2017-11-28 By Robbin Laird and Ed Timperlake
It is clear that information system security and appropriate defenses is a very significant issue.
However, shaping an effective way ahead, which both gets the job done and shapes rethinking which can lead to further progress is more difficult that simply buying a software patch.
It is putting all things “cyber” in proper context.
Cyber is simply a digital dimension of storing and moving information.
It was President Trump’s campaign pledge to focus on helping rebuild America’s infrastructure that presents a perfect opportunity to leverage the rebuilding of domestic infrastructure in the United States.
This effort needs as its predicate, cyber defense.
We need to create the defense of many information systems that must be “fail safe” to consistently and securely empower America’s critical national assets such as a power plants, oil refineries, nationwide power boosting distribution grids, and damns.
Recently, we spoke with Secretary Michael Wynne about how to shape such an approach.
Secretary Wynne in government and also at the very senior level of American Industry has been an important cyber security defense policy maker and visionary technology strategist.
He is now emphasizing the need for a significant rethink on how best to proceed.
Recently, Wynne spoke to the Association of Old Crows about cyber domain security, and that presentation is an appendix to our interview.
Secretary Wynne: “We have to review the area of cyber protection from a whole new light and build from an understanding that we have incorporated a fundamental flaw into our communications, into our computations, into our intel databases and into our daily lives.
“There is a mathematical flaw built into the system directly traceable to violating a key rule of systems engineering: You do not any longer know the connection between the outputs and inputs of your system.
“The solution I am focusing on would prioritize dealing with data at rest and would focus on the computational capabilities of gate arrays.
“We have put our efforts predominately in the evolution of the digital integrated circuit, and not into the analog integrated circuit.
“So we now have a problem.
“We have a direct mismatch between the quest for protection and the quest for convenience.
“Presently our way of war and our efforts at productivity are largely based in the convenience of distant data communications and control.
“Unfortunately the investment in learning and technical capability into the digital integrated circuit has zoomed ahead and offered operational capability, operational convenience, distant updates; things that present obstacles and challenges as to whether we want to design secure replacements or give them up.
“We are not easily walking this back.”
Our discussion focused on the importance of an information strategy which would differentiate between efforts to protect core data, the keys to the kingdom so to speak, which can be found in data or rest or in storage versus perishable moving data, which is much harder to protect.
In the beginning of the industrial age direct information feeds from machinery were analog devices steam and pressure gages.
Now those are for the most part digital read outs.
Consider, the difference between a precise 19th Century Swiss watch and today’s Iphone computer chip that also gives very accurate time.
The analog watch can run down but the I phone also has its inherent weakness as it can be attacked from afar by electronic means.
Each has strengths and weakness, but if accurate time is a life or death issue, then combining the strengths of both by wearing an analog Swiss watch and also carrying a digital phone one would have a very safe and secure idea of the accurate time.
It is the classic case of the best being the enemy of the good, if one reaches for a total cyber security solution, one ends up with more insecurity than security.
“By focusing on building out analog circuitry gate arrays, I can see clearly means and methods to shape a way ahead.
“This will slow down communications and operations at first, but as we develop, learn, and apply the kinds of inventions we have seen with digital integrated circuitry but now with analog integrated circuits, we will see communications and operations speeds restored.”
In effect, by differentiating between data in motion and data and rest, one can target the focus of innovation in the enhanced security effort.
“With regard to data in motion, the invention of block chaining is providing for encryption techniques and capabilities that are key elements for data protection.”
With an informational policy within government that makes protection decisions based on data in motion or data at rest, then a cyber defense strategy can be effectively built.
“I think you should prioritize what you want to protect at this point in time from what you might want to protect five years from now, ten years from now and let the system virally develop corrective actions on its own.
“I want to protect the dams. I want to protect the power plants. I want to protect the refineries. I want to protect the natural gas pumping stations. I want to protect nuclear power stations.
“At the same time, the Defense Department could prioritize infrastructure for the military services as well, such as Airfields, Port Facilities, and
“I would prioritize right now both civilian and military infrastructure.
And if the President’s emphasis on rebuilding infrastructure goes into motion, it would make sense to require testable infrastructure information security as a key requirement for any receipt of funding as well.
“In many cases, many of the systems we would want to protect are mechanically designed, we are currently and would be overlaying a digital system on top of them and have for convenience relieved the problem of going to each unit operating and verifying that the systems are OK.
“Unfortunately, this has introduced vulnerability on a previously secure system.
“So, we need to secure this approach, and retain the convenience.
