Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

12/5/2008
11:08 AM
Rob Enderle
Rob Enderle
Commentary
50%
50%

Is Obama's Mac A National Security Risk -- And Will He Be Allowed To Keep It?

There was a lot of focus a few weeks ago about whether President-elect Obama was going to be allowed to keep his BlackBerry. The discussion seemed kind of silly given how many BlackBerrys are in wide use in the U.S. government. However, you may recall that a foreign national stole a couple a few months ago, which certa

There was a lot of focus a few weeks ago about whether President-elect Obama was going to be allowed to keep his BlackBerry. The discussion seemed kind of silly given how many BlackBerrys are in wide use in the U.S. government. However, you may recall that a foreign national stole a couple a few months ago, which certainly raised the security profile for these devices.

So what about Obama's Mac?The vast majority of remedial security solutions currently in use by the federal government run on Windows. In addition, the government is one of the most aggressive users of Trusted Platform Modules to ensure the protection of the data and the integrity of the system's network connection. Absolute Software (LoJack/Computrace for PCs) is also in wide use for PC tracking. Government PCs generally have smart card readers to secure them, and some use biometrics, but Apple machines typically don't allow for either. Finally, management tools are widely used to do things like ensure USB ports can't pass data to USB keys and that any laptop brought into a secure organization isn't a carrier for malware that could compromise the security of that unit. The vast majority of the tools used to do all of this simply don't run on the Mac OS. Many require hardware components like the TPM, which aren't installed in Mac hardware and can't be retrofitted. Macs, while perceived as more secure than Windows, are commonly used as carriers for malware because they generally don't run malware scanning software. I'm writing this at a meeting with a bunch of desktop IT analysts from a variety of firms, and the consensus is that on the first day of the job someone will quietly take Obama's PC and promise to give it back to him when his term of office expires. I'm not so sure -- the guy will be President after all -- and think that he may instead order them to find a way to fix the problem. Will The New President Be Allowed To Use A Mac?

I'm going to disagree with my peers and suggest that rank has its privileges; I expect Obama will eventually be allowed to use his Mac. I base this on my experience at IBM, where we hired a CEO for the storage division during the OS/2 years, and he was allowed to create a little Mac island for himself and his admin. I figure if someone who wasn't the CEO of IBM could bring in a competitive product that violated a massive number of policies, then the vastly more powerful U.S. president could get a variance allowing him to bring in his beloved Mac.

So how will he or one of his people solve this problem?

There is antivirus software for the Mac, and custom scripts can be created to scan and ensure his exception machine when it connects to the network. Card readers and biometric readers can be added as peripherals. It isn't pretty, but it can be done. An equally secure RSA token solution also can be used on his machine (some parts of government do this today). The problem is the Absolute Software requirement and the TPM, neither of which can be retrofitted.

Now I think they can accept the Absolute product and put a physical tacking technology onto Obama's notebook. The Targus DefCon 1 laptop lock and alarm might be adequate, if used properly, to mitigate the theft risk, but it isn't as comprehensive as Absolute. However, I'm sure they have more advanced tracking devices they can get from the NSA, FBI or CIA that are even more effective at tracking than the Absolute. Granted, they are likely more expensive, but given the value of what is on this laptop, I'm sure the cost can be justified. The TPM is a bigger problem because it is one of the key components to ensuring the laptop's drive can't be pulled and compromised. So remote the data. There are few places Obama will be where he won't have a secure data connection available to him. All his organization has to do is find a secure way to connect his laptop to it (clearly some care will need to be taken here). If no critical data resides on the laptop, then the risk of loss is effectively mitigated and could be the first implementation of what is effectively a diskless Mac. Of course, they could also call Apple and quietly suggest it put in and enable its notebooks with a TPM. I'll bet even Steve Jobs will take a call from the U.S. CTO or president. (If it were my laptop I'd be tempted to make this call myself.) Having a technology-using president will force a number of changes. One of these changes may be ways to better integrate Macs into both government and business. Unfortunately, I doubt they will share this solution with us. but given how many things leak out of the government I expect it won't be long before someone figures this out and posts it. Who knows -- they may even share the information to help others in similar situations given that this new administration is promising more transparency.

Granted, they may have to solve the Zune vs. iPod questionfirst.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
Unreasonable Security Best Practices vs. Good Risk Management
Jack Freund, Director, Risk Science at RiskLens,  11/13/2019
Breaches Are Inevitable, So Embrace the Chaos
Ariel Zeitlin, Chief Technology Officer & Co-Founder, Guardicore,  11/13/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2011-2916
PUBLISHED: 2019-11-15
qtnx 0.9 stores non-custom SSH keys in a world-readable configuration file. If a user has a world-readable or world-executable home directory, another local system user could obtain the private key used to connect to remote NX sessions.
CVE-2019-12757
PUBLISHED: 2019-11-15
Symantec Endpoint Protection (SEP), prior to 14.2 RU2 & 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to 12.1 RU6 MP10d (12.1.7510.7002), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt t...
CVE-2019-12758
PUBLISHED: 2019-11-15
Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to an unsigned code execution vulnerability, which may allow an individual to execute code without a resident proper digital signature.
CVE-2019-12759
PUBLISHED: 2019-11-15
Symantec Endpoint Protection Manager (SEPM) and Symantec Mail Security for MS Exchange (SMSMSE), prior to versions 14.2 RU2 and 7.5.x respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software applicat...
CVE-2019-18372
PUBLISHED: 2019-11-15
Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.