If you bumped into me on the street, you would probably not guess that I am a cyber security professional. I am, one might say, well-seasoned. Given my history of chasing bad actors who were attacking my mainframe, some may wonder if I have the skills necessary for such a bleeding edge profession (one CEO asked me exactly that). While I can certainly make that case effectively, there are many times my knowledge of the “olden days” comes in very handy.
Case in point: some years ago I was re-engineering the transaction system for a credit bureau. When I started, they were running black-box servers with custom DOS-based software. I had finished an 18-month project to replace everything with systems and software from the current century, and we had successfully gone live. Unfortunately, our largest client, still using modems to communicate for many of its locations, was complaining of connectivity issues. When the development team could not identify the issue, I jumped in.
I remember sitting in the break room late one night talking to the communications developer about how he wrote his software. He was only a couple of years out of one of the top engineering schools in the country. I asked him about how he was handshaking with the modems. When he responded with a blank stare, I knew the problem. Having never worked with a modem in his life, he had no idea how to properly interface with them. Once I showed him, we had the system modified, testing, and operating properly in 30 minutes.
You might think knowing how to work with modems is not particularly useful for 2018. Consider, however, the recent discovery of a vulnerability in some Android devices, allowing someone with physical device access to interact with many of the basic phone functions. It seems the implementation of phone controls in these very modern devices is based on the old Hayes modem command set. Since nobody has learned about this commend set in years, it took a fellow relic to discover the vulnerability.
The fact is, much of our modern technology has its roots in systems that were in use many years ago. And in certain industries, including healthcare, utilities and manufacturing, those original systems are still in use. In order for a cyber security professional today to fully understand the risks and how to address them, it helps to have a foundation in the old fundamentals.
Here are four examples of older technologies that are still plaguing the information security world: