound to involve employees from formercompanies. Only 18% and 16% of thecases involved current employees, and sub-contractors of the firms, respectively…
The survey was done on 459 firms within-house R&D departments.” (Cho Jin-seo, Half of Top Tech Firms Suffer Leaks,Korea Times, 6-19-06)
Chinese agents in Canada“Intelligence files reportedly suggest thatan estimated 1,000 Chinese agents andinformants operate in Canada. Many ofthem are visiting students, scientists andbusiness people, told to steal cutting-edgetechnology. An example being touted ascopied technology is China’s Redberry –an imitation of the Blackberry portable e-mail device, created by Waterloo, Ont.-based Research in Motion Ltd… Juneau-Katsuya said the former Liberal govern-ment knew of the espionage, but were tooafraid to act. “We didn’t want to piss offor annoy the Chinese,” said Juneau-Katsuya, who headed the agency’s Asiandesk. “(They’re) too much of an impor-tant market.” However, he argued thatindustrial espionage affects Canada’semployment levels. “For every $1 millionthat we lose in intellectual property orbusiness, we lose about 1,000 jobs inCanada,” he said. (Robert Fife,Government ‘concerned’ about Chineseespionage, CTV.ca News, 4-14-06)
Get the insidersAs we have written in previous articles,the theft of trade secrets and other intel-lectual property has evolved from indus-trial age espionage, which was focused onthe turning of insiders, to information ageespionage. Information age espionageallows for other less personal methods,such as hacking into networks and con-ducting sophisticated surveillance, and theseverity of the insider threat is often dis-proportionately emphasized in relation tothe severity of the outsider threat.Nevertheless, these four stories from theUS, Korea and Canada, underscore thefact that much illegal cyber activity, espe-cially economic espionage and trade secrettheft, is still predicated on, or instigatedby, insiders of one kind or another.
Over the years, we have both partici-pated in developing checklists of bestpractices for numerous industry workinggroups, and whole bodies of policies andstandards (all ISO-based, of course) formany clients.
Here, distilled from these efforts, aresome of the most important aspects of arobust personnel security program. And,although thwarting insider attacks ingeneral, and economic espionage in par-ticular, requires a comprehensive andmulti-dimensional approach, the estab-lishment and enforcement of personnelsecurity policies and standards is theessential starting point.
Top twenty questionsabout personnel securitycontrolsHere is a checklist of twenty-plus ques-tions that point to best practices:
1. Does the organization’s establishedpolicies and actual practices exhibit areal caring for the well-being, safetyand security of the work force? Ifthey don’t, how do you expect toelicit loyalty?
2. Does your organization offer com-petitive salaries and benefits packagesfor your industry and region? If not,there is extra incentive to cross theline into criminality.
3. Does your organization incorporatethe evaluation of an employee’s com-pliance with security policies, stan-dards and procedures into annualperformance reviews? There is nomore compelling way to communi-cate the importance of such compli-ance than to tie it to compensation.
4. Are all newly hired employees providedwith an introductory presentation onwhat is expected of them in regard tosecurity, and is it followed with period-ic reminders and appropriate training?And if so, are they required to sign-offon having received this training andacknowledging its importance? Suchmeasures go a long way in removingthe “I did not know I was breakingany laws or violating any corporatepolicies” excuse as either a legal defenseor psychological rationale. It also letsthem know up front that you are con-scious, and that you are watching.
5. Does your organization coveremployees responsible for handling
sensitive or secret information withsome sort of fidelity bond or otherinsurance?
6. Does your organization inquire intothe background of potential employ-ees (e.g., academic, personal and pro-fessional references) in more than justa rudimentary way? In other words,if there is something that doesn’t addup in the person’s stated job history,do alarms go off? Does your organi-zation go further with due diligenceon potential employees who will beentrusted with vital roles (i.e., solicitthorough, independent backgroundinvestigations).
7. Does your organization have an effec-tive way to promptly and efficientlyeliminate the user IDs (both cyberand physical) of people who haveretired, been terminated or hiredaway, or otherwise left the firm?
8. Does your organization issue tamper-resistant ID badges that include aphotograph, and a unique number(e.g., employee number), and requirethat they are worn by employees atall times?
