A National Commission is urgently needed
By Stephen Bryen
To protect national security, the US government needs its own computer operating system and its own computer and network hardware.
Today, the US government, including the military, relies primarily on commercial software and hardware. In recent decades, this has led to an epidemic of hacking into government and military systems, mostly sponsored by antagonistic foreign governments. The main culprits are China and Russia, but others like Iran and North Korea are also heavily implicated.
The hacking has done immense damage. The United States has lost vital information on defense materiel which has been stolen en masse. Personal information, including security clearances for high-level government employees and agents working for the CIA, has also been stolen and used against us.
Worse yet, hackers pretty much know how to shut down or cripple major government networks. They have been practicing for years now.
The CIA, NSA, and FBI know this full well, but so far they have offered to try and fix what we have.
Even more troublesome, the rapidly changing world of commercial software and hardware regularly generates new security vulnerabilities. This is largely because most commercial products are made in a hurry to increase sales and thwart competitors, so the focus on safety is secondary at best. Regardless of industry claims that their products are secure, no software or hardware is truly secure.
It is not impossible to create secure operating systems, secure software, or secure hardware. However, it is mostly true that in order to create truly secure computers you have to give up many of the entertainment features built into them, including video, music, and games.
The government and military need a computer operating system and supporting software that is tightly integrated with secure hardware. This cannot be a commercial product for the reasons stated above.
Some believe they can enhance security around trading systems. Billions of dollars have been spent setting up security protocols, patches, encryption, firewalls, strong authentication and other measures, but they haven’t stopped hacking when faced to a determined and well-funded adversary. Even preventing amateur hackers is difficult, but a government backed opponent is really difficult. This is why the government calls the threat the “advanced persistent threat”.
In the film Casablanca, Captain Renault says “arrest the usual suspects”. If we are to fix the problem, we cannot rely on the usual suspects in the security community who make a living by sticking their fingers in the dikes. Now is the time to form a National Commission for Secure Computer Networks composed of disinterested experts to develop a new security approach.
The proposed National Commission would have the following general guidelines:
-Tasked to design a new computer operating system and new computer hardware that is not based on commercial platforms
– Task to create a security infrastructure to protect government systems against physical and virtual compromise
–Design a recording system for all operating systems, computers and networks
–Propose national security laws to protect computers and networks used by the government and the military
–Design a system that does not use the public Internet. Create a new independent secure backbone network
–Ensure that single points of failure are avoided for all applications and networks
–Ensure the entire system is encrypted (all information, all software, hardware access) and is organized on a need-to-know basis
– Insist that all government and military information be classified without exception, knowing that the existing narrow definition of classified information makes it difficult, if not impossible, to protect personal information, law enforcement and defense
–Use only US companies for manufacturing without any components from outside the US
–Never use public domain or community-created software routines to create secure systems
–Propose a system to intensively control all hardware and software in special laboratories dedicated to this purpose
The trillions that the United States invests in defense must not be wasted on vulnerabilities in computer networks. And in an increasingly unstable world, the United States should not risk the lives of its military men and women on enemies who know all about our defense systems and networks.
Time is running out on the ability of the United States to maintain national security given today’s information vulnerabilities. Only a high-level national commission on the security of our computer networks can imagine urgent solutions.
