It's something akin to a service provider in SAML parlance, if we are to believe reporting. How can it be air-gapped?
And if we are to believe the hacked company, it is a development environment with test data in it. That remains to be seen, but is a risky thing to lie about. If there is production data in the leak, we will surely know about it.
If you can't implement it securely then perhaps such an undertaking wasn't a good idea? In the vast majority of cases I don't see why PII ever needs to be available over the network for remote queries. For the purpose of verification isn't it sufficient to verify hashes or better yet to attest via smartcard?
That's not an excuse though, any system handling data like that should be continuously reviewed and pentested by professionals. Hopefully they can show that this has been done otherwise it's just negligence.
You've got to be a real low-life to collect all of that and put it in a database that is not air-gapped.
It's something akin to a service provider in SAML parlance, if we are to believe reporting. How can it be air-gapped?
And if we are to believe the hacked company, it is a development environment with test data in it. That remains to be seen, but is a risky thing to lie about. If there is production data in the leak, we will surely know about it.
At the high end you can use data diodes to isolate critical data.
The point of a system like this is specifically that it’s accessible and not air gapped.
Being able to validate that a citizen is a citizen and their ID is valid inherently requires the system be accessible
If you can't implement it securely then perhaps such an undertaking wasn't a good idea? In the vast majority of cases I don't see why PII ever needs to be available over the network for remote queries. For the purpose of verification isn't it sufficient to verify hashes or better yet to attest via smartcard?
2 replies →
If you need the data, you cannot have it air gapped. And if it is air gapped, it is still easy to make misstakes.
"misstakes", love it, almost peotic
> it is still easy to make misstakes.
That's not an excuse though, any system handling data like that should be continuously reviewed and pentested by professionals. Hopefully they can show that this has been done otherwise it's just negligence.
3 replies →