Can Highly Secure Computing Defeat Cybercrime?
The EastWest Institute report claims that cyber-security is incorrectly based on the public health model of education, monitoring, epidemiology, immunization and incident response, but this model does not safeguard systems, even against petty criminals.
A military model is based on “active defense,” meaning “hack back and deter.” But massive surveillance goes with it, which upsets the public, is destabilizing, and can escalate.
Active defense profiles and retaliates against attackers. They are identified through forensic data traces in networks and where attacks occur. Active defense also includes preemptive hacking of foreign IT environments of both adversaries and allies, which can be provocative. The goal: threaten, discourage, or deter hackers.
China’s APT-1 group, a military cyber-espionage unit, hardly bothered to disguise itself and did not seem to care about covering its tracks, according to the report.
The report asks, “Why not get the basic technology secured so no one can attack strategically critical systems in devastating ways in the first place?
Highly Secure Computing (HSC) accepts the idea that it is not possible to construct totally secure computing systems and admits that they can be only “highly secure.” But being highly secure will greatly reduce active defense and surveillance. This new paradigm matches the actual threat, whereas military active defense is more dangerous than helpful, according to the report.
Widely deploying unconventional ideas spawned in research laboratories could permanently solve much of the cyber-security problem, the report says. These ideas include architectural redesign, data flows, minimal complexity, language and reducing network dependency.
Von Neumann architecture does not distinguish between data and programs, so attackers force computers to read data that make it execute a program differently, therefore installing an attack. The EastWest report advocates the Harvard Architecture, which distinguishes between data and executables and makes attacks more difficult.
Disallow flow of legitimate activity from one IT environment to another, making it harder for an attacker to navigate inside the system. OSs would not execute different kinds of code in different functional segments.
Reduce computational complexity with microkernels. Today’s Oss have tens of millions of lines of code that are exploitable, but a system with only 10,000 lines can be checked rigorously.
As with spoken language, the same expression can mean different things in computer languages. Attacks on computer networks intentionally cause divergent interpretations. The report recommends reducing language complexity and expressiveness to reduce misinterpretation.
Disconnect what does not have to be accessible through large external networks, like power plants for production facilities, thereby minimizing the scale of the risks.