[kictanet] Deciphering Trump's "Einstein Pilot" comment & why (most) state mandated backdoors are a bad idea
Patrick A. M. Maina
pmaina2000 at yahoo.com
Thu Mar 14 10:28:07 EAT 2019
Listers,
US president Donald Trump recently triggered a debate about the (often overlooked) negative aspects of placing high/total reliance on modern, increasingly complex (and increasingly opaque), technology for safety-critical applications like aircrafts.
Some food for thought... (disclaimer: below is shared for information and/or debate only, with respect to cybersecurity policy discussions):
1. (*2018* article) "Boeing thinks that cyberattacks may be a real threat to flight safety and pilots should be trained to determine and withstand them."
https://airlinerwatch.com/boeing-wants-to-train-pilots-against-cyberattacks/
2. In 2012 researchers reportedly discovered what appeared to be a deliberately engineered (i.e. possibly state mandated) security backdoor in *military grade* chips used for critical functions in aircrafts (e.g. boeing 787) and sensitive military equipment (e.g. drones). The backdoor could be ecploited by sophisticated (state sponsored) attackers to potentially take over sensitive equipment (like a commercial plane). The good intentions behind such backdoors includes anti-hijacking. But the unintended consequence is severely increased vulnerability (ironically to a different form of hijacking) that cannot be hot-fixed.
https://www.infosecurity-magazine.com/news/military-grade-chips-may-not-be-as-secure-as-we/
3. "Five eyes" nations (US, UK, CA, AU, NZ) see themselves as the global "good guys" with infinite wisdom, and who should be allowed (and trusted, without independent oversight or international accountability) to hack any tech device/software for "good" reasons. So they agressively push their tech manufacturers to engineer security backdoors into systems (chips & software).
Again, the unintended consequence, which makes (most) state mandated backdoors a terrible idea, is that there is no way to fully secure such backdoors against exploitation by the "bad guys" (e.g. competing states or organized criminal networks).
Sadly, it means that "five eyes" origin technology (hardware and/or software) should always be considered *insecure by design*. Yet this is the tech most of Africa relies on for literally *everything*. Actually any non-indigenous technology should be considered insecure by default (a key reason to develop strategic indigenous technology capacity).
Could also partially explain why some foreign govs seem to have so much high quality (near real time) information on Africa across all critical spheres (industrial, financial, political, security etc).
https://techcrunch.com/2018/09/03/five-eyes-governments-call-on-tech-giants-to-build-encryption-backdoors-or-else/amp/
The floor is open for comments / debate. :-)
Good day.Patrick.
Patrick A. M. Maina[Cross Domain Innovator | Independent Public Policy Analyst - Indigenous Innovations]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20190314/d8c511c7/attachment.htm>
More information about the KICTANet
mailing list