Quick Deploy Zero Trust Cybersecurity

With the ongoing geopolitical tensions happening in the world, they have issued high alerts to all U.S companies warning them of potential cyber threats against critical infrastructures using destructive malware deployment. Whether you’re in a small town or a military base located in these areas, ransomware attacks are not siloed to affect just bigger cities. They can happen anywhere and to anyone. Considering the heightened tension and its political and economic impacts on governments and businesses, XQ aims to help enterprises to understand the importance of cybersecurity and employ a safeguard to these kinds of attacks. This episode features Junaid Islam, CTO and Board Member of XQ Msg, and Phillip Bane, managing director of Smart Cities Council, discussing a solution to quick deployment of cybersecurity to defend against the increased threats.

Join Junaid Islam, CTO and Board Member of XQ Msg, as he advocates for quick-deploy cybersecurity. In this [13 minute podcast], they discuss three main points: 

  • Cities of all sizes will face more cybersecurity threats in 2022. We have yet to see the full force of the threat.

  • These threats will include 'wipe-ware' where your data is destroyed with no opportunity to ransom

  • Cities need 'quick-deploy' solutions that will keep their data protected.


Listen here or on Apple, RSS Feed, and Spotify


Read the following excerpt: 

Philip Bane: Good afternoon. Hi everyone. Welcome to another episode of the Smart Cities Chronicles, your podcast for smart cities action, investment, and outcomes. I'm excited today because, given the current tensions around the world, today being March 2nd, 2022, I have the opportunity to interview Junaid Islam from XQ Message. Good afternoon, Junaid. Why don't you tell me a bit of your background in XQ and why anybody should currently be concerned about ransomware and cybersecurity?


Junaid Islam: Great. Well, thanks for having me. My name is Junaid Islam. I've been involved in secured communications for 30 years now. Thirty years ago, I started creating MLPP, the red button to launch a rocket. Then did MPLS routing at Cisco, Mobile IPv6, and actually helped create zero trust working for the intelligence community as a researcher.


Junaid Islam: Now, I'm at XQ, a board member and CTO. What I help customers with is something called zero-trust data protection. That is to create a way to protect data where the data itself has zero trust in people or software programs who might want to either copy it or access it. We have a very new approach to protecting security, making the data itself aware of its environment and policies. So it's a kind of new approach that's revolutionary.

Philip Bane: If I remember correctly, I was told you guys had a patent on this, correct?


Junaid Islam: That's right. We have some patents around zero trust data protection, specifically how we put meta tags on when we encrypt data. Those meta tags are random numbers. They're kind of meaningless. But what they do is they connect to a policy server where someone like a city government or county, or even rural community can set policies such as where it can be read, maybe only in their location. So even if you move it out of state, the policy services, I'm not going to give you now you're out of state.


Junaid Islam: Or only specific programs like I've got a program storing data on saying land and lease county lines, who owns what, and you could say only this program is allowed to talk to me and get the data. If it's a different program, which could be a hacker program or a file transfer, for instance, you're not the authorized program. So we allow governments to put either simple policies or complex policies on who and what and from where the data can be accessed. That is the heart of zero-trust data protection. It has zero trust in anybody, in everybody.


Philip Bane: So again, I was particular about giving the date to everybody, March 2nd, 2022. If I'm from a community in the United States, why should I be concerned today after some of the geopolitical tensions we've seen worldwide?


Junaid Islam: Unfortunately, cyberwar has become a reality, and we're seeing cyber attacks around the world. Here in the United States, many small communities might say, "Well, hey, maybe that's an issue for a bigger city, like obviously Washington, D.C. or New York. But I'm in a small town. That doesn't affect me, and nobody even knows about me." I think that is a dangerous misconception. Across America, a lot of military bases are in small towns. A lot of air force bases are in small towns. A lot of defense contractors are in a small towns.


Junaid Islam: So I think if you are in a quiet, very friendly community, you might want to think about who your citizens are or who your local companies are. I bet that there are probably more defense contractors and military personnel in your town than you think about daily just because they're there all the time and blend into the environment. Right now, unfortunately, we have foreign governments targeting the U.S. defense supply chain.


Philip Bane: Why is it important that it would be a government and that geopolitical tensions are higher? How does that change the operating environment for a community?


Junaid Islam: That's a great question. There's been a lot of ransomware attacks happening as we know. But they fall into two categories. The bulk of the ransomware attacks that have happened the last few years are what I would call very opportunistic. Someone just sends somebody an email say, "Give me your password," and then they get lucky. Unfortunately, when governments get involved, they use that trick, but they use another trick, which is far more dangerous. They have something called lateral moving malware or self-propagating malware. So this is a code that they will install into somebody's machine simply by emailing them.


Junaid Islam: Unlike how we think of a cyber attack, where someone says, "Give me your password," and you give them the password, these lateral moving malware, once it loads onto your machine, by itself goes across the network and finds the data and can either steal it or destroy it. So the very important thing people need to consider is if you're a small town close to a military base, or you have a defense contractor in your town, in your community, that a state-sponsored attack is much more lethal than getting that email asking for your password which is easy to ignore. People need to take this very seriously today, March 2nd, 2022.


Philip Bane: Yeah. So also, I mean, we mentioned ransomware, but you brought up what you call destroying, which I think you also told me earlier was wipeware. Why is that so drastic for a community?


