Why physical security (and InfoSec!) still matter

In the current era of mega-(should I say giga-?) breaches with tens to hundreds of millions of lost customer records and the hacking-of-everything, it is safe to assume that the logical security of devices becomes almost more important than the physical protection around those assets. While it is true that the logical (in-)security of devices renders “remote attacks” (attacks that are carried out against the system from another location than where the device is located, i.e. via a communication channel with a protocol such as TCP/IP, Ethernet, Bluetooth, or CDMA, GSM, etc.) possible, there is still an important defense layer that surrounds your device: the physical security.

To provide a little anecdote: a little while ago I took a flight into Washington and the seat beside me in the back of the airplane was empty (yes, that still occurs despite all the overbooking and other tantalizing measures of the airliners) – I set my little book and magazine there during the flight, and my cell phone on top of it. Then, when the plane landed and touched ground, it was a pretty heavy bump, and the pilot really hit the thrust reversal and hit the brakes, so much, that I needed to stretch my arm against the seat back in front of me. During the initial bump I saw my cell phone drop to ground and when the full deceleration took place, the cell phone slid very fast towards the cockpit. I was looking under the seat(s) in front of me, but couldn’t find it. Then, a friendly stewardess came up to me smiling with my cell phone in her hands, asking if it was mine – and I was quite happy to say yes.