- July 25, 2019 at 04:19 #5099
In the realm of cyber security, the use of pens and paper is usually a sign that something has gone badly wrong, and that the victims of the attack – be it in the form of a hostile takeover, or the forced installation of malware or ransomware – are resorting to physical means as a last resort in the hopes of keeping operations going. As previously reported on these pages, an international Norwegian company which suffered a catastrophic ransomware assault was forced to trawl through decades of paper files in order to perform tasks which are now entirely in the province of automation, as well as bring in retirees who had worked for the firm before the days of machines labour.
Yet now, the use of anachronistic methods is being touted as an impenetrable line of defence against cyber threats. The concept came to prominence in the summer of 2018, when the local Alaskan government of Matanuska-Susitna suffered a cyber attack. However, office staff had practiced using pen and paper to resume operations in such an eventuality, and so daily operations were able to continue relatively unhindered. “Having these plans and being able to go to paper and pen and manual methods was very helpful,” Eric Wyatt, the Matanuska-Susitna Borough IT director said. “We could keep our doors open and continue to provide service to our citizens.”
This notion is somewhat out of step with conventional cyber defence doctrine, which dictates that cutting-edge attack software can only be prevented from having an effect by equally cutting-edge countermeasures. However, since 2018, the idea has gained traction; later that year, a US congressional hearing was directly advised to consider the scheme by Kevin Mandia, chief executive of the FireEye cyber security firm. “[Government agencies should be required] to develop and carry out continuity-of-operations plans that practice, even for just 24 hours, going without Internet connectivity while continuing critical functions,” Mandia said.
In response to Mandia’s address, Senator Maggie Hassan told The Washington Post: “Emergency preparedness including carrying out drills and real-life exercises can help save lives when terrorist attacks or natural disasters occur, and cyber attacks are no different,” Hassan said. “Both the public and private sectors need to conduct training, simulations and planning for cyber attacks — and drills to practice not having Internet access for 24 hours are worth considering.”
Just how seriously the US government is taking the suggestion is arguably best demonstrated by the fact that the National Security Agency, one of America’s principle intelligence agencies, is using ‘retro’ methods to secure critical national infrastructure (CNI) against cyber attacks. The employment of analogue and manual technology is to be introduced prior to the 2020 presidential election, the 2016 race having been plagued by accusations of foreign interference.
“This approach seeks to thwart even the most sophisticated cyber-adversaries who, if they are intent on accessing the grid, would have to actually physically touch the equipment, thereby making cyber attacks much more difficult,” said a press release as the Securing Energy Infrastructure Act, (SEIA), passed the Senate floor.
When introducing the bill in 2016, U.S. Senators Angus King (I-Maine) and Jim Risch (R-Idaho) said: “Specifically, it will examine ways to replace automated systems with low-tech redundancies, like manual procedures controlled by human operators.”
While the approach has its detractors, its effectiveness cannot be yet denied, despite the possible need for a return to hiring more manual labour. So far, the concept has been limited to US government application, but it is perhaps something alternative for cyber security firms in the private sector to consider.August 1, 2019 at 15:42 #5195October 28, 2019 at 00:29 #5738Anonymous
Precisely, finally an article that makes sense. I have argued this point many times, and believe that traditional and old fashioned methods are perhaps the best way to secure information and safeguard against possible cyber threats. At the end of the day, no matter how developed one’s countermeasures may be, individuals, corporations and governments always run the risk of being hacked by superior measures. Hence, a great way is to eliminate that chance altogether.October 28, 2019 at 02:07 #5740Anonymous
The fact is that the idea of using traditional and less tech and internet oriented means of maintaining delicate information is not really that safe either. It can be stolen, burnt, damaged, and tampered with either way. To me, this seems like a half measure. Instead, the aim should be to focus on being armed with right cyber security tools and hiring the right experts to prevent such catastrophic scenarios, like the one mentioned in the article. In the end of the day, the world is moving forward, and whoever can’t keep up, gets left behind or washed away.November 18, 2019 at 17:20 #6043
I am not sure where I stand on this, as the idea of literally putting pen to paper and storing away sensitive files of information does not directly appeal to me, for a number of reasons. The first of which, is that the information can be too vast to store and section properly, to the point it may just turn into a sea of documents. The second being, people can still physically still the info, hence it is like trading one threat for the next. Instead, I am a believer in being up to date on all cyber security fronts and keeping things digitalised. Yet, I understand that anachronistic methods may be suit those who feel themselves incapable of keeping up.November 21, 2019 at 23:32 #6110
I imagine going back to pen and paper can be a truly effective way of avoiding cyber threats if the party doing so does not feel adequately prepared to fend off possible online danger. It’s only logical; for what better way than to avoid having your sensitive information stolen from the web, than if it isn’t there to begin with! Still, no individual, organisation or government can be wholly dependant on manual methods, as it would take literally acres of land to store things manually, and people guarding over them, which can in fact be counterproductive. So, I believe striking a reasonable balance would be the best option.November 21, 2019 at 23:44 #6114
LinaMay, I agree with you entirely, as doing either all the way while neglecting one method is unwise. Going full manual can be a real hassle, one which could carry with it serious cost and time concerns. At the same time, being solely online carries the risk of all out loss in the case that the information on the servers is compromised.November 24, 2019 at 00:03 #6129
Using analogue methods is smart, but can be messy, as it could be the case that someone could steal those documents or they could be damaged or lost.November 25, 2019 at 21:49 #6149
Very nice article, one which I believe presents a reasonable and solid argument. Those who find themselves incapable of keeping up with the developing cyber field, a field that is growing in leaps and bounds, would do well to utilise manual methods in regards to storing sensitive and exploitable information. Yet, it cannot be done all the time, as it becomes a hassle. That is why it is still crucial to stay as up to date as possible in regards to cyber security.November 26, 2019 at 11:49 #6157
I agree with the sentiment of this article. Analogue and manual methods can be refreshingly safer and more secure in times like these where cyber criminals walk the earth in droves, and undertake dangerous expeditions at other people’s expense. It is specially useful in the case of governments. Still, in a time of modernisation, one cannot fall back into using manual methods completely, as it may prove counterproductive. That’s why cyber security is so important. If you’re too far behind, you may mistakenly find yourself hoarding stacks of documents of sensitive information, which will become more and more difficult to manage as they increase in size.
You must be logged in to reply to this topic.