There is a lot of talk in the federal government about how hard/expensive it is to have good information security. That narrative is also part of the cyber warfare discussion currently seeking rampant funding. When the political machine finds a mechanism for building empires the actual solutions often are obscured by the blatant profiteering. Solving the information security problem is fairly inexpensive but the solutions take some thinking. Don’t expect that from anybody who gets elected or takes money from contractors. So this is how you create a secure information system nation wide.
You accept that you can’t provide a completely secure system at any cost. The issue is that there will always be vulnerabilities available and for that set of vulnerabilities there are some number of threats, and that will always mean exploits are possible. What we want to do is slow the leaky bucket as much as possible. We want to get as close as possible to a leakless bucket as we can.
So, we look at information flows from human mind to human mind, through the processes and technologies of the infrastructures in our society. It doesn’t matter if it is an email, or webpage, or military orders for launching nuclear weapons. The information flow has to be considered as a cognitive process. I never said it was going to the “right” mind. In some ways we are taking the information from one human mind and pouring it into another human mind. Like you would pour water from one bucket into another. If you transfer water by simply pouring it, no matter how careful you are, sooner rather than later you spill some. This is a loss of control over that information.
Maybe you are ingenious and you siphon with a hose the water from one bucket to another. You have just created the equivalent of encryption technology. If we encrypt information that is in transit you effectively couple the two human minds. The information may be stopped but it is much harder to spill between buckets. The information though can’t be diverted to another source and have any meaning. There are attacks against this process like sucking the information out of the siphon hose much like a vampire. Those attacks are very hard to do and we just have to accept we won’t be perfect.
What about information that is at rest? We want to make sure that nobody knocks our bucket of information over and spills it all out on the ground. Regardless of force majeure there is always the possibility that the water in the bucket will simply evaporate into the atmosphere after awhile. Information has a tendency to leak into the real world exactly in this way. You can try sealing the bucket with a lid but then the purpose of the bucket is overcome by the security mechanism. This is exactly what happens when we try and make systems totally impregnable that they become useless. Highly valuable information has a tendency to evaporate or become valueless over time quicker than less valuable information. Imagine the buckets filled with gasoline rather than water. One match in the fumes and you has excitement for sure. One way to handle this is to make sure that information at rest is covered with some type of lid, but make sure you can still open the bucket when needed. If the information is volatile don’t use a bucket, instead use a gas can. Create a special tool for the specific case.
Finally, there is information that is being processed. Not just moved but used in a way to accomplish work. So now we are pouring our water from our bucket onto water wheel and that wheel turns to do work. The water at the end of the water wheel then is collected in another bucket only to be moved back and used again. It doesn’t take somebody actually watching this process to know that you lose a lot of water and have to keep replenishing from an external source quite often. When you process information it is a lossful system. Whether it is as obvious of loss as integer math, or a floating decimal error in the computer the system will erode the credibility of the data during processing. Much like we lose water from the water wheel. There are a lot of people who have worked on this particular bit of data churning but regardless the systems erode over time.
So, if we give up our leaky bucket theory of information security we can start to build information systems that really work. They are not expensive, they use current technology, and they are fairly simple. They may not resist every threat but the world would be a better place if we took care of 99.9 percent of the problems rather than running around with a lot of leaky buckets.
If we care about attribution and confidentiality of information in transit then encrypt all data. It is simple. No website should exist without a secure socket layer (SSL) certificate and using wide-open http should be the equivalent of farting in church. Government could regulate that but it would be better if people simply did it. Many hosting providers discourage the use of SSL by making the costs extreme. All for something that is basically free. Reminds me of cell phone companies and SMS text messages. Email, and any transmission mechanism can be secured by encryption. Do it to all modes and methods and call it good.
The hardware for storage is so much faster today that we have a lot of room to protect information at rest using encryption. There is no reason that all hard drives are not encrypted. Set the performance requirements and build the technologies. Almost every operating system vendor has the technologies already as part of the operating systems so why not make them the defaults. A few milliseconds of time is a stupid reason to allow a laptop to be scooped and used against your company. If the technologies aren’t considered mature enough then drive them to that point. No, this won’t fix everything but it will fix many of the issues of back up tapes and computer hard drives being stolen. We may likely lose some information when people mess up the keys or destroy data on a hard disk. No solution is perfect.
The idea of protecting data in processing links back to all the other elements. Our over all goal is protect data at all stages. From human mind to human mind we want to see the information conduits, storage mechanisms, and processing elements leak proof. The stupid human who tells the adversary at the bar what he is working on will still exist. Stupid humans are the reason for natural selection. If all the channels in the information flow are secured then you have a system that is much more efficient and likely to resist failure modes.
Again no system is perfect. But, any system protecting all of the above with current technologies (often free or already included) will solve more problems than they create. It is a much simpler and elegant solution than the leaky bucket brigade we keep throwing money at with no fix on the horizon.
The purpose of this article is to try and explain information assurance and security to just about anybody in a way that is accessible and simple. I figure if a five year old can understand the ideas in this document a legislator might with the help of a half-dozen staffers.