Attacks/Breaches

3/31/2017
08:00 AM
Connect Directly
Twitter
Twitter
RSS
E-Mail
50%
50%

US Border Policy Shifts May Drive Changes in Laptop Security

In-cabin laptop ban and requirements to unlock devices for border patrol could have enterprises revisiting their on-device data policies.

The new travel ban enacted by the U.S. Department of Homeland Security for laptops in the cabin of flights from certain countries may have corporate risk managers revisiting policies about how road warriors handle data on laptops and mobile devices.

Enterprise employees may find that government actions won't just put a crimp on convenience but could also have heavy implications - from a regulatory and intellectual property protection perspective - when combined with growing powers of US Border Control to demand travelers unlock their devices for inspection. As things develop, large organizations doing international business may be facing a new minefield when it comes to device-based data portability in and out of U.S. soil.

At the bare minimum, experts believe this latest decree by the feds will bolster resolve for existing policies on endpoint security as worries about devices disappearing from checked luggage grows.

"It’s going to force people to actually implement and enforce the policies they have on paper," says George Wrenn, CEO and founder of CyberSaint Security, and a research affiliate MIT's (IC3) Critical Infrastructure Protection Program. He explains that most large organizations already have policies on device encryption, authentication and data storage to plan for loss or theft. "They're just not enforced," he says, "because people will carry their laptops and they're considered to be using other compensatory strategies to prevent the loss of intellectual property and data."

The question now becomes how to effectively enforce policies that have long been ignored, says Jonathan Gossels, president and CEO of SystemExperts.

"This is not rocket science.  We are talking whole disk encryption, good quality passwords or two factor authentication, and key management," he says.  "Blocking and tackling, but it has to be enforced by each company to be effective."

Nevertheless, even with the basic blocking and tackling in place, many organizations may still be squirrely about laptops with corporate secrets or customer data sets being parted from their caretakers into aircraft holds.

"Most organizations won’t feel comfortable with employees packing away their company-owned laptops and other IT equipment into their luggage, even if they are properly secured with encryption and passwords," says Richard Steinnon, Chief Strategy Officer of Blancco Technology Group. "So, I imagine that employees traveling to the countries included in this ban will likely be asked by their employers to not carry these devices with them. If they have to, they will likely be told to remove all non-essential data before they check in their IT assets in their baggage."

In some instances, simply leaving a corporate laptop unattended may already be against company policy. For example, warns Eric O'Neill, national security strategist for Carbon Black and a former FBI counter-terrorism operative, military contractors likely wouldn't be able to bring their laptops on affected legs.

"When traveling internationally, the rule of thumb is to keep all critical devices on your person - especially phones, laptops and tablets that have important information on them, or access to important or sensitive information," he says.

The travel ban is just one part of the equation. Even more troubling are the inspection rights that border patrol have increasingly been asserting with regard to devices, even those locked by their possessors.

"The long-term substantial impact is that key information may be exposed, unpredictably, and for no substantive reason, to inspectors who have no right to that access," says Mark Graff, CEO of Tellagraff and former CISO for Nasdaq. "This development may well open these companies to litigation exposure any inadvertent violation of data security regulations. It is only a matter of time before companies fined for violating federal standards take the federal government to court for forcing that violation with the new order inspection practices."

Both the laptop ban and the requirement of unlocking devices for inspectors throw up data confidentiality and integrity issues, explains Phillip Hallam-Baker, vice president and principal scientist at Comodo. However, the latter is a lot more difficult because there are few compensating controls.

“The laptop ban only affects a small number at present. Laptop searches by border protection is a much broader concern," Hallam-Baker says. "Currently, the main confidentiality control available is full disk encryption, though this does not help if a user can be ordered to unlock the device. And there is a real possibility other governments will follow suit. Whether the U.S. government could be trusted not to abuse data obtained in this manner is irrelevant if your laptop is being searched in Russia."

Many experts believe that this confluence of issues should be enough to convince organizations to update policies and address frequently traveling employees of the risks. Christopher Ensey, COO of Dunbar Security Solutions, urges extreme caution transporting any data at all on laptops, mobile phones or portable media over any border these days.

"The restrictions on what is allowed for inspection and seizure have become nearly impossible to track. The best practice is to take a vanilla device with you that can only connect to sensitive information via secure tunnels and strong authentication," he says. "Latency in faraway lands can be an issue, and frankly the experience isn’t all it’s cracked up to be for the end user. This is, however, the best way to ensure that data isn’t going to be leaked all over the place when crossing a border." 

Employees will lose the ability to access and work on information without internet access, but Morey Haber, vice president of technology for BeyondTrust, believes that this is the best policy for all organizations to adopt. He says that users and admins need to be mindful of managing connection configurations and security after an interaction at the border to be sure to keep the set-up fully secure.