9. Are business partners, vendors, third-party contractors, etc. who will beon-site for extended periods of timeissued and required, like all employ-ees, to wear tamper-resistant ID cardsthat include a photograph, and aunique number?
10.Does your organization conduct exitinterviews, with employees who arebeing terminated, to ensure that theperson returns all laptop computers,cellular telephones, smart cards andother equipment, as well as files(both paper and electronic), keys, IDbadges, etc. that are the property ofthe organization?
11.Are terminated employees immedi-ately escorted from the premises? Istheir network and information accessimmediately cancelled? Are they pro-hibited from returning physically orvirtually?
12. When employees take annual vacationsor are otherwise absent with minimalnetwork access, does your organization
take advantage of the opportunity toexpose unauthorized activity?
13.Does your organization providedetailed job descriptions, whichincludes an unambiguous statementconcerning related security responsi-bilities, to all employees who accessinformation systems or other com-munications resources?
14.Does your organization’s informationsecurity team have a mission state-ment, which has been published,made visible to all employees, and isendorsed by the executive leadership?
15.Is there a single individual withinyour organization who is responsiblefor information security throughoutthe enterprise?
16.Do your organization’s employees,and other responsible individuals,e.g., third party contractors workingon-site, know how to properly reportsecurity vulnerabilities, suspiciousbehaviour or possible breaches of lawor corporate policy?
17.Is your organization willing to seekthe prosecution of employees, or oth-ers, who it believes to have con-sciously committed a crime?
18.Does your organization maintainadequate expertise on staff (estab-lished via training, professional certi-fications, etc.) to provide executiveleadership and investigative authori-ties with actionable information con-cerning activity on its networks andinformation systems?
19.Have all your employees and relevantthird-party personnel signed confi-dentiality agreements, and are copiesof these agreements maintainedappropriately?
Guidelines for background investigationsHere are some excerpts from guidelines,policies and standards developed for aglobal organization with a work force ofover 100,000 people and offices in over100 countries.
First, we will explore backgroundinvestigations, and then we will go into
termination procedures. It is vital tohave controls in place for both processes
Background investigationsXYZ Personnel screening – XYZ humanresources should perform backgroundand verification checks on perspectiveXYZ employees prior to offer of employ-ment. These checks should include allof the following permitted under locallaw: validation of employment, confir-mation of education, review of criminalrecords, validation of identity, verifica-tion of work permits (if required), verifi-cation of business references, review ofregulatory agency sanctions, and evalua-tion of possible conflicts of interest, etc.
XYZ leadership screening – XYZhuman resources should perform addi-tional background and verification checkson perspective candidates for senior man-ager, director, vice president or other lead-ership position in addition to thosechecks required for all personnel. Thesechecks should include all of the followingpermitted under local law: verify profes-sional licenses, review of civil litigations,review of liens and judgments, and reviewof adverse media coverage.
Contractor screening – XYZ humanresources should require third party con-tracting companies to provide proof ofadequate background checks on all per-spective contractors prior to their assign-ment to work on XYZ engagements orwithin XYZ facilities. This proof shouldbe consistent with background checksrequired for perspective XYZ employees.
Personnel security policies on backgroundinvestigations1. Offers of employment are contingent
upon completion of a satisfactorybackground check. Any false state-ment, misrepresentation or omissionof fact as to education, prior employ-ment, or any other relevant informa-tion concerning an applicant’s oremployee’s background and informa-tion which discredits an applicant’s oremployee’s integrity, are grounds forrefusing to employ, or for terminat-ing, the individual involved, regard-less of when discovered.
12Computer Fraud & Security July 2006
WAR & PEACE IN CYBERSPACE
July 2006 Computer Fraud & Security13
WAR & PEACE IN CYBERSPACE
2. Human resources is required to followlocal laws when it performs verificationand background checks on employ-ment candidates. Any check thatwould violate a local law or regulationis prohibited. In addition, no officeshould be expected to perform anycheck that is not relevant or feasiblewithin its country of operation.
3. Human resources should perform veri-fication checks on all employment can-didates before offering employment. Ifsuch verifications cannot be performedprior to offering employment thenthey are required to perform verifica-tions no later than when the offer hasbeen accepted and the candidatebegins to provide services for XYZ. Alloffers of employment are contingentupon the successful completion of theverification checks.
