Chapter 300: Physical Isolation and the White Box

Footsteps in the corridor stopped outside the glass door. Lin Chen did not look up. His motion to unplug the network cable was light; the click of the RJ45 connector disengaging from the port was amplified in the quiet office. The screen went dark, reflecting the dark circles beneath his eyes. Twelve minutes. He pulled open a drawer and took out a backup laptop. No external network connection—only a local debugger. The sound of keyboard strikes resumed, denser than before, but steady in rhythm.

He needed to rewrite the gateway’s routing policy. The old system’s debug port was like a back door left unlatched, and the audit team’s scanner had already found the frame. Physical isolation was only buying time; the real defense lay in the code. He pulled up the iptables rule set and verified it line by line. DROP all non-whitelist IP access to port 8080. REDIRECT internal diagnostic traffic to an isolated sandbox. He wrote a state machine to log the source address, timestamp, and protocol fingerprint of every handshake request. If it matched a known penetration signature, it would trigger a circuit breaker directly. The code wasn’t long, but the logic had to be airtight. Compliance audits for medical data didn’t accept “roughly” or “maybe”; they only recognized logs and hash values.

The calf muscle in his left leg began to twitch uncontrollably. He stopped his fingers, bent down, and rubbed his Achilles tendon. The ibuprofen was wearing off, and the pain crept up his nerves like fine needles. He stood up to get water, moving slowly, shifting all his weight onto his right leg. The water dispenser gurgled. He carried the paper cup back to his desk, the warmth seeping through the wall into his palm. He took a sip and set the cup to the left of his keyboard. The screen lit up. Local compilation passed.

The door opened. Three people. The leader was a man in his forties, wearing a dark gray jacket and carrying a silver aluminum case. No pleasantries, no small talk. The man placed the case on the conference table, opened it, and took out two terminals and a protocol analyzer. “Director Lin?” He glanced at Lin Chen, his voice steady. “Provincial Health Commission Third-Party Security Assessment Team. Engineer Zhao. We arrived early. System status?”

“Physical isolation complete. Routing policy rewritten. Debug port sealed.” Lin Chen turned his laptop toward him. “Sandbox environment ready. White-box audit can begin anytime.”

Zhao nodded, asking no further questions. He signaled his two assistants to connect the equipment. The terminal screens lit up, command-line windows scrolling rapidly. Audits didn’t rely on words; they relied on tools. Lin Chen leaned back in his chair and opened the monitoring panel. Local logs began recording the probe behavior of the audit tools. The first wave of probes was correctly intercepted. Zhao watched the screen, his brows relaxing slightly, but he remained silent. He switched views and began examining the code.

“DICOM parsing module, line 142.” Zhao pointed at the screen. “Byte-level filtering function. If the input stream contains nested control characters, your loop will miss the second layer. Medical imaging metadata often hides this kind of dirty data.”

Lin Chen sat up straight. He pulled up the source code and scanned it quickly. Zhao was right. The V2.0 filtering logic used a single-pass scan; when encountering consecutive non-printable characters, the pointer would skip past the boundary. His fingers landed on the keyboard. He changed the while loop to a recursive call, adding a depth limit and exception handling. After the fix, he recompiled. The test suite ran, execution time increasing by 0.08 seconds, but coverage hit 100%.

“Fixed.” Lin Chen pushed the patch to the sandbox. “Logs updated. You can retest.”

Zhao didn’t check the logs. He directly had his assistant inject a new test packet. The terminal finished running and output a green pass indicator. He finally looked up at Lin Chen. “Fast reaction. But your routing policy only defends against external networks. What about internal lateral movement? If an operations terminal at the Provincial Second Hospital gets hit with ransomware, the traffic will come straight through the dedicated line. Does your zero-trust model have micro-segmentation?”

