Be aware of your surroundings … if we could only tell our packets that and as good stewards of information help them do just that in the public internet space. To often I see organizations with brilliant analysis and mappings of internal communication mediums. In fact, ENISA just released a guidance on identifying critical infrastructure and dependencies (you can find my analysis and corporate guidance shared online here), and shared the below diagram. See a gap in the concept? It is that huge grey circle on the bottom, the internet itself!
Image from ENISA Report
Organizations must develop and implement insight and information security (or Cyber if that is your field) intelligence about these pathways. There are many key reasons to do so, but to highlight just the top three:
- Savings – the more efficient we are at transferring information the better (so ensuring the most direct and immediate transfer is a network operations ownership area). As an example: financial institutions pay to be closer to the exchanges to gain a milisecond advantage in their trade orders; Major search engine companies set up their data centers at close to internet hubs as possible)
- Integrity – Where your company data transits is key to ensuring the information is manipulated prior to being delivered. Therefore monitoring and verifying (all easily automated, but rarely done) the traveled path of data packets to destinations is key. As an example – orders to your supplier could be modified or simply never delivered and the JIT operations are now shut down.
- Espionage – The pathway of traffic has in certain cases been redirected to various ISP and nations, i.e., 2 times ALL of U.S. internet traffic was diverted to China. (In this 300+ page report (PDF), the US-China Economic and Security Review Commission provided the US Congress with a detailed overview)
Please consider these external dependencies and leverage automation to ensure active monitoring to protect your intellectual property and optimize business operations for fantastic customer experience.
Here is a good example simply showing how obvious this can be (green = normal/expected; Red=”odd”):
Below are 3 article highlighting a public event in 2010 and then again in 2014 where internet traffic was ROUTED to China.
- Russia’s domestic Internet traffic mysteriously passes THROUGH CHINESE ROUTERS … Ars Technica, Nov 9, 2014
How China swallowed 15% of ‘Net traffic for 18 minutes | Ars … Ars Technica, Nov 17, 2010 – In April 2010, 15 percent of all Internet traffic was suddenly diverted …
Nov 26, 2010 – An 18-minute diversion of Internet traffic through China has raised security concerns around the world — especially for governments and people …