4. Human resources should performbackground checks on all employmentcandidates regardless of:
• Expected length of employment –permanent, temporary, intern.
• Employment status – full-time orpart-time status.
• Background – students, experi-enced hires, rehires.
• Role – client-service, non-clientservice.
• Grade – non-professional, profes-sional, management, executive.
5. Human resources should performappropriate verification checks on allemployment candidates, whichshould include:
• Employment – validate employersfor the last 10 years or previoustwo employers. Verify dates ofemployment and positions held.
• Education – confirm universitylevel education, degrees and acad-emic performance.
• Criminal records – determine ifany convictions or pending con-victions for criminal activity,excluding expunged or sealedconvictions.
• Identity – validate identity throughidentity card, tax ID, passport, orequivalent verification.
• Work permits – verify requiredwork permits.
• Business references – verify threebusiness references or three academic references for recentgraduates. Gather professionalismand performance information.
• Regulatory agency sanctions –determine if any sanctions, disciplinary measures, or restrictions have been imposed by government agencies.
• Conflict of interest.• Nepotism.• In addition, human Resources
should request the followinginformation from prior employersof all employment candidates:
• Verify salary, bonus eligibility,bonus received, reason for leaving,performance, attendance, and anyother relevant information freelygiven by the applicant
6. In addition to those verificationsrequired for all employees, humanresources should perform moreextensive verification checks on allcandidates for senior positions,from manager and director to exec-utive, which may include, but notbe limited to:
• Professional licenses – verify pro-fessional certifications and licens-es and status of licenses. Identifyany disciplinary actions.
• Civil litigation – determineinvolvement in previous or ongo-ing civil litigations relevant toposition.
• Liens & judgments – determineif liens have been instituted orjudgements imposed by govern-ment agencies.
• Adverse media – determine if men-tioned in adverse media coverage.
• Credit–review credit history forsigns of excessive debt, bankrupt-cies, repossessions, foreclosures,incomplete tax filings, etc.
7. XYZ should identify other sensitivepositions that require additional back-ground investigations, and provide thislist to human resources and outsiderecruiting groups to ensure consistentimplementation of background checksfor candidates seeking positionsdeemed. Such positions include jobs
with a greater ability to commit fraud,jobs with access to information aboutkey leadership or initiatives that couldbe used in blackmail or industrial espi-onage, or jobs that control or adminis-ter mission critical systems, databases,equipment, or facilities. Examples ofsensitive positions include systemsadministrators, database administra-tors, accounts payable staff, executiveassistants, facilities managers, andhuman resources managers. The fol-lowing minimum checks should bemade in addition to those required ofall candidates:
• Civil Litigation – determineinvolvement in previous or ongo-ing civil litigations.
• Adverse Media – determine ifmentioned in adverse media cov-erage.
• Credit – review credit history forsigns of excessive debt, bankrupt-cies, repossessions, foreclosures,incomplete tax filings, etc.
Employee terminationstandardsWell, if you are successful in the imple-mentation of the background investiga-tion guidelines, perhaps you won’t havemuch need for the termination guide-lines, but we would suggest you applythem every bit as assiduously wheneveryou are terminating an employee.
Termination actions foremployees that mightrespond in a hostile manner to terminationstandardsXYZ organizations responsible for net-work and systems access (for example,systems administrators, human resourcemanagers, and so on) should be immedi-ately notified as soon as a XYZ employeethat might respond in a hostile manneris terminated. These organizationsshould then immediately modify theaccess controls to remove all access forthe terminated employee, including dis-abling user IDs, dial-in capabilities,voice mail, and so on.
Computer Fraud & Security July 200614
WAR & PEACE IN CYBERSPACE
XYZ human resources or other respon-sible organization should ensure thatapplicable third parties are notified of aXYZ employee termination for XYZemployees that might respond in a hostilemanner if that employee had authority todirect contractors, consultants, tempo-raries, or to bind XYZ in purchases ortransactions.
Terminations of XYZ personnel whomight respond in a hostile manner inpositions supporting or managing infor-mation access controls should immedi-ately be relieved of their job responsibili-ties and return all XYZ equipment andinformation at the time of termination.They should also be escorted at all timesuntil they are out of the XYZ facilities.