Lin Chen was silent for two seconds. This was an architecture-level issue. Micro-segmentation required a reconstruction of the underlying network, not just a few lines of code. He opened his mistake notebook and wrote on a fresh page: Internal lateral penetration risk. Micro-segmentation missing. Dedicated line trust boundary too broad. He closed the notebook and looked up. “Not currently. But traffic mirroring in the sandbox is enabled. Any abnormal internal request will trigger an alert and sever the session within three seconds. We can implement logical isolation first, and once the pilot runs smoothly, apply for the network reconstruction budget.”

Zhao didn’t argue. He noted the point and moved to the next item. The audit proceeded methodically. They checked permission models, reviewed data masking rules, and verified audit trails for model inference. Lin Chen accompanied them throughout, offering no excuses and making no promises beyond his team’s capacity. He only provided logs, code, and test reports. Su Man pushed the door open once, left a printed copy of the data flow compliance documentation, said nothing, and slipped back out. The office was left with only the sound of keyboards, the hum of cooling fans, and occasional command prompts. The wall clock pointed to nine-thirty. Lin Chen’s lower back had gone stiff; he stood up every twenty minutes to stretch his right leg, keeping his left foot suspended to avoid pressing on the nerve.

Ten forty PM. Zhao closed his terminal. He rubbed the bridge of his nose and pulled a paper report from the case. “Preliminary assessment passed. The debug port vulnerability is closed. Boundary handling in the DICOM parsing module is qualified. However, internal micro-segmentation and model audit trails are hard requirements. The pilot can proceed, but you must submit a complete architectural rectification plan within seventy-two hours. Otherwise, the Health Commission will downgrade your interface permissions to read-only.”

Lin Chen took the report. The paper was light, but its weight was heavy. Seventy-two hours. It meant he wouldn’t just be writing code; he would have to coordinate network vendors, the Provincial Second Hospital’s IT department, and even Su Man’s product team to redesign the data flow topology. Capital, manpower, and time were all stretched to the breaking point.

“Understood.” Lin Chen placed the report on the desk. “The rectification plan will be submitted by nine AM tomorrow. Please maintain the current interface permissions.”

Zhao stood up and began packing his equipment. “Director Lin, the technology is sound. But medical systems aren’t internet products. If something goes wrong, you can’t just roll back a version. You’re walking through a narrow gate; your steps must be steady.”

“Understood.” Lin Chen nodded.

The audit team left. The glass door closed again. The office returned to silence. Lin Chen leaned back in his chair. His left foot had gone completely numb, feeling like a piece of dead wood detached from his body. He closed his eyes and took a deep breath. His heartbeat was steady. He knew the audit was only the first hurdle. The real pressure lay in the seventy-two-hour countdown.

He opened his eyes and turned on his computer. Created a new document: Provincial Second Hospital Pilot Architectural Rectification Plan V1.0. He had just typed the title when his phone vibrated. Not WeChat—a bank SMS. Payroll deposit completed for account ending in 7749. Amount: 12,400.00 RMB. Current balance: 12,785.30 RMB. The company’s cash flow had finally survived the month. He stared at the screen, his fingers hovering over the keyboard. A second later, a WeChat notification popped up. Su Man: Old Zhao just wrapped up the investment committee meeting. He agreed to co-invest in the Series A round, but attached a VAM clause. Tomorrow at ten, bring legal and finance to his office. The terms are tough. Be mentally prepared.

Lin Chen didn’t reply. He saved the document and turned off the screen. Outside, a crack opened in the cloud cover, and moonlight spilled onto the desk, falling across his mistake notebook. He picked up a pen and wrote on the latest page: Audit passed. Seventy-two-hour rectification. Series A VAM advanced. Dual pressure from capital and compliance. Next step: Architectural reconstruction and clause negotiation.

He closed the notebook. His left foot was still numb, but warmth had returned to his fingertips. He knew he couldn’t sleep tonight. Code had to be written, plans had to be drafted, and tomorrow’s negotiation allowed for no illusions. He plugged the power cable back in. The screen lit up. The cursor blinked in the blank space. He typed the first line.