General Cybersecurity Comments
This Section is designated for comments not directly responsive to the questions of the other forums.
Views: 57
Replies to This Discussion
-
Permalink Reply by Ross Stapleton-Gray on -
I think this particular cut at "cybersecurity" is too narrowly bounded; what we know about cybersecurity ought to inform other areas of policy and practice. As analogy, what we know about hurricanes informs (or ought to inform) what we do about wetlands as buffers, and regulation of flood insurance... we don't just focus on taking the existing situation as a given, and designing better hurricane-proof shutters.
So here's a thought to catalyze discussion: many of our IT-mediated systems are too fast, and many things we do are overreliant on fast communications. The stock exchanges support to-the-millisecond transactions, but the overarching purpose of stock markets is to facilitate the capitalization of corporations whose own activities are measured in units of days, or quarters, or even years (e.g., companies requiring capital to fund major construction projects). So why stock markets that transact at orders of magnitude faster rates? Because there's another chunk of the economy which makes money off other people's money, and they're the ones demanding it. But that's not the real purpose of the stock markets and accommodating the casino economy that piggybacks on the more fundamental market for capital in exchange for equity stakes buys us a lot more risk and vulnerability.
A comprehensive approach to cybersecurity ought to include an examination of those systems which depend on computing and communications, and lessening such dependence where the consequences of their disruption or loss are too great.
-
Permalink Reply by matthew on
-
I wrote this on another forum which pointed me to the real site so i copied and pasted for you.
Points 1 and 3 are moot.
Not sure why they are even proposing them really.
Now to point 2 the real meat and veg of their intelligence.
I like the idea.
Firstly they need to remove 3rd parties from actually being connected to the system while in that secure area id say.
Second youd have to be able to authenticate every program that is and would be run in that space... Unbelievably wickedly hard task that one....or not.
Is it achievable....yes but not with our current o/s.. youd need a self testing file system against another backup system that is untouchable... and pre-authenticated of course.
The problem i see is the chicken and egg... If you make the space then attach to a server to authenticate files, your computer could be infected already. If you obtain a smartcard of the files and put it in your computer..your computer could still be infected and you think you were safe.
2 solutions exist a bootable disc you acquire from the bank (only) signed and certified that sets up this initial safe area that then authenticates the files. This one sucks balls of course and is about as reliable as getting it from your local chinese embassy or russian mafia, but its not bad.
The second ill keep to myself becuase its much better and i thought of it 20 years ago.
Yes it doesnt surprise me the federal agencies are 20 years behind the times but there you go.
job done point 2 achieved.
@ Louis Savain
I also like the comment about the synchronous timing programming method and fully understood what he was talking about straight away. Though systems are not capable at the moment as he knows like him im sure at some point its possible to move to a frame work along those lines. Im not sure how far down that path computers could go though as i see lots of crazy self-authentication and differnet system/core issues.
-
Permalink Reply by Louis Savain on
-
I hate to be the rain on NITRD's parade but I must strongly disagree with all three themes they've come up with. Sorry. We all know that our authentication methods work. Otherwise there would be no e-commerce to speak of. So that's not where the problem is. There should only be one theme, in my opinion, and that is to solve the cyber-system vulnerability problem once and for all.
The theme should call for open bidding from various researchers and/or organizations in the field, including federal researchers directly connected with this effort. Every proposal must clearly and unambiguously explain the mechanism of the solution. No in-between, overly complex, beat-around-the-bush, 99% success, and/or limited domain proposal should be accepted. We already have that. It's the nasty little 1% that must be totally annihilated. What we need is an effective vaccine that will eradicate every possible variant of malevolent cyber critters that exists now or will exist in the future. Hint: the solution should identify one weakness that all malware have in common, one which can be used to perfect an effective mechanism of universal immunity.
The only incentive must go to whoever comes up with a viable solution. Once the solution is accepted on its merits, the federal government must mandate by law or decree that the solution be fully adopted and implemented by all federal agencies. The private sector will adopt whatever works because it is in their interest.
-
Permalink Reply by matthew on
-
Part 2 as far as i read into it implied a safe and secure area to work. Ive taken Safe and secure to mean wildly different concepts. The secure area is one person talking to his bank after authenticating his credentials to do his work. Safe could mean no one has modified files within this environment. While secure means no one is listening in.
e.g. People have had their entire bank accounts drained whilst being in a secure authenticated environment with their bank because a trojan had been programmed to wait and perform its task once this secure connection had been made. Its quite a nasty concept really but it exists. Also as the anti-virus community is always 2 weeks behind every new release...they are somewhat stuck on that front.
Secure (in the context of authentication) means a confidence level. The people are confident that you are who you are and so the transaction has a high confidence of being authentic. Secure is not saying 100% guaranteed.
A safe and secure environment will guarantee a higher confidence level than just a secure environment.
