Can Highly Secure Computing Defeat Cybercrime?

CIO Insight Staff Avatar

Updated on:

Can Highly Secure Computing Defeat Cybercrime?

Cyber-Security is Based on Health ModelCyber-Security is Based on Health Model

The EastWest Institute report claims that cyber-security is incorrectly based on the public health model of education, monitoring, epidemiology, immunization and incident response, but this model does not safeguard systems, even against petty criminals.

Many Prefer a Military ModelMany Prefer a Military Model

A military model is based on “active defense,” meaning “hack back and deter.” But massive surveillance goes with it, which upsets the public, is destabilizing, and can escalate.

Critique of Active DefenseCritique of Active Defense

Active defense profiles and retaliates against attackers. They are identified through forensic data traces in networks and where attacks occur. Active defense also includes preemptive hacking of foreign IT environments of both adversaries and allies, which can be provocative. The goal: threaten, discourage, or deter hackers.

Yet, Exposing Identity No longer DetersYet, Exposing Identity No longer Deters

China’s APT-1 group, a military cyber-espionage unit, hardly bothered to disguise itself and did not seem to care about covering its tracks, according to the report.

Ripe Time For Preventive High-Security ITRipe Time For Preventive High-Security IT

The report asks, “Why not get the basic technology secured so no one can attack strategically critical systems in devastating ways in the first place?

Defining Highly Secure ComputingDefining Highly Secure Computing

Highly Secure Computing (HSC) accepts the idea that it is not possible to construct totally secure computing systems and admits that they can be only “highly secure.” But being highly secure will greatly reduce active defense and surveillance. This new paradigm matches the actual threat, whereas military active defense is more dangerous than helpful, according to the report.

Fundamental Elements of HSCFundamental Elements of HSC

Widely deploying unconventional ideas spawned in research laboratories could permanently solve much of the cyber-security problem, the report says. These ideas include architectural redesign, data flows, minimal complexity, language and reducing network dependency.

Architectural RedesignArchitectural Redesign

Von Neumann architecture does not distinguish between data and programs, so attackers force computers to read data that make it execute a program differently, therefore installing an attack. The EastWest report advocates the Harvard Architecture, which distinguishes between data and executables and makes attacks more difficult.

Data FlowsData Flows

Disallow flow of legitimate activity from one IT environment to another, making it harder for an attacker to navigate inside the system. OSs would not execute different kinds of code in different functional segments.

Minimal ComplexityMinimal Complexity

Reduce computational complexity with microkernels. Today’s Oss have tens of millions of lines of code that are exploitable, but a system with only 10,000 lines can be checked rigorously.

LanguageLanguage

As with spoken language, the same expression can mean different things in computer languages. Attacks on computer networks intentionally cause divergent interpretations. The report recommends reducing language complexity and expressiveness to reduce misinterpretation.

Reduce Network DependencyReduce Network Dependency

Disconnect what does not have to be accessible through large external networks, like power plants for production facilities, thereby minimizing the scale of the risks.

CIO Insight Staff Avatar