As the coronavirus crisis has swept the world, organizations everywhere have been forced to adapt to working remotely, often relying on the fastest and easiest collaboration tools available to facilitate this.
As a result, troubling cybersecurity vulnerabilities have emerged.
End-users — in a panic — have gravitated toward technologies that are easy-to-use versus easy-to-secure, resulting in large-scale compromised identities and exposure of sensitive IP information.
Most technology companies prioritize the lowest-cost-of-development for every aspect of the business, which overlooks the necessary due diligence that ensures the security of their communications tools. Even sophisticated U.S. government organizations who were supposedly savvy technology evaluators have missed the boat in recent months by moving so furiously towards any quickly-deployable solution, rather than looking at platforms that were specifically designed for high-security, privacy — and compliance.
A case in point: U.S. government agencies have made substantial payments to Zoom for use of their communications platform; a platform already compromised. This has allowed any U.S. adversary, including China, full access to all communications flowing through the platform.
Even the most basic of technology due diligence reviews were not conducted before Zoom was acquired through government procurement and users were authorized to begin relying on the platform for communications.
Such careless vulnerabilities have given our adversaries unprecedented access to critical conversations made by U.S. government and Department of Defense (DOD) officials.
This puts U.S. national security at risk.
These agencies are obviously aware of this problem.
As reported by Stars and Stripes, the DOD has recently banned service members, contractors and civilians from using Zoom in an official capacity. Furthermore, the FBI has warned about an increase in incidents of “Zoom-bombing,” where teleconferences on the app have been infiltrated by uninvited participants. Given these disturbing developments, a vacuum has been created in need of a secure tool that these critical staffs in government and military can use for their operations.
The need to remedy this situation is urgent.
From a macro perspective, the U.S. Government needs to establish a program to consistently implement procedures that achieve the following requirements:
- Technology that proves communications integrity, even in the most-adverse conditions;
- Technology providers must disclose the location of all development and operations staff involved in delivering the technology; and
- Actively rewarding companies whose technologies assure the integrity and confidentiality of all communications flowing through the platform.
A number of U.S.-based companies offer solutions inherently more secure than Zoom.
The U.S. Government should pursue relationships with these companies to fix urgent vulnerabilities before we see an avalanche of new security, privacy and regulatory violations that cut even deeper into our current economic instability. When looking for long-term solutions, U.S. Government agencies should seek technologies that deliver features including:
- Provable location of all individuals participating in a teleconference;
- Encryption key integrity to mutually authenticate every participant in the teleconference; and
- Per-teleconference session keys to assure that they cannot be intercepted, replicated or manipulated.
By prioritizing these features, problems like those experienced by UK Prime Minister Boris Johnson and his Cabinet can be easily avoided. Mr. Johnson inadvertently disclosed his static Zoom teleconference identifier.
High-integrity security and collaboration leaders in the market today already provide remedies to this situation. By connecting the right technology companies with U.S. government decision makers and procurement teams, government communications can maintain the integrity needed to ensure that foreign adversaries are not listening-in to teleconferences where strategic policy-making decisions are being made today.
Van Hipp is Chairman of American Defense International, Inc. He is the former Deputy Assistant Secretary of the U.S. Army and author of “The New Terrorism: How to Fight It and Defeat It.” He is the 2018 recipient of the Queen Elizabeth II September 11 Garden Leadership Award for National Security. Read Van Hipp’s Reports – More Here.
Posts by Van Hipp
- There Should Be Zero Distancing From Chloroquine Treatment
- Want to Stop DC Leaks? End Lucrative Book Deals
- View More Posts by Van Hipp