2016-12-01 By Michael W. Wynne, 21st Secretary of the Air Force
Summary
It is time to wake up the liability lawyers and truly drive change in the Cyber Security Field.
Corporations that are paying weekly or monthly protection money, are really stuck in a belief system that is naive. Its saving grace is that it currently protects them from liability suits from attorneys that also believe that Cyber Security is impossible, that hackable systems are a societal issue, not a correctable technical fault that has infected our networks.
This is a false mantra that needs to be questioned.
Insurance companies that are the real suckers in the deal routinely pay out losses, and now ransom money to keep our ailing system afloat in this belief system.
Folks, this is not religion, not a belief system; technologists stuck our society with a flaw identified in 1934 when Turing Computers were introduced.
This flaw has been identified and is being exploited over great distances with the spread of the Internet.
The federal government wrings its hands over exploits, and one wonders where are the innovators that were supposed to protect us.
Well they are here; in the form of Analog Programmers, using analog systems to mimic Internet Appliances.
The Problem; it is cheaper to pay the protection money than correct the fundamental flaw.
What price freedom, you ask, why pay protection money to the wrong gang.
The Cyber patching industry is not the Cyber exploitation industry, which is sophisticated, and National in Character.
We now know the answer is Analog, let’s design in security; let’s get back our freedom.
Background
Academics have known since 1934 that Turing computers were and remain inherently vulnerable to hacking as Godel and Keene Mathematically proved, and confidently expressed that proof in the years following.
The times were different; and computers were just aborning, and abandoning a rule of circuit design to firmly comprehend the relationship of every input to every output seemed acceptable when operating in isolation.
As society wallows in the deceit that a software patch can save the Turing Computing Machines that underlay the present internet, we find even senior security officials such as the Chair and Co-Chair of the Intelligence Committee espousing the thought that protection is simply unavailable.
This is not fact based, but has grown to be the popular myth. This mythology has led our society to lose billions of dollars to the phenomena of Hacking.
Hacking is the exploitation, usually from a distance of the identified flaw in the Turing Machines that populate the Internet appliances. Worse; this mythology has stymied our Intelligence and Security Agencies from offering protection to America’s institutions.
So; time for a giant do-over, time to reassess where we are in the technology world. From the world of linear programming, time to increase the penalty function with the intention of introducing another technology path forward.
How this can best be done is by first identifying an alternate path that is becoming more and more well known, Using Analog Computing to mimic the intended digital circuit design, and truly design in security.
Then by asking simply, why are we still vulnerable; is that now by choice, risking our security, risking our wealth, risking our future Intellectual Property?
Is the now known corrective action too expensive, or just different?
Returning to complex circuit design to mimic the intended digital circuit can and should underpin the ‘Designed in Security’ our society seeks, a proper defense.
Current Situation
Whining beats correction.
We often boast that our innovators are the best in the world, but I am now worrying that our advantage is eroding as competitors around the world have basically invaded our collaborative activity with sophisticated Hacking, and proceeded to drain our innovative activities into their engineering designs.
We whine to them, and wring our hands. This is an awful response; and can’t represent the best of America.
But, the Capitalist will not innovate so long as the penalties are small, and the rewards are not clear. S
o; let’s begin to raise the penalty function, by refusing to pay for losses, whether caused by Corporations not moving to protect; or Banks settling Hacked accounts.
Let’s turn our attention to converting existing systems to retain functionality, but in the safe mode.
This is a far better use for the eighteen billion dollars now spent ofn the protection racket.
Finally, let’s understand the role of Government is allowing infrastructure to be manipulated like the Dam in upstate New York; or fretting over the invasion of the ‘Smart Grid’ and basically threatening our society with Armageddon, with the loss of the benefits of the present Internet as it applies to government.
Where have they been?
Unfortunately; they apparently do not any longer see their role as lead innovator in this Communication Space. They have taken the role of follower to an extreme level; even as that role threatens the very freedoms we hired them to protect.
How many times do we have to see the Foreign Military Innovation combining Cyber Virtual Attacks with Physical Military Attacks before we awake with devastation to our backyard.
Government asleep at the switch does not make a protected society.
We now know the answer to this scourge, let’s get on with offering our society a real fix.
Then; the penalty function can be reduced for society, and systematically increased for commercial adaptation.
The government does not need to force change or its pace; it simply needs to show the way forward.
The National Institute of Standards (NIST) has essentially declared out loud the futility of the many solutions it has encountered, citing the patience of the Advanced Persistent Threat in many papers. Can they be clearer, yes, they can identify the benefit of analog in correcting the flaw.
Where, frankly, is NIST in helping our society move forward, in lieu of further whining about the problem.
Looking Forward
Society is slowly becoming aware that the current stream of denial is a scam and they are tired of our clinging to a belief that they must remain unprotected.
Right now, they are riding an unending strife curve; and the alarms are beginning to sound as if the end of life as we know it is nigh again.
It is seeping into engineering and into design that those that have stayed with Analog are immune to this Internet Hacking, this distant and malicious, threat.
Whether aircraft safety systems, or in some of the most carefully protected areas within the Military or Industry; suddenly what is old is new again.
Our tort system is a marvelous tool for shaping our society.
Can it be used to spark change where government used to be the driving force?
It is a difficult thing to basically claim that our society is not protected by a choice, when the choice is not certified.
Basically Analog users are quiet in their situation, worrying that by claiming protection they will unleash either an inside or outside threat that they haven’t considered, but they are far better off than their digital colleagues.
What then do we need?
Right now, with all of the ‘followers’, we need a thought leader to certify the protective capability that the complex frozen analog appliance offers.
To be able to testify, if you will, that using frozen (e.g.; non reprogrammable) complex analog circuitry mimicking and replacing currently installed internet appliances satisfies the pent up desire for a corrective action against hacking; for designed in Cyber Security.
This would provide the way forward for our industry when the liability gets large, and the insurance companies raise their rates and demand action.
Protecting our society, whether water pumps, gas lines, or the electrical grid could fall to being regulated by the Department of Homeland Security to actually get protected, beyond worry –action.
Infrastructure Owners can be realistically tasked to put in place protected SCADA Systems, with motivation and support from the Department of Homeland Security, which can design and approve frozen analog complex circuitry.
These systems could then replace the currently installed Internet appliance.
Security teams from the agency who routinely monitor security procedures for these assets, can as well advise of security concerns from the internet facing appliances.
Once this breakthrough is underway Internet Service Providers, router designers, and server designers can then look to provide needed support to agencies and public corporations to protect them as vital economic assets.
Society is not stuck, but thought leaders are, time for a change.
Let’s raise the Penalty Function to force design innovation and change for the better. It can and should be one of the roles for government,
Thought Leaders should not be lawyers, and insurance companies, but the technologists that brought us this situation.
Where are they?
Also, see the following:
http://sldinfo.wpstage.net/shaping-a-new-approach-to-cyber-defense-time-for-analog/