Im not sure if a true 100% safe+secure environment area is possible to achieve of course. Im guessing its not and can be mathematically proven for instance.
As i side note servers already exist on the internet that are 100% safe..ie the files are exactly as put on, but they are not 100% safe 100% of the time. A curious statement you ask but imagine a server that has a backup server with exactly the same files and a 1 way medium of transfering them to the other system. All it needs to do is completely rewrite every file on the other server regularly. Hardware level testing a filesystem is another possibility.
Expanding on my ...err proposal..hmm not a proposal really...but expanding on it anyways..youd have a safe server on the internet side and a safe computer on your side and set up a secure connection... And the confidence level would be as high as is achieveable.
Any higher than that and youd be at a cashpoint..or whomever had your details would be...
Still ive shown that point 2 is achievable, as to acheiving a solution to removing cyber security that is another problem entirely.
Cyber security relates to securing all data on all machines connected to the internet. The only common denominators are they are connected, they are attacked by criminals (who keep being released), remote attacks. Anonymity.
Notice i do not put out-of-date software on that list becuase thats not a part of cyber security...any solution if you like should be able to work on a system no matter what software is on it, id hope.
-
Permalink Reply by Louis Savain on
-
Mathew,
Thanks for elucidating the difference between safe and secure. I assume that we agree that, due to the excellent progress in encryption and identification methods made in the last few decades, authentication is really not an issue at this time. The issue is that, as you noted, it is possible to circumvent authentication with the use of Trojans or other clever means that exploit flaws in the sytems that we use. We all know that no server or client system currently on the market or in the lab can be guaranteed safe. One reason is that it is always possible for a malevolent and knowledgeable insider to insert some malware into the system. Unless there is an automated mechanism that can uncover every flaw and detect every possible intrusion, our systems will always be unsafe. My thesis is that, contrary to current wisdom, such a mechanism is possible.
In my opinion, the reason that we have a cyber security crisis is that the baby boomer generation (and I admit to being in that group) shot computing in the foot in the last century. Our current computing paradigm is essentially no different than what Charles Babbage envisioned more than 150 years ago. The boomer geeks showed up later and, for reasons that will keep historians and psychologists busy for centuries, imposed their Turing machine cult on the entire industry, which, unfortunately, encased those old flawed ideas in stone. We are suffering the consequences as I write. The biggest flaw with the Turing computing model is that time is not an inherent and fundamental part of the model. I am prepared to argue that almost every problem in the computer business can be directly or indirectly linked to this flaw.
Regardless of what the pundits maintain, the cyber security crisis is really identical to the software reliability crisis. Systems are vulnerable to attacks simply because they are buggy. There is a way to solve this problem once and for all but we will have to switch to a different type of computer, one which incorporates timing at the fundamental level. There is no getting around this fact and the sooner we accept it, the better off we will be. This is a thesis that I am ready to defend because I have given it a lot of thought over the years.
In conclusion, I will reiterate my position that NITRD does not have a plan that is designed to solve this problem. Unless they insist from the outset on a decisive and final solution, all we will get is more of the same. The game changing innovation that they seek will not materialize. And that would be both a shame and a waste of the taxpayer's money.
-
Permalink Reply by matthew on
-
How far down the deterministic path are you going?
Heres my thinking.
Wouldn't all hardware and software need to be deterministic ?
Every computer in the world has at its heart a crystal that pulses like a heart beat and makes the hardware and hence software work. This crystal is not perfect and hence will not have exactly the same amount of pulses as the next crystal put into a computer. With this in mind i don't need to really add more chaos. There are only a few accurate clocks in the world if you like down to the deterministic level and they are "chemically" constrained to a finite number of ticks per second (if you like).
It maybe that this level of determinism is not exactly what youre after but more a degree of error off a deterministic value is good enough? If so measuring this error maybe harder than you think as even an error range allows a little creativity in between?
Alternatively you would need some form of compensation for the core difference between systems. Perhaps a series of programs are run on each computer to ascertain this base level if you like. Which would need to be reassessed every hardware change of course and stored in a non-destructible file structure.
Also
A lot of software is polymorphic..let alone viruses. They modify (there own) registry entries etc every execution cycle, and saving changing files etc on a level 5+ raid drive while the drive is being accessed by other people.
I think youd have a lot of headaches writing a deterministic system to be honest but it would be interesting to see one.
Also what happens when a program runs out of its time slot...does it pop up a message saying please reinstall your whole file structure again? would it have rewind and replay capability.
Hell if nitrd wanted to spend money investigating, i would join up with you just to see if it were possible to make a computer behave like that. Not sure they would be willing to part with several million bucks though on a test of a theory that i doubt will ever be used in real-world.
-
Permalink Reply by Louis Savain on
-
How far down the deterministic path are you going?
