Many years ago when time-sharing computing was in its infancy, I concluded that, if a computer had a connection to the outside world, it was by definition compromised. Then came the personal computer whose operating systems developers, mostly Microsoft, left data security out of their designs for expediency (and profit) sake ... and because connecting these "personal" computers was thought anathema. Personal computers didn't take long to kill the economic advantage of time-sharing and thus kill this technology. And then came the Internet with almost universal connectivity ... an opening a mile wide for cyber security breaches. Now, the advent of the "cloud" makes the protection of remote data storage and processing even more vulnerable, albeit convenient.
So what steps can be taken to start to protect today's electronic devices from these data piracy threats? Here are just a few:
- Develop the ability to isolate various levels of network interconnectivity. China already has the ability to cut off its entire national network from the rest of the world. Clearly this capability should be available to the U.S. as well as other sub-sectors of the Internet. It would seem to me that those providing networking hardware and software such as Cisco Systems could find a ready market for such a rigorous and scalable capability which might be automatically triggered by 'denial of service' attacks.
- In particularly sensitive applications, install computers that have no ports through which data can be offloaded onto any external storage device.
- Move all critical operating system components to microcode or even hardware which cannot be accessed anyway but through physical access to the computer ... and physically secure such access as one would a vault. Other O.S., interface and even some application code should be located in memory which generates a default if any changes are attempted to the bit structure. Action taken on such a default would be under the the control of the system administrator.
- Encrypt all sensitive data and applications with software whose keys vary in length with the degree of sensitivity of what is to be encoded. But don't assume any encrypted information cannot be decoded unless a truly randomized one-time pad is used.
And I'm sure other more sophisticated steps are possible. However such cyber security is expensive in both money and computer performance terms. But we are rapidly reaching the point were such costs can and need to be borne.
No comments:
Post a Comment