Tuesday, September 27, 2011

WaPo's "extreme" precautions for travel to China? Hardly.

Today's Washington Post article "In China, Business travelers take extreme precautions to avoid cyberespionage" barely cracks the surface of what occurs in China and other nation states who engage in cyber-espionage. I founded a company on that very premise in 2010 and am still amazed at how easily state actors can obtain exactly what they want from visiting C-level executives without anyone knowing it. In fact, I've had this very conversation with Joel Brenner just recently (Brenner is extensively quoted in the WaPo article).
A standard travel kit for Taia Global clients includes a pre-paid cell phone and an iPad or a hardened laptop with no documents stored on the hard drive. Instead, everything that the executive needs to work on is stored on an encrypted IronKey flash drive. We provide a variety of e-mail alternatives for executives to choose from which keep them from directly communicating with their home network. Access to free WiFi hotspots at the airport, the hotel, or anywhere else in-country is heavily discouraged. And no device ever re-connects with the corporate network after a trip.

These are realistic, not extreme, precautions and they're based upon real-life incidents that happen on a daily basis; not only in the PRC, but in many developed and developing countries including the EU. The risk factor isn't the same for everyone. Part of our work for our clients is to tell them what their CRI (Cyber Risk Index) is when they travel. The CRI varies according to what industry an executive is in, his position at his company, and which country he's visiting. Just like in network security, there is never a one-size-fits-all solution.

No comments:

Post a Comment