Terminations of XYZ personnel whomight respond in a hostile manner shouldoccur in the presence of security, humanresources, or other authorized personnel.Terminated personnel should immediatelypack their personal belongings in the pres-ence of this individual and should beescorted out the door. Terminated per-sonnel should not be allowed to re-enterthe building unless approved by appropri-ate XYZ management. In any case, ter-minated personnel should be escorted atall times while within the facilities.
XYZ information andasset retrieval standardsTerminated XYZ personnel should notretain, give away or remove from XYZpremises any XYZ information other thanpersonal copies of public information andpersonal copies of correspondence directlyrelated to the terms and conditions oftheir employment. All other XYZ infor-mation belongs to XYZ and should begiven to the worker’s immediate supervi-sor at the time of departure.
Terminated personnel should return allXYZ property and information at the timethe employee, consultant, contractor, orany other type of personnel, terminates therelationship with XYZ or at a time desig-nated in the XYZ human resource policyand/or employment contract. Thisincludes portable computers, handhelddevices, VPN tokens, library books, docu-mentation, building keys, magnetic accesscards, credit cards, and so on. Terminated
individuals should inform managementabout all XYZ property they possess, aswell as all computer system privileges,building access privileges, and other privi-leges that they have been granted. In addi-tion, XYZ facilities and information tech-nology departments should review assetinventories and access control lists to makesure that all XYZ property assigned to theterminated employee has been returned.XYZ management must approve anyexception to this standard.
Terminated personnel should return allclient, vendor, or other third party proper-ty and information to XYZ managementor human resources at the time theemployee, consultant, contractor, or anyother type of personnel, terminates therelationship with XYZ or at a time desig-nated in the local XYZ human resourcepolicy and/or employment contract. Thisincludes portable computers, handhelddevices, VPN tokens, library books, docu-mentation, building keys, magnetic accesscards, credit cards, and so on. Terminatedindividuals should inform managementabout all third party property they possess,as well as all computer system privileges,building access privileges, and other privi-leges that they have been granted. XYZmanagement must approve any exceptionto this standard.
Terminated personnel who have negoti-ated to keep XYZ assets after terminationshould return asset to the XYZ informa-tion technology department for decom-missioning prior to departure. The XYZinformation technology departmentshould decommission the asset in accor-dance with the computer and generalequipment disposal standards.
Access revocation standardsTerminated XYZ personnel should have alltheir physical security and systems securitydisabled, deactivated, or revoked as soon astermination occurs. If employment con-tracts or local human resource policiesallow for continued access after termina-tion, then continued access should be lim-ited to those systems and facilities explicit-ly identified in such policies and/or con-tracts. In addition, physical and systemsaccess should be disabled, deactivated, or
revoked as soon as the conditions foundwithin the local human resource policy oremployment contract have been met.
Terminated XYZ personnel shouldhave all access rights to XYZ restrictedareas revoked or removed immediatelyupon termination. This may include theneed to change locks, cipher keys, accesscards, proximity cards, and so on.
XYZ systems and network administra-tors should change all common systempasswords known to terminated XYZ per-sonnel immediately upon termination.
Audit and review ofemployee terminationstandardsXYZ managers should review and docu-ment computer files and paper files imme-diately for terminated employees to deter-mine who should assume custodianship ofinformation items that are still necessaryand to determine which information itemsshould be deleted or destroyed. The termi-nated employee’s manager should prompt-ly reassign the terminated employee’s jobresponsibilities and file managementresponsibilities as applicable.
XYZ information technology depart-ments should delete all files that wereused by a terminated XYZ employeefour weeks following termination exceptfor the files that management has identi-fied as necessary for continuing jobprocesses or other valid business reasons.
If the XYZ terminated employee was asystem or network administrator or hadthe ability to grant or revoke access toXYZ resources, then the appropriateXYZ manager should perform an auditto ensure that the terminated employeedid not create additional accountsand/or backdoors.
If the XYZ terminated employee hadknowledge of system passwords forclient systems, then the XYZ projectmanager or other responsible personshould inform the client and/or see thatthe passwords are changed.
