Vault 7: Back to the typewriter to really play it safe?

/in /by

“This time they’ve gone too far,” says Christian Polster, Chief of Strategy of RadarServices, Europe’s leading IT security monitoring provider. “The Vault 7 releases have shaken people’s confidence in the security of globally distributed American technologies. They seem to reveal a parallel universe of the US security authorities,” Polster continues.

 

What happened

Under the codename “Vault 7”, WikiLeaks has started the most comprehensive release of secret information from the US intelligence service CIA ever made public. The first part, “Year Zero”, comprises 8,761 documents. It says, among others, that a secret CIA hacking department is developing malware which is to be used against products of European and US companies.

 

How can companies protect their highly sensitive data against this background?

The security of highly sensitive data is of decisive importance for the existence and success of European companies and the development of Europe’s national economies. These data include design drawings and patent plans as well as ground-breaking research results. Also information regarding a company’s own up-to-date IT security.

 

“Many technologies from the USA are incredibly handy and efficient nowadays, resulting in their widespread use. However, Vault 7 has put companies’ managers and security officers in a state of alert at last. If highly sensitive data are to be truly protected from unauthorised access on a permanent basis, IT security measures need to have top priority,” Polster urges. “Unencrypted highly sensitive data being stored on devices that are connected to the Internet are a no-go. Strictly speaking, these data have no place on mobile phones or the cloud, in particular. Rigid behaviour policy guidelines need to be established and observed, especially for the ‘crown jewels’ of a company’s data,” Polster continues.

 

In addition, both hard- and software used to process and store highly sensitive data need to be subjected to security evaluations on a regular basis, as they can be vulnerable to targeted espionage attacks of the kind that might be implemented using the knowledge gathered by the CIA according to Vault 7. Relevant evaluation criteria in this respect should be the technologies, their providers as well as the conditions under which they were developed and are being used.

 

For this purpose, it is essential that IT as well as IT security “made in Europe” are being developed to truly counterbalance US providers. “The mills of cybersecurity made in Europe grind too slowly. Administrative processes take too long, initiatives are launched too hesitantly at both national and European levels,” Polster states. According to the expert, this mainly concerns (further) training being made available to IT security experts and financing of the development of own hard- and software in Europe.

 

“In numerous areas, there are currently no alternative to American products for companies. Strictly confidential data are thus potentially at the CIA’s mercy. Security officials of large European groups have been well aware of this situation ever since the NSA releases. This knowledge is fuelling demand for services of the kind we offer with our proprietary European technology. Because, while “back to the typewriter” is not a valid solution, neither is the status quo of technological imbalance that harbours unpredictable risks for European companies,” concludes Polster.