Only as far as it can go. Things that are invariant should always be invariant. Of course, not everything is or can be deterministic. However, it is absolutely essential that the underlying framework be 100% deterministic in order to serve as a solid bedrock for everything else. There is also the problem that a program's virtual clock cannot be synchronized with a real time clock because of changing load. However, this is a problem only if the processor cannot keep up with load scheduling, in which case a more powerful processor should be used.
Of course, we must completely abandon CPU multithreading because threads wreak havoc on determinism. No multithreaded computer system can ever be safe or reliable for this reason. We might as well recognize this fact right away and act accordingly. Fortunately, there is a way to design and program parallel computers that does not use threads at all.
My thesis is that any malware, no matter how innocuous or clever, will disrupt the temporal and behavioral signature of a synchronous/reactive system in a way that is detectable by specially embedded automated sensors. This, in my opinion, is the Achilles' heel of all malevolent or corrupted code. This realization will allow us to create super-safe systems that have universal immunity against all malware. This is where I believe that NITRD CyberSecurity should focus most of its resources. There is more to it than that, of course, but this is about all I am willing to discuss on this forum.
Hell if nitrd wanted to spend money investigating, i would join up with you just to see if it were possible to make a computer behave like that. Not sure they would be willing to part with several million bucks though on a test of a theory that i doubt will ever be used in real-world.
Ideally, one would want a processor that is specially designed and optimized for a synchronous reactive software model. Current processors are too slow because they are designed for algorithmic code. However, if is possible to use an existing fast GPUs to obtain greater than adequate performance. Additionally, one would want to implement a synchronous/reactive OS and a full set of graphical tools for rapid application development. Once that is done, a sufficiently complex internet application should be developed as a test specimen and as proof that the concept actually works in a real-world situation. I figure the whole thing could take less than two years and cost about $3 to $4 million to bring to fruition with a dedicated team of engineers and designers.
-
Permalink Reply by Rob Lewis on
-
it is always possible for a malevolent and knowledgeable insider to insert some malware into the system. Unless there is an automated mechanism that can uncover every flaw and detect every possible intrusion, our systems will always be unsafe. My thesis is that, contrary to current wisdom, such a mechanism is possible.
We can verify this for a fact, since we have a finished product that does so in a couple of ways. First, the use of multi-level integrity means that code can be ranked higher than any user. Secondly, deterministic approaches to work, but they must key in end behaviors, which by the way, then become easier to automate.
-
Permalink Reply by matthew on
-
I also forgot to add that because more advanced malware is released in hardware devices your deterministic system would fail when someone reacquired their new baseline for adding more hardware. The user would be nonethewiser and so who would realy know?
Can a deterministic system work for faulty hardware?....A very interesting question...and maybe the deterministic system just guarantees a higher level of confidence but not 100%.
What are your thoughts on the malware in hardware issue? Also I wonder if i post an example it will be removed as it relates to government espionage?..hmmmm. Of course government espionage never happens....
-
Permalink Reply by Gene B. Griswold Ombudsman on -
This is my conceptual, mostly theoretical, idea of a new global, secure network to provide cybersecurity to the Department of Defense, then to Government, Universities, Business and Individual Users.
To begin we will use the Global Information Grid (GiG) as our foundational structure to be broken down into segments and/or sub-networks for risk analysis, classification and assignment within the Tier categories and sub-categories.
Let us use for our “backbone” of this network existing fiber optic cabling globally with the redundant backup and expansion of switched, wireless, and satellite networks.
Starting with our highest level of DoD assets on Tier 1, at each primary access point to the fiber pops (Federal Access Point) we install mil-spec dense wave multiplexers and encryption switches. This may be accompanied by a high level or supercomputer DNS processor running encoded algorithms that are “clocked” in synch with every other Federal Access Point.
All of these Federal Access Points are under the guidance and control of a single Thinking Machine (Artificial Intelligence) of multiple supercomputer nodes with adequate size and speed.
We will use an existing architecture known as GINA (Global Information Network Architecture) as our basic overarching governance. GINA will be greatly enhanced and further empowered by supercomputing ability and the communications switching and monitoring tasks. Her evolution will be all encompassing in scope and ability.
GINA’s overarching governance to the global network will provide several new primary and ancillary functions. First, GINA will maintain large blocks of IPs and assignments for each and every Federal Access Point, Switch and Multiplexer. The IP blocks may further be decimalized* by DoD internally as sub-networks. (*internal process to be discussed)
In a simple sense, GINA will reconfigure the entire backbone every fraction of a second between the FAP’s (Federal Access Points) The IPs for every switch and hard asset (those assets not moving or connected wireless) connected to the backbone will “whirl” the IPs at a rate and in synchronous “orbit’ only know to the GINA’s system program. I believe that if this is done correctly, the hard assets may be compared to sound vibrations and phase shifting, in that the IPs will “phase shift” and the hard assets will “disappear” and become invisible on the external network. Think of it as a “liquid” connection.