"Whether the mobile device uses VPN or accesses the cloud to retrieve the data, being online to retrieve it and not store it locally, is critical to mitigating these risks introduced by the US government," he says. "In addition, if the device is accessed or copied, organizations need a prompt method to change VPN keys and passwords on those devices to mitigate the image compromised being leveraged against them as well."

Experts say that many organizations may already have derivations of this for travel to certain parts of the world. Wrenn explains that the practice of 'shaking' devices by shady authorities is a well-known practice.

"Companies should already be anticipating these scenarios," he says. "So I think there just may be a need to edit policies to make sure this new use case (at the U.S. border) is factored in."

Steinnon agrees.

"It has long been a best practice when heading to hostile environments to issue clean devices to traveling employees," explaining that organizations typically overwrite memory and load machines with fresh images both before and after travel to certain parts of the world. "Look for this practice to become more common and even for special device services to be built around this new need."

Related Content:

 

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
mariamartin
50%
50%
mariamartin,
User Rank: Apprentice
10/4/2018 | 6:39:26 AM
Re: Great
yeah it's great
Jurritvlag
50%
50%
Jurritvlag,
User Rank: Apprentice
6/29/2018 | 9:29:18 AM
Thanks a lot
Thanks for the great article!

 

https://www.allesoverbrillen.nl/welke-bril-past-bij-mij/
https://www.allesoverbrillen.nl/merkbrillen/lindberg-brillen/
https://www.allesoverbrillen.nl/oogproblemen/fotofobie/
https://www.allesoverbrillen.nl/nieuwe-bril-kopen-waar-moet-je-dan-op-letten/
https://www.allesoverbrillen.nl/brillentrends-2018/
https://www.allesoverbrillen.nl/merkbrillen/esprit-brillen/
https://www.allesoverbrillen.nl/merkbrillen/mexx-brillen/
Jeremyjackson
100%
0%
Jeremyjackson,
User Rank: Apprentice
4/27/2018 | 5:29:35 AM
Great
thanks for sharing such a great information...
 
newday2017s
50%
50%
newday2017s,
User Rank: Apprentice
4/7/2017 | 3:20:23 AM
Good reading post.
Hi Ericka,

This is a great reading post. I've learn many new things here. Thank for share it here!
newday2017s
50%
50%
newday2017s,
User Rank: Apprentice
4/7/2017 | 3:18:20 AM
Good reading post
Hi Ericka,

This is a great reading article. I've learn many new things from your post. Thank for your time.
marting123
50%
50%
marting123,
User Rank: Apprentice
4/6/2017 | 11:48:04 PM
Amazing article.
Really amazing article, although I am a newbie, but you shared me the best messages. Ericka, looking forward to your update :)
marting123
50%
50%
marting123,
User Rank: Apprentice
4/6/2017 | 7:58:19 PM
Great article.
Hi Ericka, every time I back for your article, I got many much very useful messages and knowledge from your posts, in this great platform, you shared me so many much information and kind information, haha, i am sorry i am not the expert of the subject, but I interest in it :) Looking forward to your great update again, thanks much!
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
4/6/2017 | 4:19:34 PM
Security
I'm with George Wrenn on this.  It'll force companies to do what they already should be doing.

At the same time, however, while I appreciate the security risks of people hacking into on board systems, I am not convinced this is the best way to solve the problem (especially because what can be done on a laptop can be done on a jailbroken mobile device).  I'd rather see better InfoSec in this environment, even to the point of lack of connectivity.  If the cost is no Wi-Fi for the two to four hours it takes to get to Atlanta, that to me is better than "you can't bring your laptop/device."
marting123
50%
50%
marting123,
User Rank: Apprentice
4/5/2017 | 10:54:23 PM
Amazing and professional article.
I really appreciate your great article here, very informative and useful, I am a newbie here, but I am very glad and pleasure to get your amazing post here, have you updated any articles else? I will be very glad to enjoy again...
marting123
50%
50%
marting123,
User Rank: Apprentice
4/5/2017 | 5:36:12 PM
Thanks for your great article.
Hi Ericka, I really appreciate your great article here, very informative and useful, I am a newbie here, but I am very glad and pleasure to get your amazing post here, have you updated any articles else? I will be very glad to enjoy again...
Page 1 / 2   >   >>
WSJ Report: Facebook Breach the Work of Spammers, Not Nation-State Actors
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/19/2018
6 Reasons Why Employees Violate Security Policies
Ericka Chickowski, Contributing Writer, Dark Reading,  10/16/2018
NC Water Utility Fights Post-Hurricane Ransomware
Kelly Sheridan, Staff Editor, Dark Reading,  10/16/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10839
PUBLISHED: 2018-10-16
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
CVE-2018-13399
PUBLISHED: 2018-10-16
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
CVE-2018-18381
PUBLISHED: 2018-10-16
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
CVE-2018-18382
PUBLISHED: 2018-10-16
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
CVE-2018-18374
PUBLISHED: 2018-10-16
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.