“The SCADA or Systems Control and Data Acquisition system is a digital process that we have overlaid on many of our mechanical critical infrastructure facilities as well.
“What I am proposing is simply to convert this approach into an analog gateway approach to provide cyber security and an infrastructure defense.”
In effect, the approach being suggested is to shape a built-in security system; drawing upon a secure, complete circuitry that cannot be affected by a distant device over the internet.
By building in security, one of the cost returns is avoiding the need to pay the endless cycle of software upgrades and protections needed for a digitally based system.
Appendix
Cyber Domain Security: An Outside the Box Think for a Different Future
October 17, 2017
Presentation to the Association of the Old Crows
Good Morning. I very much appreciate the very kind welcome an introduction to this important conference on the topic of Cyber. Cyberspace first appeared in a short story, then a novel ‘Neuromancer’ by William Gibson in 1984, an auspicious year. From introduction to a full-fledged domain of operations is quite a stretch in the 40 some years since.
My own background in the field of Cyber comes from a long history of interaction, which you will hear about later. Suffice to say that as a product of what I refer to as the University of Hard Knocks in the world of Cyber, wherein lessons are learned through mistakes and harsh criticism; as I used the benefits of this domain to push research in the domains of Air and Space, with cyber as a mathematics tool.
I now realize that I was experiencing both the benefits of society’s embrace of the realm of cyber and the mistakes that were once permissible but that now have taken on operational names of Mal-ware and Ransomware, and have increasingly been used against societal progress.
It is great to share this talk today with giants of Electronic Warfare. Which one can see as either a pre-cursor for, or an enveloping science. It definitely shares spectrum with Cyberspace. Let’s start this journey together in search of a different future in this Cyber Domain.
(Slide 2) The Theme of this conference is a clarion call to look at the Cyber to fulfill its promise of providing a truly beneficial outcome. I don’t want to eliminate the benefits that all of us have extracted from the domain, but work toward minimizing or eliminating the vulnerabilities that have confronted developers and applications companies as this domain creates the ‘Flat Earth’ that Author Tom Friedman predicted several years ago. Unfortunately, the enemy gets a vote, and is using this as an asymmetric space to gain advantage. As this theme calls for, let’s confront both the penalties and benefits, and define a path forward towards balance.
The aspirational point here is technology led us to this point, and technology, and hard work, might lead us to that point of balance.
(Slide 3) Given the aspiration as expressed on the previous chart, let’s start our journey with an overview of what I would like you to take away from our look into a different future. It starts with the physical domains and our reach for balance of risk and reward in those. Sometime smooth and sometimes rough, but we have a governing structure that we can look to and debate. One solid aspect is that these are, in effect natural domains, whether Ground, Maritime, Air or Space, we can see and feel these; and so have pushed for a point of balance as best we can. We can develop images in our mind and have lots of literature to recon with.
But in the area of Cyber. I would see this as man created, nurtured from a better understanding of physical elements, yet now comprising the fastest growing trade segment, and developing into means and methods of Military Operations to shape behavior of Nation states. The dilemma springs from an acknowledgement of our coping with actions and activities detrimental to command and control, whether Military or Civilian; and in reaching out to find a culprit; we land squarely on Technology. So; as we reach for solution, does technology also offer a corrective action. A corrective action that may alter the future, by restoring a physical control, reducing asymmetric advantage. While maintaining as much advantage in our current design and convenience as possible.
Next, to a more difficult question, and that is, given that there exists a corrective course of action, can we, knowing the technology, architect the roadmap to a different future, and will civilian society follow our lead. So; let’s proceed
(Slide 4) These are a random set of items, that represent progress in certain areas of a progress report on human adaptability. We can look across even this small list and ask were these corrective actions; or progress. It sort of reminds me of a famous assertion by a senior leader of IBM, still a terrific company, as he surveyed the future landscape; and could not imaging a change to desk tops or laptops, asserting that the centralization of computing was the best thing to happen; but totally missing that actual outcome.
Many of the ‘Old’ labeled systems continue to not only have merit, but their capability has been increased by some of the items from the ‘New’ column. One thing that can be said however, is that as society saw a benefit for replacing or improving the old, the movement overcame obstacles; and soon the changeover was being actively assisted by creative people. I say this because, if we have a situation that society sees a value in providing a corrective action to our current dilemma in the world of Cyber, there will be very creative people assisting in progressing from a vulnerable Internet of things to a more secure internet of things, while retaining a very surprising amount of the current derived benefit of sharing; globalization, and technological progress.
