Commission on Enhancing National Cybersecurity

From executive summary: There is a slight suggestion of conflict between privacy and the goal of this commission. I hope that they do not believe that.

Overall I like the executive summary. As a challenge to the libertarian (myself included), I wonder why the market does not solve this problem. I wonder what is in the head the manager of some utility responsible for continuity of service, when this issue arrises. Perhaps he only reacts to past events and since we have had no nation wide breakdowns in electricity or internet it is not on his radar. Utilities plan for demand, but not for contingencies. I do not think the solution is to rework the PUC’s.

The summary refers to Appendix 1 so I jump there first. Recommendation 1.1 raises the DDoS question, which is very important. My only proposal there is DSR which is not a quick fix and I skip that for now.

I find in action item 1.2.2 the noun phrase “cybersecurity activities in order to identify, protect from, detect, respond to, and recover from cyber incidents affecting critical infrastructure”. I like the “protect from” part, but the ‘activity’ leading to that is a replacement of infrastructure rather than a ‘activity’.

What is this “Cybersecurity Framework”? (◉) I am reminded of recent federal rules concerning the nature of automobile head lights that set back the very goals they were designed for a few years. Such frameworks, designed to enhance, can impede.

Consider Action item 1.5.2.

Recommendation 2.2 (sponsoring R&D) is very interesting. I would assert that both the Keykos line of development (EROS & Coyotos) and perhaps seL4 have already achieved the goals stated there, except perhaps for a modern UI. The problem is not in research, or even development, but in marketing.

Regarding Imperative 3, “Prepare Consumers to Thrive in a Digital Age”. This is indeed an issue. I would characterize this as inventing a new UI that presumes new notions of what is in the user’s head. That includes things such as neither Apple nor Android has conceived of yet. These new notions are familiar to people, but not in a computer context. Perhaps this is a worthy R&D goal.

Chapter I

The introduction is well written and from the conventional vantage point. It seems addressed to those who might say “If the internet is broke, do without.”.

“The interconnectedness and openness that the Internet, digital networks, and devices allow have also made securing our cyber landscape a task of unparalleled difficulty.” I deny this. The new paradigm is different. It is not a matter of adding patch on patch, nor restriction upon restriction, but a new paradigm on thinking of authority. Much software needs to be discarded, and replaced by simpler, smaller and usually faster software. Besides security the benefits include integrity and reliability.

“We should be able to reconcile security with innovation.” Indeed security requires much innovation. Perhaps this plaint is stimulated from some Stanford professor’s comment that much of the Internet innovation that had taken place by about 2009, would have been impossible if the current (2009) firewall policies had been in place. This must be and can be addressed. In short, firewalls are the wrong solution.

“Past reports also contained several recommendations that, while arguably in the best interest of the security of the nation, were not realistic, given the market forces at the time they were written or in the present day. The Commission asserts that market forces and the needs of private businesses, governments, households, and individuals must be taken into account when putting forth recommendations. This Commission’s recommendations balance ambitious, long-term goals with practical and pragmatic solutions.” Indeed Keykos died in the market. People were sure that some lesser innovation would come along and suffice. They are still waiting.

A section with the structure:

I am sorry: Cybersecurity and privacy are in the same direction, not opposite directions!

Chapter II

“1. Technology companies are under significant market pressure to innovate and move to market quickly, often at the expense of cybersecurity.” I claim that with a capability paradigm the fast way to market is mostly the secure way to market. Security is not an add-on; it is the natural, simple, fast way of doing things, with caps.

“2. Organizations and their employees require flexible and mobile working environments.” Good point. Cap security at the OS layer allows the following pattern. If the device is tamper resistant then the platform can vouch for both the employer and employee to control their respective parts of the system. Interactions are even possible. The user is aware of the distinction.

“3. Many organizations and individuals still fail to do the basics. Malicious actors continue to benefit from organizations’ and individuals’ reluctance to prioritize basic cybersecurity activities and their indifference to cybersecurity practices.” I presume they refer here to phishing. “cybersecurity practices” are not nearly so onerous even today with sandboxed browser components. Other practices are simplified with YURL.

“6. Technological complexity creates vulnerabilities.” Indeed! Some of the issues they raise are addressed here.

“7. Interdependencies and supply chain risks abound.” Caps have nothing to add to solving the hardware supply chain problem. They have substantial to add to solving the software supply chain problem.

“9. Trust is fundamental.” This is still true. Well, actually ‘trustworthiness’ is fundamental. Too much unwarranted trust is the root of some of our problems. Caps may greatly decrease the number of those you must trust as a direct consequence of decreasing the amount of code that you rely on for security.

“The challenge is to ensure that the positive impacts far outweigh the negative ones and that the necessary trade-offs are managed judiciously.” The only negative impact of caps that I see is the initial disruption; but that ain’t small.

Chapter III

This chapter stimulated this aside.
I was recently saddened to learn that the precise clocks used to synchronize fiber communication links rely on GPS. GPS depends on satellites and would go out in case of hostilities, along with satellite communications links. You really want the fiber links to be up when GPS is down!

Once there were phones in landline termination offices over which engineers could cooperate when the switching equipment was not running. I wonder if they are still there. The engineers thought of such contingencies then. Why not now?

Several years ago there was a massive power outage around New York City. They discovered that some power stations were unable to do a ‘cold boot’; they relied on electricity to run the pumps that lubricated the generators.

Utilities conceived as ‘natural monopolies’ have cost structures imposed thru political means. Can they spend on protecting their service from extreme circumstances without permission of a Public Utilities Commission? In the truly private sector there is an even bigger dilemma: Of two competitors to providing some critical service one spends on unconventional secure technology. The other goes conventional. The latter is perhaps cheaper and wins in the market. I don’t see a simple pure market solution. The report makes similar points.

Overall I view this chapter as a set of recommendations on how to connect groups of people, instead of connecting software systems. I am pessimistic. As ‘software architect’ I imagine that the solution is introducing a new software paradigm and such is not even mentioned as a possibility.

Imperative III

I agree. It seems clear to me that just as people find it useful to interact with those we do not entirely trust, then likewise we will find it useful to interact with programs that we do entirely trust. Today’s UI affords no clues as to who we are interacting with. Dialog box boxes pop up asking for passwords to ask for vast authority to take actions whose result the user is not supposed to understand. Who is asking? What actions are to be granted? Which program is to perform the actions? It is alway supposed to clear from context. It is seldom clear to me.