Thales Blog

The Black-and-White Firewall

February 11, 2011

What’s the difference between a police car and a firewall? Not as much as you might think, it seems.

Late last month it was reported that a police car was stolen in Western Australia after the officers left the car unattended with the keys in the ignition during a routine traffic stop. A spokesman for the police said that it is, “standard practice for officers to secure their vehicles before leaving them,” but inevitably such practices will sometimes be missed.

So far this looks like a set-up for a key management story: you can’t rely on procedures, so make sure you use HSMs and (semi-)automatic key management systems to protect your keys. And that would be a useful story to write with a good moral. But actually I think there’s a more interesting angle to this.

You see as well as the keys, the officers left something else unattended in the car: the built-in police computer database terminal, called TARDIS. This system allows access to people's records, vehicle details and police history and it is the fact that the villain may have had access to this system that caused the story to make the news, rather than the fact he’d stolen a police car.

While the TARDIS system does have username / password protection, concern seems to be over whether it was locked or unlocked at the time. I am not familiar with the design of the TARDIS system but presumably if this is a question at all then it must have reasonably loose session timeout/auto lock/logging features. One suspects it is standard police practice to log out after each use.

So rather than a key management angle, this tale actually turned my thoughts to perimeter security – relying on a hard outer shell to protect an entire estate. In IT systems this is normally typified by a strong firewall on the outside but then very loose controls on data on the inside. The feeling of security from the outer shell giving false comfort to administrators – so that once someone’s in, they’re in. Security conscious organizations augment firewall protection with internal data encryption and strong audit trails in order to secure the data from the inside too, but this is still not nearly as common as it should be.

So in this case, the hard outer shell was the police car and inside that hard outer shell was an important system with inadequate protection, just waiting to be accessed by the first person to penetrate the perimeter. A hard way to learn the defence-in-depth lesson.

It will be interesting to see if the results of this investigation are published.