This realization would start with you in this audience, but lead to an amazingly different and better future.
(Slide 5) Knowing that we have constructed a very vulnerable domain does not mean that there is a general consensus that it is irreparably flawed. Indeed, there are many ‘Cyber Security’ firms operating all over the world purporting to have solved the protection issue, but end up on the rapid discovery of errors, publishing list on list of malware products; and providing an analytic look at where and how the ‘Hack’ occurred. The better hackers have no desire for discovery; and are pleased to gather intelligence for some unknown later use.
This is the difficulty with securing the internet is the false promise of anonymity and safety, and the major concern with making the Internet less user friendly with firewalls, blockages, and even encryption. Therefore, from a systems approach, one needs to accept the current state of play at bottom; and then seek potential solutions to determine their acceptability.
So we ask the fundamental question as to whether the very basis of the digital networks, Turing Machines, need to be replaced. Alan Turing, recently portrayed in the movie ‘The Imitation Game’ was a force in Math and Science whose device brought huge change to society, and seemed totally beneficial. This prompted his peers to as well examine the governing mathematics that Turing used and expose the flaws, which we will see next. His vision allowed our society to make the progress of great designs in Space, and great achievements. Then came the Internet; and the further discovery that the identified flaws took on greater importance.
Given this outcome, we come to the second and important step of identifying the constraints, barriers and guideposts for which an addressed change can and should take place. It is not in societal interest to leave in place flawed mechanisms, but it is hard for society to accept the required change as they want badly to retain the benefits.
Therefore, the pressing and profitable applications tend to lead the way; whether in the age of industrialization wherein Gears were first employed as water fountain art, fiber optic cable made its debut as multi colored lamps in the 60’s; and the age of distributed computers really started in the game industry, which plays a role into today. From today’s society; it seems imperative to protect that which society values; and restrain the infrastructure attacks; or the Ransomware attacks; which could morph into holding Nations hostage in a vote.
So, let’s now take a look at what happened right after Turing introduced his Digital Computing Machine.
(Slide 6) The counter proofs began straight away. This chart comes from the fertile mind of Dr. Joseph Mitola, a colleague who may be known to you. The graphic shows how the liar’s paradox entangles a computer that is trying to assign a truth value in a Turing-capable (TC) machine, and all current ISAs, busses, and networks today are Turing Capable. Inherently Secure Computing and Communications (ISC2) does not use Turing Machines, but rather employs a metaphor for reasoning, avoiding the inherent inconsistencies of formal (axiomatic) logics. Today’s computers have no consistent self-referential self-awareness, hence can never know whether they are secure or not. Malware is as invisible to the proverbial Intel-Windows/Linux or Apple systems as if there were root-kits everywhere since no TC system can ever be made self-referentially complete and consistent at the same time, per Goedel, Kleene, and the many distinguished computing theorists who have studied and verified their theorems in the subsequent decades.
But, the naysayers of the moment were essentially pushed aside as the Digital revolution got underway. There seemed to be no real issues raised just because the Mathematics and Logic was flawed. The large analog devices that were actually portrayed in the recent film about Turing were slowly and then rapidly replaced as the designs of Integrated Circuits, coupled with Moore’s law gave wing to development of Main Frames, Laptops and now Smart phones. But Mathematics cannot forecast the future, and therefore refuses to recognize the negative aspect of a performing system.
Let’s take a look at some emerging signs that we all ignored along the way. My version of ‘Cyber Hard Knocks’
(Slide 7) As we know together, there have been signs along the way that were not taken seriously; as many major programs were released as beta versions, with users enlisted to correct flaws in all sorts of programs. So, my daughter at State College was writing a paper in the library in the early 80’s when an old-fashioned cartoon Bomb flashed on her screen, froze her machine and counted down to zero where upon her unsaved data was erased. Well, after that she wrote no more than three sentences without saving to protect her information from this prank. We see this now as Malware. Though I could tell you many stories, we have seen a steady escalation to where there is expressed grave concern about national or criminal attacks either for power or monetary value
(Slide 8) These signs have continued to escalate; as Governments around the world found themselves subject to scrutiny or worse. They set up learning centers, and involved universities, and around the world have grown an industry which now has good motivation to continue in their professed line of protective work; so, the business of Cyber Security; and the contests have created interesting phenomenon. I attended a ‘Black hat’ convention and attended a class demonstrating how to ‘Hack’ and basically take over the operation of a smart phone.
