A Trusted Stack Enables Critical Infrastructure and Homeland Security Capabilities
Securing critical infrastructures like banking, communications, energy, transportation and government services and delivering homeland security capabilities like border protection, emergency response and protecting against weapons of mass destruction requires that a broad set of stakeholders communicate, coordinate and execute time sensitive missions that depend on people, software, devices and data. The successful execution of those missions relies on one common element – trust.
Today, establishing trust across complex information technology systems and the Internet is almost impossible. The trust decisions we need to execute these operations are currently based on stated attributes of particular components such as a person or a device. Identities of people and devices are easily spoofed or faked. The ability of determined adversaries to erode trust in people, software, devices and data can have significant impact on operations. A breach of trust – bad data, counterfeit hardware, compromised software – can impede critical infrastructure operations and interrupt the flow of vital services or prevent the successful completion of homeland security operations.
The future of critical infrastructure protection and robust homeland security operations depends upon an industry wide effort to build a trusted stack encompassing hardware, operating systems, applications, data and people. Building a trusted stack will enable and enhance core capabilities in both the private sector and government. Emergency communication, information sharing, collaboration and operational response all benefit from a trusted stack.
The trusted stack cannot be built by one organization. It also cannot be rooted purely in technology. Infrastructure operators and governments have a role to play in advancing End to End Trust. What are the unique requirements of critical infrastructure and homeland security? What industry and research projects are already underway that may be a part of the trusted stack?
Všechny reakce
- The trusted stack idea is a government's or corporation's wet dream, because it will give them tremendous power over citizens/consumers. I think from a user's point of view, this is an unwanted situation. It means everything (hardware, software, government, corporations) has to work with everything. It seems impossible to me.
Also, I communicate with my bank's website, even though I don't trust my ISP fully. I can do this because the internet is layered. I encrypt my traffic on the user level with SSL/TLS and I don't really care how secure the layers under it are. The cryptography used in TLS/SSL ensures the integrity and privacy of my connection end-to-end.
I am aware that of course this example is a simplification of the truth and that unlaying layers DO matter. But if each layer handles its own security we should be fine and we don't need to intertangle all layers from hardware to software to make it one big complicated mess. And note that complexity often leads to security problems.
Just my 2 cents. - Marcel really does know better... :) Oh, wait... Marcel... you closed-out this thread like Garry Kasparov against big blue, on a slap timer... wait. I didnt say that right. Oh Well. Mr Nicholas is right. At some point someone is going to control trust. What mechanisms need to be in place to ensure oversight, and best practises in the public's (as a whole) best interest.
...your move
Pappkartoosh
Just another speck in a fibernachi sequence of stars about to be reordered by Andromeda