Management actionsWhen a XYZ employee gives notice oftermination, the employee’s manager inconjunction with human resourcesshould ensure:
Secure Blue also has a wider objec-tive, to take hardware security as awhole and not just encryption one stepfurther still, by running it in themicroprocessor. Until recently it wasnot technically feasible to embed secu-rity in chips designed primarily forgeneral processing or other dedicatedfunctions. In this sense it can be seenas the next move in the debate overhardware versus software security, withthe former offering greater protectionand performance, while the latter ismore flexible and better able toembrace emerging techniques. Thedebate, such as it is, could soon beirrelevant, with the core processes of encryption and authentication performed on-chip, leaving securitymanagement and policy enforcement
July 2006 Computer Fraud & Security15
MOBILE SECURITY
1. XYZ employee returns all XYZ prop-erty before leaving XYZ.
2. XYZ employee returns all client, ven-dor, or other third party property toXYZ so it can be returned to thethird party.
3. All XYZ administrators handling thecomputer and communicationsaccounts used by the XYZ employeeare notified of the impending termi-nation so they can plan to removesystems access and all other work-related privileges for the terminatedemployee upon the date of termina-tion or other date specified in localhuman resources policy and/oremployment contract. Such notifica-tion should include notifying XYZinformation technology organization.
The technology supportfor internal investigationsI do not come from the UK, nor the US,but I live between those countries, and Iwas pretty interested by a recent articlethat I saw in the press… It seems that inthe UK somebody used US forensic soft-ware to search for illegal behaviours…
Scotland Yard has begun a comprehen-sive Whitehall trawl for deleted emails heldon government computers as part of its
investigation into the ‘cash for peerages’scandal, the Guardian reported.
According to the press, theMetropolitan police in charge of the inves-tigation are hoping the search will help toestablish if there is an electronic paper traillinking the offer of loans to honours.
Scotland Yard has discreetly boughtspecialist software for the task. The pro-gram, which has already been used for amajor corruption inquiry in the US,scans computer hard drives and will flagto officers exchanges between civil ser-vants across Whitehall, includingDowning Street, that have been deleted.
So the question is: what is this soft-ware? But Encase Enterprise, of course.And it seems also that it is working pret-ty well… now I know what some of youreaders are thinking: Why don’t you useit also for the Italian football scandal?The answer is simple, there is no scan-dal! Meanwhile I think that we are fac-ing a new era of forensic and digitalinvestigation related to the insider threatcontrol. Somebody could call it ‘forensicon demand’ I would like to call it‘extended digital investigation’. Toolssuch as Encase Enterprise, Prodiscoverand so on are very powerful and can bevery useful in these cases, but the ques-tion is: how much is the investigativecommunity is ready for that model?
We had a workshop in Italy a coupleof weeks ago about this. People werevery impressed from the power of thesetools. Most of them declared that theyare planning a budget for the technology,others no, because of (potential) privacyproblems… but actually I think that it isjust a matter of culture, and if these kindof tools can help in finding the truthespecially for ‘not so clean politicalbehaviours’ why not?
We suggest that our readers get a blendbetween the organizational tips we gaveand the technology we just talked about.Only in this way will it be possible to mit-igate a distributed threat: simply with dis-tributed countermeasures.
About the authorsRichard Power (www.wordsofpower.net)isan internationlly recognized authority oncyber crime, terrorism, espionage, and soon. He speaks and consults worldwide.Power created the CSI/FBI Survey and hisbook Tangled Web is considered a must. Dario Forte (www.dflabs.com) is one of theworld’s leading experts on IncidentManagement and Digital Forensic. FormerPolice Officer, he was Keynote at BlackHatbriefing and lecturer in many Worldwiderecognized conferences. He’s also Professorat Milan University at Crema.
Is on-chip securitythe answer formobile devices?Philip Hunter
IBM’s Secure Blue on-chip encryption technology launched in April 2006represents an attempt to take hardware security one step further, bymaking it integral to microprocessors rather than implemented via dedicated chips on a motherboard or larger processing unit. It is aimedespecially at mobile devices, which have yet to be attacked with anygreat force by the hacker, virus writing or cybercrime communities, having until now posed too diffuse and unrewarding a target. This isbound to change with greater standardisation of mobile device operating systems, and more interactive applications.
Philip Hunter