Now; our legislators spring into action, passing laws and guidelines that are impossible to comply with; which then causes the legal profession to create their own definition of how much protection is enough. Not enough to actually protect, but enough to demonstrate an attempt was made. Thus, are the first stirrings of a societal response. With the rise in Autonomy; and Artificial Intelligence, we are awaiting what comes next.
(Slide 9) While Civil and Military Society is evidencing great concern; there is actually constraint on corrective action. Too much security reduces productivity, and increases the complaint from the workforce or the warfighter. What works in practice sessions is presumed to work in warfare. The same thing goes for the consumer, whose response is yes, we want better security, but do not mess with my convenience.
Meanwhile, we are becoming more, not less dependent on the internet. I list here just two areas where the internet is making inroads; and ignore autonomous operations, drone warfare, UUV’s; and dispersed Command and Control vital to Validation and Verification that underscore the American way of war.
Frankly we need to accept that IT upgrades might have to focus on security; but have minimal impact on productivity. Yes, we want to have it all; but are now truly worried about the bad people gaining the upper hand. So—we see the continued growth in Mal-ware detection. Citizens and Military Commanders must retain the belief that Nations are working for their betterment, and effectiveness—how can we be convincing—in the face of determined, persistent bad actors. This will take a change of course to convince ourselves.
(Slide 10) There is a huge concern that societal disruption, and a peculiar view of mutual cyber impact that is currently evident. Military and Civil Society also is starting to believe that the actual costs that they are bearing for the viruses, mal-ware; and malicious activity are not being summed; and the cost being borne by all of us; starting with the nearly twenty billion (US) spent on the Mal-Ware industry; and in our intensive Cyber Training.
Only in some tight knit circles is true talk of the cost being mentioned, as well as the likely impossibility of a cure.
(Slide 11) We’ve spent time on the current indicators, but should as well begin to see the edges of a future clouded by nervousness over how exactly to protect Intellectual Property; or emerging designs, much less the advanced Movie Film releases. I fear that with all of our society aimed to produce futuristic breakthroughs and educating our young in Science Technology, Engineering or Mathematics.
Do we signal that for all of their learning, the unprotected ideas will be lost? I also see concerns over privacy encouraging more and more degrees of security; which by their nature will impact society’s output. What of our Military Plans: Safe C3 Transmissions, targeting aided by data fusion.
(Slide 12) There are warnings issued all the time warning of vulnerability, but each time the using community rationalizes that convenience is better than complex security. With that understood, as the menace grows ever stronger, there should be a constructed Technically based response that blunts the bulk of Cyber Threats; but as well tries to preserve the convenience that society is benefiting from.
Note that we see the Military forces trying to decide how to make cyber work for them in the most meaningful way. In this instance, a societal decision to minimize Cyber Vulnerabilities, if implemented, would also reduce the importance of Cyber to Offensive Operations. Right now; the effect of cyber operations is quite asymmetric; where a small group can hold a large operation hostage, or deny it access to interchange. Minimizing the vulnerability would as well minimize the asymmetric quality of the Cyber Domain.
(Slide13) In arriving at this point I have postulated outcomes that have become in evidence. I wanted to pause and simply review where we are; and then move on to how society might respond. We can see the ideal future state, and then circle back to what we want in the world future in cyber.
(Slide 14) There is widespread awareness that there have been programs that try to bring order to a chaos brought on by bad or excessive behavior patterns. To drive a corollary, in the current design of the internet structure, we have a computerized behavioral flaw. To change, we must recognize that the previous statement is true.
We have delivered to society and our Military a wonderful tool that is flawed by its design; and has left our world more vulnerable to bad actors than we intended. This has been proven previously; but I wanted to emphasize that this was a violation of the core of Systems Engineering; and as a result of timing, this flaw has persisted.
As the internet blossomed, we essentially gave to unknown parties the ability to invade and change the basic intent of our designs. This is called Hacking. For those involved in Information Technology Design; the concept of beta testing using distributed users, essentially exploits errors. If, not all beta testers are forthright; they can retain access to flaws by their silence. This outcome, in the pure world of Systems Design and Test is fatally flawed; and requires a restart. In golf terms, this is a mulligan of epic proportions. What should we do with this described false start?
(Slide 15) Let’s look at where we are relative to this false start. In my experience when designing a flight control system, I inadvertently created a bad instruction. This instruction effectively pointed to a random number generator instead of my carefully crafted control table. This inadvertent flaw resulted in six hours of test data being generated to ensure I realized my flaw.
With one counter instruction, I fully repaired the flight system. But there is a lesson there. This was the edge between analog and digital; wherein my analog testers wanted to know every input versus every output.
