how to   CYBERSECURITY
How to keep Trump’s
cyber order from failing
Without a trustworthy operating system — especially for critical infrastructure — real cybersecurity is scientifically impossible
BY ROGER R. SCHELL
President Donald Trump re- cently issued the Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. Our nation’s first real cybersecurity initiative, however, began in 1981.
As a young Air Force colonel, I was assigned to the National Security Agen- cy to provide technical leadership as the founding deputy director for what came to be known as the National Computer Security Center. That initia- tive led to considerable successes in the area of protecting our government’s most sensitive national interests.
Our results required, as Trump’s ex- ecutive order puts it, “measures com- mensurate with the risk and magnitude of the harm that would result from un- authorized access, use, disclosure, dis- ruption, modification, or destruction of IT and data.”
Unfortunately, the three most recent administrations terminated support for those successes, and continuing cy-
berattacks have indeed compromised our government’s most sensitive infor- mation. For example, the CIA Vault 7 breach resulted from a failure of its IT infrastructure to enforce compartmen- tation that the CIA previously enforced administratively and through physical isolation.
The cybersecurity solutions defined at the NSA center could reliably en- force compartmentation, so perhaps I can offer my unsolicited advice to the Trump administration on how to make the new executive order succeed where the efforts of previous administrations have failed.
The past three administrations pro- cured defense in depth, secure develop- ment processes, information sharing, pattern recognition, artificial intelli- gence, other buzzword technology and research — all to try to block intruders and patch holes in operating systems.
Yet the root cause of failures remains the fact that without a trustworthy op- erating system, real cybersecurity is sci-
entifically impossible.
We must find and patch every (or
almost every) hole in an OS, but an attacker needs to find and attack only one hole. The recent National Institute of Standards and Technology Special Publication 800-160, “Systems Security Engineering,” recognizes this, and our NSA center did, too. If the Trump ad- ministration does not quickly procure and create a viable government mar- ket for secure operating systems, then the executive order will fail on its own terms.
All trustworthy operating systems have three properties:
1. Security kernel architectures. A security kernel sits underneath an OS and is integrated with a suitable hardware platform. Together with that hardware, it controls the information flow in a system. NIST Fellow Ron Ross said, “You have to go back to a leaner and meaner architectural construct \\\[for\\\] systems that are more trustwor- thy, secure and resilient.”
Trustworthy operating systems have:
1Security kernel architectures
2Criteria to mitigate software subversion
3Data classification for label-based mandatory access control policies
44 GCN JUNE/JULY 2017 • GCN.COM