Cybersecurity - CS141 HW161 at the forefront

11 April 2022

Editorial: For network infrastructural professionals, “Made in China“ is losing its luster :

Over the past three years there has been growing indicative evidence that many hacker groups are secretly financed or otherwise organized by the Chinese (and in some cases Russian) state apparatus, and as such, more and more consultants from the IT industry are also openly criticizing the use of network-capable hardware devices from Chinese production in Western networks. Essentially, hardware is able to offer better "hiding places" than might be found in purely software products. Whether in the case of virus scanners or general “watchdog” programs, native or third-party security systems are ultimately well able to monitor software products; this is less true in the case of standalone hardware.

Since hardware is usually "hardened", such security systems are not able to attain access to the inner software. Consequently, background processes cannot be checked for irritating or even harmful secondary functions. If the origin of the device is unknown or the manufacturer cannot be trusted, the "hardening" of an embedded OS, which is actually intended as a security feature, consequently becomes a vulnerability per se with regards to the broader cybersecurity of the system to which it belongs.

The key security dilemma can be found in the details:

Many providers of network products whose products have been "scanned" and deemed harmless are later able to automatically update their firmware via the Internet. As a result, either each firmware version must be completely rechecked again and again, or ultimately one must "blindly" trust that no malware will be reloaded with the firmware update.

To avoid this dilemma, for example, almost all military installations in the “Western” world not only require full disclosure of the applicable source code as a prerequisite for security clearance as applies to device operation in high-security facilities, but also the inclusion of proprietary code that makes a device 100% verifiable even after a firmware update. Undeniably, of course, devices such as the CS141/BACS, where GENEREX as the manufacturer offers this insight including "security tags", are preferred as a "secure device" and thus authorized for use in high security areas.

Even in the non-military sector, UPS systems or batteries are from a geo-political point of view increasingly considered “security-critical applications” and have also become attractive targets for hacker attacks: large-scale capping of power supply is a significant attack vector for those looking to massively and sustainably jam societal infrastructure across multiple levels, from civilian life to transportation, business, and government.

The power supplied by a UPS is not itself a "security vulnerability", regardless of the origin of the device. The network uplink, though, often becomes a hidden or unknown weak point within the system as a whole! Safety-critical users therefore prefer clear a proof of origin and safety checks before equipment is put into service.

For the entire duration of its development but especially since 2016 GENEREX has attached great importance and proactive prioritization to the topic of network security with regards to the CS141. Therefore, the varying reports about massive security leaks in processors which would become known in the press as "Meltdown", "Spectre" or 2022’s "J4Log", have not posed any sort of problem for the CS141/BACS. Even so, it is clear to us here that one must remain vigilant - therefore the topic "Cybersecurity" remains the top topic for GENEREX also in this year.

Ultimately, „Security“ can only be guaranteed through trusted control of the firmware!