But I as a digital designer was only interested in the path that worked. Now; I am a repentant digital designer, recognizing that violating this Systems engineering principal led to the present state. Society is in a search for a simple secure corrective action. This can’t be just talk and no action.
(Slide 16) Returning to the basics of systems engineering design provides a functioning base from which we can seek a solution set. The one we will pursue is ‘For a System, every output response should be linked to an input’. Followed by ’For a system there should be a tested and proven finiteness to the possibilities of output signals given a known finite set of possible inputs’
This describes a tighter design construct than we have been used to as developers; but it will yield the type of system our fellow society members expect of us; an Military reliance expects from designers. When we turn the steering wheel; there is an expected response; a scary prospect is with autonomous vehicles, ‘can we be sure?’
(Slide 17) In the nature of not wanting to seem like the best designer ever, I wanted to show some flaws. We have a saying that the best instruction comes from UHK, the University of Hard Knocks; when your design flaws are exposed to ridicule or correction by your peers or by customers, and through that failure; great learning is borne. I show here some of my beautiful errors.
But what they have finally taught me is that to correct the fatally flawed internet; we need a return to a solid base of systems engineering, and will require great discipline to effect any widespread correction.
(Slide 18) To effect this corrective action; all together we need to be resolute. Therefore, we need to start this process with a resolution and here it is. ‘Applying the concepts of Systems Engineering Holds out a path for a different future’. As the technical part of society; it is our task ahead to follow these steps, being ever mindful that we collectively have trained our members of Society in the convenience and productivity that is the benefit of even this flawed internet.
Thus, any correction we bring needs to retain these items; as we can’t envision retraining our society. I see this as removing and replacing foundations from buildings while retaining all else about the structure. This is no small task—and therefore I am grateful to have so many smart folks here today to get this started.
(Slide 19) This chart is clearly aspirational; but it does inform what a well-constructed future can look like; and what it will leave behind as a usable replacement for our current state. This requires researching what might be involved; and does something new to physics; or science need to be invented. Let’s take a look at that aspect.
(Slide 20) In fact our research has resulted in a substitute for the “Turing Computers underlying the Integrated Circuit’ Having watched the Imitation Game, a movie about the exploits of Dr. Turing during the world war period. I noted that his device was very complex as portrayed; and dominated by analog components.
Once Dr. Turing constructed the Turing Computing device, it has been the complete underpinning of computational techniques since. Simple, elegant and due to Moore’s law ever smaller yet more powerful.
We as a group have not tracked the growth in capability of Fully Programmable Gate Arrays (FPGA) which at their heart is a complex circuit design to execute logic of all sorts. Not easy to work with; and thus, not accorded the explosive growth; but development has continued; and the provided capabilities can now be harvested and put in place as direct substitutes for a wide variety, if not all applications of the current Turing Counterparts.
It is now time to follow the path of ever more powerful, smaller, with far less power draw—the path of the Fully Programmable Gate Arrays.
(Slide 21) Pausing a minute in our journey to assess where we are, and where to go. Where to go from here. Well; as indicated, we have found a better substitute, and now must organize to allow application of the Field Programmable Gate Array to underpin our quest for Harmonization. Organize where to start, and what is the least line of advance to limit societal resistance; while maximizing the revised benefits of security, coupled with convenience.
While as a technology sector; we have often talked of designing security into our systems; but have then shied away from really doing it as it impacted convenience. Now, there is a different approach. Our quest for corrective action Can Start with a call to action.
(Slide 22) Here is where we are today; and then tomorrow. This does not eliminate good user and developer discipline and self-security. In fact, both rise to levels of prominence that they have had over the decades.
But my point of emphasis is the requirement for total dedication in the Military and Civilian sector for change to restore the element of Systems Engineering, and bring back reliant systems as the order of merit.
(Slide 23) In this call to action, the direction is clear; but the prioritization will require organization and persistent determination. If we start with what might impact society the greatest, it is in the critical Military and Civilian infrastructure that all of us have struggled to provide at large; then we might support the phasing out of cyber based attacks by bad actors. Won’t happen overnight; but over a longer period; will narrow choices and as we call them attack vectors.
My first thought is the last line here. Society is now at risk, therefore next move is to protect, while continuing our own Cyber Attack capabilities, until obsolete. As stated earlier, from Hill Street Blues, ‘Let’s Do It to Them Before They Do It To Us’
(Slide 24) Thank you For allowing me to Talk of this Very Different Look at Cyber
With strong leadership; We can make this different Secure future a reality