"Putting on the Game Face" |
I find it hard to believe that sensitive research facilities are getting hacked. There is a simple way to prevent this from happening. In a nutshell it involves a facility with an upstairs operating space and a basement with the SECURE server. The basement is not hooked to the internet. Each day a worker takes an elevator to the basement and picks up a working (floppy) disc of the compartmented project he is working on. The disc has only that information needed for the day's work. The upstairs computer can (if necessary) be connected to the internet with all the attendant state of the art security software that is available. Then again it may not, the point being that the working disc is separated from the source data base in the basement. At the end of the workday the disc is returned to the basement. There is no storage of the data allowed upstairs overnight. In the basement is the secure server which has no connectivity to the internet. This server takes the work done upstairs and updates the mainframe. The floppy that can be taken upstairs, has a limited capacity for data. A supervisor at the basement level oversees the limited information the worker can take upstairs. The worker can only access source data related to their project and only in a quantity needed for daily tasks. What this does is very simple. A hacker has no access to the unconnected data stored in the basement. Neither do they have access to the working data on the first floor because there is no data storage allowed at the upper level. Thus a hacker would have to break through the fire wall of the upper level, as the work was taking place, or find nothing on the drives to hack into assuming that they were successful at penetrating the first line of defense. Information to update the basement servers with other regional and national servers across the country would be provided by a human courier service with a route that insured daily updates. One could probably get away with UPS, FEDEX or the US Postal Service for the deliveries. The information on the update parcels would have little meaning in their limited context. If the Government is serious about security, this type of design renders hacking impossible. |