Junaid Islam: So typically, when we think about ransomware, we think about people who come to steal your data or encrypt your data and then ask for some Bitcoin. What happens when you get involved in fighting a foreign government? They have no interest in shaking you down for $5,000 or $50,000. They will just come to delete your data. So we use the word wipeware, and that is lethal because when you think about malware that moves by itself, that can hunt and find the data and then wipe it out, for a county government or city government that has not prepared for it, it could be nonrecoverable if they haven't properly taken the countermeasures, which is doing very secure, offline backup in a completely different facility.


Philip Bane: So let's talk about that. So I mean, we've talked about the fact that we're in a heightened alert system, that the chances of wipeware or destroying the data are greater. So how could XQ Message help a community specifically with this idea that they could destroy all your data?

Junaid Islam: So one of the good things that are out there is, of course, there's a lot of cloud-based storage systems. Oh, and very inexpensive. So what we do is we provide the zero-trust data protection that can take your data from your community, your city, your county, encrypt it, but set the policies so that only you can decrypt it. So basically, we have this notion of agents in a gateway. So the agent will be on your local system. It'll ingest all the data and then park it into one or more cloud operators, again, which is very expensive.


Junaid Islam: But the benefit of what we do is we ensure the encryption keys are only given to people in the county. This is important because many states and cities have a compliance model that says only county personnel or authorized personnel can access the data. So they've been a little hesitant to use clouds. With our solution, they have complete control, right? So we basically absorb all the data and encrypt it in a way that only they can be decrypted and then push it off, so. I think-


Philip Bane: Junaid, so if I'm a community in Kansas, Missouri, and I'm going, "Okay, I'm not prepared for this," how long would it take to deploy this kind of solution? What's the process for it?


Junaid Islam: So the good news is it takes about a week. I'm saying it's good news because it doesn't take months, but it also doesn't take a day. The cloud-based backend that is up in an hour. So that's pretty quick. Where it takes some time is to work with the computer department of the county or city to figure out where their data is. What we find across America is everybody's taken a different approach to county records, tax records. So there's a discovery process to figure out what they've done.

Junaid Islam: The other important thing is everybody has different databases. So one of the big mistakes you can make in disaster recovery is just making a copy. What happens is you can't reverse that transaction because databases have specific libraries. They call the links, right? If you break the link, you can't recover. So we work with the local team IT team, and we help them. We've done this a bunch of times.

Junaid Islam: So we understand, figure out where the data is, what kind of database technology are they using as a database? is it Oracle? We figure out how we can export the data? Then the most important thing, we do a dry run. So we go through this whole thing. We do a snapshot. We send it off, then reverse the whole transaction and make sure that it can be read as the data comes back.


Philip Bane: No, I mean, that's great. It sounds like you have a ready-made solution to back up data. Only certain people can access that data. You can do it in about a week, and you're working with that community to devise the best way, the best solution for them. The other thing that you mentioned earlier when we were talking was your zero trust chat, which I thought was cool about how you can protect communication with both city employees and city residents.


Junaid Islam: Yeah. So one of the other things, there are two cyber attacks. One is wiping out data, but the other is also to look at all the email communications within a city to figure out things like passwords of say where their bank account is, right? So one of the things XQs develop is what we call a zero trust chat. So this is it's just chatting, but it's completely self-contained. Every chat session has a different encryption key. Why that's great is it requires no training because everybody knows how to use webchat.

Junaid Islam: But because XQ gives all of the software for the webchat to the city or county, it allows them to have a completely secure communication system where only their city or county personnel even know about it, right? It ensures that if someone attacks your email system, they won't say anything about how you're moving money around, where your data is, all the things that are the lifeblood of a community; we want to make sure that nobody knows except the people in the community, county supervisors, the mayor.


Philip Bane: And transmitted through the zero trust chat.

Junaid Islam: That's right.

Philip Bane: They're going to be protected.

Junaid Islam: That's right. Because it's a completely self-contained system. There is no external links. So this makes it very different than say, mobile apps that everybody's familiar with, which are great. But with those mobile apps, there's always a copy somewhere else. In this case, there is no copy.

Philip Bane: Got you. So what I've heard you say today is that there's an increased risk profile. Any community of any size could be at risk, that part of the increased profile is that bad actor would actually destroy the data-

Junaid Islam: That's right.

Philip Bane: Instead of putting it for ransom. And that XQ Message has worked with many communities in the United States to deploy these, the backup solution. It takes about a week, but that's really because you're spending a reasonable amount of time helping the city.

Junaid Islam: That's right.

Philip Bane: Each city is different in terms of its data architecture, so you're helping them. Just for the audience, this podcast will also have some information about how to reach Junaid XQ Message. Again, I'm going to say the ate, Junaid. Today is March 2nd, 2022. This is Philip Bane from the Smart Cities Council. Thank you, everybody, for your time. Thank you, Junaid.


Junaid Islam:

Thanks for having me.


Additional Resources:

XQ Securing Smart Cities of the Future

Contact us for more information here: https://xqmsg.co/contact-us


Previous
Previous

The Digital Trust Initiative is established at Discovery Park District at Purdue

Next
Next

Future of Cybersecurity is ‘Friction-less Zero Trust Data’