WASHINGTON–One of the keys to addressing the widespread security threats facing both private and government networks is to develop more secure operating systems from the ground up and not rely on trying to secure existing ones, top CIA and Pentagon information assurance officials said.
The federal government, especially military and intelligence agencies, is facing a broad spectrum of threats from many different angles, from lower level attackers poking at their Web sites to nation-state actors and politically motivated groups looking to compromise key networks and exfiltrate sensitive data. Defending against this range of threats is becoming more difficult and complex all the time, and the technologies and approaches that are in use right now are not getting the job done to a large degree.
Speaking on a panel on pressing technological needs at the SINET Innovation Showcase here Wednesday, security officials from the CIA and the Department of Defense said that a return to the efforts to build a secure, trusted operating system would be a huge step in the right direction.
“What we need is a secure operating system. That’s the problem, if we’re going to have any chance of winning this battle, because we’re desperately losing it now. It’s not even close,” said Robert Bigman, chief of the information assurance group at the CIA. “We gave up some time ago on building a secure OS. We don’t have one. If there’s any game changer that would moves us in the direction of fighting back, it’s to reinvigorate the efforts of the ’80s and ’90s with a trusted operating system.”
The government has tried solving this problem itself in the past. The National Security Agency developed a set of security modifications to the Linux kernel in the 1990s and eventually ended up releasing the system to the public in 2000 as what became SELinux. The OS isn’t a complete rebuild of Linux, but rather an after-the-fact modification of it to add in some enhanced security mechanisms.
What Bigman and his colleague from the Pentagon, Richard Hale, the deputy CIO for identity and information assurance at the Defense Department, emphasized that what they’d rather see is a completely new, secure, trusted operating system–not a hardened version of Windows or Linux.
“Operating systems are really complicated and they have a lot of vulnerabilities that are latent,” Hale said. “We need to have an infrastructure that’s much less fragile and then add on from there. But that adds a new complexity and its own set of vulnerabilities. I’d love to see a much more sound infrastructure, but I don’t have a good sense of how that would come into being.”
There have been other calls for a trusted or secure operating system in the past, but among the many obstacles to its development is a lack of demand. Most vendors aren’t much interested in designing and building a product that has a limited use case, even if the potential market for it includes the federal government. The development phase would be long and government buying cycles are notoriously long and arduous. Without a guarantee that some large percentage of government agencies would buy a secure OS, it could be a fruitless pursuit.
However, the demand for a secure OS and better security in general should be coming from outside the Beltway, as well, Bigman said.
“Very few [companies] are addressing the security of the kernel and the APIs, because unless you are the vendor of the operating system, you don’t have the vision to do that,” he said. “Vendors are driven by what they can sell, and what they can get away with, frankly. As computing goes more and more mobile, we’re a smaller smaller part of their market.
“I can’t be optimistic, frankly. The only hope I have is that we somehow get to a nexus where banks, commercial companies and users start demanding better security,” Bigman said. “I haven’t seen it yet and I’m surprised.”
The way for such a change to take place is not through a government mandate, the panelists said, but through market demand and innovation from the technology community.
“The government mandating things, our track record isn’t real good,” Bigman said. “The only time it worked was the NSA saying, here’s how we build a secure OS. It may have been too early. I’m not so sure it wouldn’t hurt to try again, and maybe this time do it right and do it in conjunction with the market. But I don’t see it happening.”