Are Physically Isolated Networks Really Secure?

2024.10.22

Recently, a US espionage device code-named "Water Moccasin" has attracted widespread attention in the field of network security. The device disguises itself as a common USB connector and can simulate peripherals such as keyboards and mice to evade detection by relevant security software. Once connected to a physically isolated network device that was originally considered safe, it can steal data silently and send sensitive information through special signals. This undoubtedly poses a severe challenge to the effectiveness of "physical isolation", a traditional network security protection method.

Physical isolation is a basic network security protection measure. Its core concept is to isolate the network from other networks or systems through physical means to prevent data leakage and network attacks. The Iranian "Shock" network incident and the "Water Moccasin" device have proved that physically isolated networks are not natural barriers and also have security risks that should not be taken lightly.

The essence of network security is confrontation. The core of confrontation is the contest between the capabilities of the attackers and the defenders, and ultimately the contest between human nature. The attackers are in the dark, and the defenders are in the light. As long as the attackers are given enough time and take advantage of the asymmetry in information, capabilities, space, and time, they can basically break through the defenders and cause certain losses to the other side.

my country has built a large number of confidential networks in the aerospace, aviation and other military fields. Whether it is the first party unit or the second party security vendor, there is a general fluke mentality, thinking that the physical isolation network is first of all a natural barrier, as long as the control is strengthened, these security vendors generally lack the awareness of network attack and defense confrontation, and focus on terminal control. The emergence of the "Water Moccasin" device actually subverts everyone's cognition, because it is designed for the control of your physical isolation network, and can escape the monitoring and control of security software, proving that the opponent is also constantly studying the functions and parameters of our security products. It is not afraid of thieves stealing, but afraid of thieves thinking about it. It fully shows that the United States is constantly studying our physical isolation network and constantly looking for breakthroughs.

We must now establish such awareness that physically isolated networks also have risks and hidden dangers. Foreign intelligence agencies will certainly collect a large amount of information on security equipment and security software used in physically isolated networks in my country, including national policy documents and technical standards related to confidential networks, and will even purchase related products through some channels for research, so as to design targeted technologies, methods and tools to break through physically isolated networks. "Water Moccasin" is just the tip of the iceberg.

Many manufacturers and employees in this field do not attach importance to confidentiality. They often write some confidential information in their products and solutions. They think that it does not matter as long as it is not a confidential file. When it comes to inspection, they remove or transfer sensitive words in the computer. If you are responsible, it is recommended to conduct surprise inspections. If it is not a confidential document, it should be a content inspection. There are no confidentiality restrictions on the computers of manufacturers and employees. Confidential information is spread and copied at will. There is no restriction on Internet access. Some cracking software on the computer may be embedded with phishing Trojans. The R&D personnel of the manufacturer are not controlled when they go online. They may be phished by foreign intelligence agencies, and even the source code of the developed products may be leaked. Although foreign intelligence agencies cannot break into confidential networks, they can attack through the supply chain, that is, starting from these security manufacturers. At present, the control of such manufacturers is still not strict. In the past, many manufacturers directly exposed related products on their official websites. In fact, such manufacturers should not even have official websites. Some manufacturers' product sales are not well controlled, and they may be sold to foreign intelligence agencies through some agents.

If you want to protect the security of physically isolated confidential networks, you must also pay attention to the management of the supply chain, strictly test the hardware and software required for business and work, and strictly manage the personnel and office requirements of manufacturers; strictly test the security hardware and software of security manufacturers, and strictly manage the personnel and office requirements of security companies. Physically isolated network protection should also be taken seriously. It is extremely easy to break through the supply chain and social engineering methods. Don't have illusions. Compliance is only the foundation. You still have to use the idea of ​​attack and defense to prevent physically isolated networks.

In short, the security of physically isolated networks requires, first, the development of information technology and innovation to achieve self-control; second, to prevent supply chain and phishing attacks, and strengthen the control of relevant supply chain manufacturers and their products; third, to strengthen the control of internal and external personnel; fourth, to avoid the appearance of confidential documents in some bidding documents and product information. Physical isolation network security is relative. Once the opponent wants to break through you, they will do everything possible to study you, formulate various attack strategies and tactics, and do everything possible. Once used, the lethality is huge. As a security vendor, you should know the importance of attack and defense confrontation and confidentiality.