So basically all network switches and multiplexers will be changing in unison and in harmony, each inference with a totally new and unique reconfiguration all in a hundredth or thousandths of a second..
The sub-networks and decimalization could be applied to Tier 2, 3, and 4 also and only GINA and the switch/multiplexer node would know that a sub-network was operating on “in-house” decimalized IPs.
And again assets would be invisible in this protocol.
Other Clouds and Networks and Tiers 1, 2, 3, 4, 5, 6, including Wireless are added to the secure network by risk analysis with Global Identity Management functions, managed globally and by Tier and by GINA.
The added function here will be in GINA Master Network Control System using high level Artificial Intelligence (AI) to identify usage and access privilege with operational standards so that if there is any deviation from the normal activity of a User it will be recognized immediately.
Each and every asset to be connected to the secure network must be done so individually and with strong intent. As each Tier is brought on the network, every asset will have its master IP and/or set of IPs which will be integrated in relation to the critical nature of that asset.
Human assets will ultimately be required to maintain a secure biometric identification and authentication procedure. High level human assets must be secured accordingly. Depending upon security level access implantable chips will be required for network access. Other multi-nodal biometric identification methods may be accepted at lower levels.
Biometric Identification technology enhancements and current authentication technology will allow for acceptable level access control. They like all other assets will have an Identity Management Plan with User privileges.
Understanding this method of secure access may not be forced upon anyone. This is completely voluntary yet will remain an absolute necessity for connection to the Network. Other obvious benefits of the biometric identification will be in citizenship, immigration, health care, and banking.
All Users are monitored by GINA for adherence to policy and to mitigate future risk.
In theory you would like to allow every one, anywhere, to connect with anyone, anywhere. But the truth is everyone does not need to connect with everyone at least for now.
For the top-tier networks serving DoD what you need is for Col. Richards to have User authority to connect with Combat level troops, wherever he is. So whether he is in a commercial jet over Los Angeles or in a Hercules C-130 over Qatar, he can connect immediately and securely to the assets in his privileges. Or his access is rated and prioritized top-level accordingly.
Should he require outside communications he initiates though separate channels allowed by GINA.
GINA manages the secure, multi-nodal switching system of all communications on the GiG.
The same technology and User level permissions and privileges will allow broad based communication between everyday Users.
Another question is how the high level Tiers communicate outside their area and how others can communicate to these assets. First it would only be in “safe” times and no elevated threat. That causes new policies to override existing.
Every Tier and every level has a risk association and management plan. During times of emergency all bandwidth would be allocated to Priority Users as defined by Dod and Whitehouse with service level declining or being not available to all non-emergency personnel.
GINA while being a centrally- based and managed artificially intelligent thinking machine will have network node facilities for distributed processing and speed of response to geographic demands and all communications non-warfare will be switched and routed by GINA using secure supercomputer based proxy servers integrated with existing public, private, and commercial networks.
GINA shall serve as the overarching global proxy server system and will require much additional configuration and programming than presently discussed, however the framework as presented makes GINA an attractive starting point.
Signed;
Gene B Griswold, Ombudsman
Reference documents below.
The Global Information Network Architecture (GINA) Technology Framework, LTC Ron Tudor, JD / Prof SBPP
Department of Defense, Global Information Grid (GiG), Architectural Vision
-
Permalink Reply by matthew on
-
Strangely enough apart from the AI bit and the overly rediculous explanation of on-the-fly changing of ip addresses in the internal structure and all the risk analysis ..is very similar to how things work at the moment.
And believe it or not people are trying to get away from it because it doesnt stop cyber attacks.
-
Permalink Reply by NITRD Cyber Security on -
The real problem is that the general model on which cybersecurity is
built, taught, and is evolving towards is focused on what products can
do and not on what people can do. In the end it's just full of excuses
from stupid humans to unstoppable attackers. None of that's true. The
fault is in risk which is mostly about guessing-- guess what the next
threat will be, guess where the vulnerabilities might be, and guess
what the asset is really worth and from which perspective it should be
assessed. I am happy that the focus includes trust because it should
be already replacing risk in security models. With attack surface
metrics to find which interactions are uncontrolled or poorly
controlled and trust metrics to determine where to focus the resources
for controls, cybersecurity is that much more attainable and
manageable. There's a reason why NIST is interested in OSSTMM 3
(www.osstmm.org) research which includes these things.
Sincerely,
-pete.
--
Pete Herzog - Managing Director - pete@isecom.org
ISECOM - Institute for Security and Open Methodologies
www.isecom.org - www.osstmm.org
[Posted by NCO/NITRD Admin]
© 2012 Created by NITRD Cyber Security.
