back to article Defending critical national infrastructure... hmm. Does Zoom count as critical now?

Does your IT security model take into account things like pacemakers? According to Dr Victoria Baines, speaking at Infosec Europe, "we also perhaps neglect the idea that critical infrastructure might be inside people" as well as merely carried in their pockets. Raising a thought-provoking talking point during a webinar, Baines …

  1. katrinab Silver badge
    Meh

    Yes it does

    COBRA uses it for communication between the Prime Minister and First Ministers. You can't get much more critical than that.

    1. Anonymous Coward
      Anonymous Coward

      Re: Yes it does

      Seriously? They don't have anything without a backdoor? FFS.

      How exactly was the UK supposed to replace Huawei kit if they don't even have secure comms for leadership?

      What next, Parliament using Google cloud apps? Give away all your countries secrets by putting them in the cloud for Trump & Putin to take a gander?

      1. big_D Silver badge
        Coat

        Re: Yes it does

        Sorry to put a cloud on your day...

        https://www.theregister.com/2020/06/03/google_uk_g_cloud/

        Mines the one with a private server farm in the pocket.

        1. Anonymous Coward
          Anonymous Coward

          Re: Yes it does

          Did they get Google and USA to at least *promise* not to take a look at their private comms, the full 'pinky-swear' with 'no-backsy'?

          Yes?

          Oh, well that's alright then, because I thought for a minute there, they were a bunch of naive idiots not fit to run a Tesco Metro frozen food department, let alone a country.

  2. macjules Silver badge

    Does Zoom count as critical now?

    Yes, in the same way that Sports Direct employees are ‘Essential’.

    1. J.G.Harston Silver badge

      Re: Does Zoom count as critical now?

      Over the last month or so I've successfully had a couple of club meetings and a test Parish Council meeting using Zoom. At some point in the last few days Zoom has updated from 4.92937645631279 to 5.0078236459871235676 resulting in it refusing to run on my tablet. I went through six cycles of: You must be using Zoom version 5 -> download update -> install update -> welcome to Zoom 4.93128746572635 -> Join meeting -> You must be using Zoom version 5 -> -> -> ->.

      1. Danny 14

        Re: Does Zoom count as critical now?

        We have found zoom to be quite reliable. We use teams for our scheduled 'calendar' meetings and zoom for adhoc short meetings. Whilst this seems odd, we have found zoom to be easier to use than teams when the personal zoom rooms are used. Yes they have their security risks (being a known password for the room) but waiting rooms and lockdowns mitigate that.

        Gotowebinar is bloody awful though. We get robotic high pitched shifted audio for half our users, zoom and teams work perfectly on the same machines.

        If teams had a similar personal room with password approach then we would use teams for everything, as it is it can be quite fiddly inviting 40 people including some who you only just got emails for (so aren't in your distribution lists)

      2. Andrew Dancy

        Re: Does Zoom count as critical now?

        Zoom made a breaking change in their backend (I believe it's to do with an encryption change) which meant they had to force-upgrade everyone to Zoom 5. There was a one month window after Zoom 5 first launched, but the backend was cut over on May 30th at which point anyone on older Zoom would no longer be able to connect. Sounds like for some reason your tablet was still trying to download an old Zoom client.

      3. David Shaw

        Re: Does Zoom count as critical now?

        On your tablet, can you simply use a browser web access to Zoom, [zoom.us/join] as presumably that is more often updated than any particular app dowload?

        1. Danny 14

          Re: Does Zoom count as critical now?

          Some tablet browsers say 'unsupported use the app'. There are ways of fooling this with Firefox and extensions though.

  3. Mike 137 Silver badge

    I've been saying this for over a decade

    Any system is entirely as weak as its weakest link. The most remote smallest end of your supply chain can be (and often is) the entry point for your data breach and it has been the case for a very long time.. But this seems to have only just registered with the pundits, witness the 2016 request for comment to the US Commission on Enhancing National Cybersecurity and similar initiatives. We submitted to that, pointing out that cyber security has no boundaries. Among all submissions, ours was the only one that stated this. Equally, ours was the only submission that included attackable internet connected home security systems used by millions of Americans in the definition of critical national infrastructure.

    1. Sanguma Bronze badge

      Re: I've been saying this for over a decade

      Have to say you're right.On a network where everything is connected, it's the Travelling Salesman Problem. Which is the quickest way in, and through? Alternatively, which way in is the least troublesome, and which leaves the least traces?

      But of course, your submission was entirely in the spirit of the documents the Founding Fathers produced, even if they hardly believed in them themselves, and that spirit's the spirit of a terrorist these days - Corporations Good, Common Citizens Bad.

      Just ask the US Supreme Leader before whom all the ... excuse me while I barf ...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020