Prison Break vs. Critical Information Breach
While watching my current favorite guilty pleasure, Prison Break, last night, I started to think about critical information security breaches, and how breaking out of a prison is very similar to breaking into a computer system. Nevertheless, the biggest difference between the two is, perhaps, the ensuing consequences, being that the penalties are usually graver for a prison fugitive.
If there are any similarities between the two security breaches, the main character of the show, Michael Scofield, a professional civil engineer, may hold the answer. Before he robbed a bank intentionally to get into prison to save his innocent brother, Lincoln Burrows, from his looming death sentence, he was an experienced civil engineer who had engrossed himself in his brother’s case. Michael became an expert and developed a web of information, which included the blueprints of Fox River Prison, to escort his brother and himself cleverly outside of the prison walls through the labyrinthine innards of the prison.
Being that most IT security pros are usually well-practiced and knowledgeable of the ins and outs of different computer and security systems, isn’t it possible that anyone in these roles could be a freelance or professional cyber-spy?
I think the answer is yes, and like Michael’s efforts to systematically crumble the security walls of Fox River Prison, a cyber-spy could just as easily break down the firewalls and coding of a critical information security system. So the questions on-deck are: What steps needs to be taken to beef-up security in these systems, what new technologies need to be developed to deter such actions and how can employees be screened to ensure their trustworthiness?