Last Friday I attend a talk by Mark Anderson, Futurist and analyst with a 93+% success records for forecasts over the last decade (you can hear him on the BBC on Jan4,2011). The key item is that nation’s wealth comes from intellectual property, the knowledge (to produce goods) that other nations do not have. His concern is that the US is loosing it’s IP to other nations, China specifically – who does not protect foreign IP very much. When Boeing has to share it’s technology to get sales – it leads to a rather large hole in the foot.
A few years ago I was attending a security conference at the National Institute of Standards and Technology and heard that it was normal for most military firms to apply crazy glue to USB and firewire slots on every PC (forget about DVD or C D Burners). When I was teaching at NSB Bangor, one could not (legally) take a phone with a camera onto the base. With today’s technology, the amount of disabling is even more:
- No USB or Firewire to prevent IP from being transferred to removable storage
- No bluetooth because with smart phones, you can move data to the phone
- No WiFi because many mobile phones can act as hotspots and with a clever trojan in an app (like one downloaded for free), the app can proceed to scan the local PCs and upload data to servers in Russia (for Identity theft) or China (or IP theft)
There is a major dilema facing business: how to protect IP. Protecting IP from theft by competitors in the US is easy – the courts. When dealing with China this option disappears. It can be done – the key is to spell out strict security with ZERO tolerance for failure. It may mean that everyone must surrender every smart phone at reception and having the internal interwork having zero access to the real internet – not even through a proxy.
Ok – you say that’s one big hassle – well, so is having no IP left and thus no wealth. One of the rumors that I have heard off and on for a couple of years is that some chips made in China has built in Trojans. Code burnt on the chip that access the computer bus and attempts to connect to the internet once a month or year. Allegedly, the response may execute more code to run. This is a particular concern with China’s PLA (Army) businesses selling cut-rate internet routers (with foreign IP property) to Europe and trying to get into the US market
Whether these rumors are true or not is actually moot. If it was done, how could anyone detect it? If it was done --- then the US and Europe would be sitting with a massive 5th column embedded across all of the critical financial and corporate systems…. Is it hard to do this? Nope – very easy to hide 30K of code on most chips…