While hundreds of other blogs publish their take on the pending announcement of Howard Schmidt to the post of White House Cyber Security Coordinator, I would like to make a brief comment on where our efforts are currently being spent on the Acalis secure processor in the overarching effort to make internet activities more secure.
Ever since the Center for Strategic and International Studies published their recommendations for Securing Cyberspace for the 44th Presidency (which was itself preceeded by a great amount of analysis and study), the press has been awaiting the designation of a ‘Cyber Security Czar’ by the Obama administration. The long wait for an appointee and the escalating drama of this position, and whether it has the right amount of administrative and directive power to fulfill its mission, has had a chilling impact on an industry struggling to come up with products and processes to meet our national security needs.
An expansive study performed under the interim appointee to the Cyber Security oversight position has done a good job of collecting and organizing the variety of legal, political, business, and technical issues surrounding a comprehensive national cyber security policy review. However, its conclusions have been abstract and all solutions are collaborative in nature (particularly towards ‘Government/Industry Partnerships’), necessitating some transagency oversight and cooperation.
Among the issues uncovered by this policy review, I would like to highlight one in particular relevant to the topic of secure processing: secure hardware. In a recently published white paper, I describe the investment currently being made from a variety of sources (Department of Defense, Department of Energy, various other agencies) in software, hardware, and secure architectures. I believe there is an unbalanced investment in software capabilities, and not enough investment in the type of secure hardware solutions that can prevent many of the vulnerabilities experienced today in commercial systems. This has been noted elsewhere such as bank security blogs, Government Computer News, and the final report from the 2009 National Cyber Leap Year summit funded by the Assistant Secretary of Defense for Networks and Information. This last report focuses heavily on ‘Hardware Enabled Trust’.
Many of the barriers to investing in secure hardware include straying from industry standards in hardware architecture, testing, and the sheer magnitude of coordination required to implement hardware changes to even a local internet communications structure. This coordination is one of the primary reasons that a strong coordinating office or ‘Czar’ is needed in cyber security.
One of the key points in this white paper is that state interests and state conflicts have already entered the realm of digital communications. Defending national interests means defining those interests and one’s ‘territory’ where applicable. Special purpose hardware devices and some controllable, verifiable hardware security capability that assures identity is necessary to further define policy in the cyber security era. In order to enable these new hardware features, more investment is needed in the area of ‘secure hardware’ for cyber security.
A variety of technologies will be needed to cover the scope of needs and systems under the umbrella of cyber security in order to provide safety to citizen use of the internet, safe electronic banking, operation of smart energy grids, digital transmission of intellectual property, and to prevent man-made disasters based on the vulnerabilities that come with modern convenience.