Security professionals have often cautioned organizations who allow their employees to bring their own mobile devices and then plug them into the network. Infosec pros will also try to drum in the need for certain precautions that have to be taken in these instances.
There are no shortage of stories of how things can go wrong when an employee plugs-in infected hardware. Just a few months back we heard so many stories about attacks via USBs found by employees in parking lots that were then plugged in and infected workstations syphoning data back to the attacker.
Sometimes however, you come across a very peculiar story. While researching material for an article, I came across a story of how in 2008 a virus infected a network on-board the International Space Station (ISS). What is even more interesting is that NASA when reporting on what took place also announced this wasn’t time the first it happened, even though they did continue by saying it’s not something that happens frequently.
Now it’s important to point out that the International Space Station (ISS) has no direct internet connection which essentially means the only way for malware to make it on-board is through devices the astronauts take on the ISS themselves. In this particular case, the culprit is thought to be an infected USB stick. Obviously the computers on the ISS aren’t any different than computers down on earth so them getting infected isn’t really unusual. What is unusual however is how this was allowed to happen. Managing a space station is a meticulous process. I imagine strict controls are in place, which are firmly enforced, and designed to avoid such a scenario. However it still happened, and more than once.
So how is this possible? Something I often like to point out is that security is all about your weakest link. You could have a sea of security controls but if a single one of those control fails it could be enough for the whole system to crumble, no matter how well the rest of the security protocols are implemented.
This is especially tricky when people are involved. No details have been released on what went wrong but it is possible to make some educated guesses based on information provided by this article. The article notes that NASA are now “working with Russians (and other partners) regarding ground procedures to protect flown equipment in the future.” Needless to say this suggests a lack of policy and controls may have played a part on how the malware was allowed to travel to the space station in the first place.
The statement continued by saying that “most of the IP laptops and some of the payload laptops do NOT provide virus protection/detection software.” There is probably a very good reason why this is the case and if I had to take a guess I would say it is most likely to save power. It is not that an Anti-Virus solution uses a great deal of energy but it most definitely increases consumption and on the International Space Station I would assume electricity is a premium resource and thus consumption needs to be kept to a minimum. The reason might be a noble one but no matter how valid the reason is, it created a weak link. Ultimately, it was that weak link that allowed malware to infect some of the machines on board.
Protecting against malware infection, especially infections incurred through employee devices, involves covering as many bases as possible. We live in an age where everyone owns some kind of mobile device and everyone expects to have it plugged into the network. This is where BYOD policies become essential in every business. If your employees want to use their device on your network they need to abide by a few rules so you can make sure your data and infrastructure stays secure.
It is nigh impossible to know what might be lurking within a device. A malware infection could be carried in through a laptop, a USB drive, a portable media device, a mobile phone, a tablet and now even smartwatches have been added to the mix. Your best defense needs to be a holistic one, complete with policies, staff awareness, software that has security vulnerability assessment capabilities, and monitoring software which will alert you of any abnormalities.