Enhance cybersecurity awareness and survivability for DoD, industry partners, and academia in the face of the ever-increasing threat of cyber attacks. Cybersecurity (CS) includes managing risks related to the use, processing, storage, and transmission of information and the systems and processes used for those purposes, including analog and physical form. CS includes information availability, identification and authentication, confidentiality, integrity, and non-repudiation as well as the economic considerations with respect to selection of CS techniques, CS processes, and industry trends.
Do not look for the silver bullet solution.
Government needs to stop thinking about a silver bullet solution that will protect every computer and start thinking about a solution to protecting the really important industrial plants. These are the plants that involve our water supplies, electrical plants, etc. These are the target that an enemy of the US will want to attack.
These plants can be protected by turning general computers with large numbers of executable programs into limited programs with limited numbers of executable program. The limited number of executable programs would be protected by trip wire, and before an executable program is activated a check would be done on a program there would be a check that the signature for the file matches the tripwire signature for the file. The weakness of tripwire is that it does not do a check when a program file is activated.
A cyber attacker may be able to access a limited computer system but the attacker will not be able to activate a malicious program on the system since there will not be a valid signature for the malicious program.
The signatures for the programs would be stored upon a read only devise and this would prevent an attacker from using a valid signature for the malicious program.
The limited system also should not have any programs that load programs at start up. If this was adopted by general programs it would make it harder for hackers to have their malicious program activated at start up.
This is not a solution for all computers but it can be a solution for important systems.
There will be even more protection for these systems if there is only access to defined websites. There is no reason for an operator on a plant system to have access to any website.
By the way this idea was sent to various DoD organization in 2002.
You must be logged in to reply to this topic.