I attended GOVSEC 2011 in Washington DC last month. Although the main focus of the event was physical security, with demonstrations of SWAT attack vehicles, firearms and protective clothing, I was interested in learning agencies’ approaches to cybersecurity. I had a few interesting discussions that spurred some thoughts.
I chatted with a few exhibitors that emphasized networks for security information transfer; the access authorizations, controlled entry, the video surveillance images, and the like. All of the vendors recommended that the transmitted security information be carried on a separate network from other enterprise and agency traffic. These dedicated enterprise security networks, like all networks, were experiencing huge traffic demand increases driven by video. Now, the recommendation to have a distinct network for security traffic could be motivated by an urge to sell dedicated secure network equipment. On the other hand, a dedicated security network could be more difficult to penetrate, at least, for example, by an internal agency IT hack who was angered by his last job review.
I am wondering now if this dedicated network idea could be extended to achieve cybersecurity for enterprise WANS. For example, dedicated enterprise / campus fiber networks connected by dedicated wavelengths over long haul carrier public nets. Of course, the bigger Federal agency networks have been doing similar to this for years, but often over dedicated fiber. But is a wavelength as secure as a dedicated fiber? I expect a wavelength on a shared network to be more secure that a router port, especially since the vast majority of cyber attacks target the upper layers of the application stacks. Also, in the event of a government shutdown of the public internet, a private “wavelength” network may remain operational, or at least come back online more gracefully than that of a “cloud based” network.
Just a few thoughts on how optical design may achieve cybersecurity: I would welcome your comments and clarifications.
