Top Government Security Officials Call For Secure OS Development

WASHINGTON–One of the keys to addressing the widespread security threats facing both private and government networks is to develop more secure operating systems from the ground up and not rely on trying to secure existing ones, top CIA and Pentagon information assurance officials said.

Government securityWASHINGTON–One of the keys to addressing the widespread security threats facing both private and government networks is to develop more secure operating systems from the ground up and not rely on trying to secure existing ones, top CIA and Pentagon information assurance officials said.

The federal government, especially military and intelligence agencies, is facing a broad spectrum of threats from many different angles, from lower level attackers poking at their Web sites to nation-state actors and politically motivated groups looking to compromise key networks and exfiltrate sensitive data. Defending against this range of threats is becoming more difficult and complex all the time, and the technologies and approaches that are in use right now are not getting the job done to a large degree.

Speaking on a panel on pressing technological needs at the SINET Innovation Showcase here Wednesday, security officials from the CIA and the Department of Defense said that a return to the efforts to build a secure, trusted operating system would be a huge step in the right direction.

“What we need is a secure operating system. That’s the problem, if we’re going to have any chance of winning this battle, because we’re desperately losing it now. It’s not even close,” said Robert Bigman, chief of the information assurance group at the CIA. “We gave up some time ago on building a secure OS. We don’t have one. If there’s any game changer that would moves us in the direction of fighting back, it’s to reinvigorate the efforts of the ’80s and ’90s with a trusted operating system.”

The government has tried solving this problem itself in the past. The National Security Agency developed a set of security modifications to the Linux kernel in the 1990s and eventually ended up releasing the system to the public in 2000 as what became SELinux. The OS isn’t a complete rebuild of Linux, but rather an after-the-fact modification of it to add in some enhanced security mechanisms.

What Bigman and his colleague from the Pentagon, Richard Hale, the deputy CIO for identity and information assurance at the Defense Department, emphasized that what they’d rather see is a completely new, secure, trusted operating system–not a hardened version of Windows or Linux.

“Operating systems are really complicated and they have a lot of vulnerabilities that are latent,” Hale said. “We need to have an infrastructure that’s much less fragile and then add on from there. But that adds a new complexity and its own set of vulnerabilities. I’d love to see a much more sound infrastructure, but I don’t have a good sense of how that would come into being.”

There have been other calls for a trusted or secure operating system in the past, but among the many obstacles to its development is a lack of demand. Most vendors aren’t much interested in designing and building a product that has a limited use case, even if the potential market for it includes the federal government. The development phase would be long and government buying cycles are notoriously long and arduous. Without a guarantee that some large percentage of government agencies would buy a secure OS, it could be a fruitless pursuit.

However, the demand for a secure OS and better security in general should be coming from outside the Beltway, as well, Bigman said.

“Very few [companies] are addressing the security of the kernel and the APIs, because unless you are the vendor of the operating system, you don’t have the vision to do that,” he said. “Vendors are driven by what they can sell, and what they can get away with, frankly. As computing goes more and more mobile, we’re a smaller smaller part of their market.

“I can’t be optimistic, frankly. The only hope I have is that we somehow get to a nexus where banks, commercial companies and users start demanding better security,” Bigman said. “I haven’t seen it yet and I’m surprised.”

The way for such a change to take place is not through a government mandate, the panelists said, but through market demand and innovation from the technology community.

“The government mandating things, our track record isn’t real good,” Bigman said. “The only time it worked was the NSA saying, here’s how we build a secure OS. It may have been too early. I’m not so sure it wouldn’t hurt to try again, and maybe this time do it right and do it in conjunction with the market. But I don’t see it happening.”

Suggested articles

Discussion

  • Anonymous on

    Has OpenBSD been considered to fill this niche?  It is regarded as the most secure Open Source OS, if not the most secure OS period.

  • Anonymous on

    Yes, I was wondering the same thing.  Is OpenBSD not considered secure enough?

  • Rex Baze on

    Yeah, these "high-level experts" seem to have a little knowledge of BSD's existence or any risk-management concepts for that matter. OpenBSD is only considered the "most secure" operating based on the current number of exploits/risk associated with it. In other words, nobody gives a damn about exploiting it...yet. Associate the US government with BSD and I guarantee that you will see people attempt and eventually subvert the system. It is the nature of business and unfortunately sensitive government information and the systems that support it are among the highest in the risk spectrum.
  • Anonymous on

    i got an idea, put sensitive data on it own network not attached to the internet or any outside source problem solved.  

  • Anonymous on

    When you talk about Linux and open BSD as secure you really are forgetting, either intentionally like the Apple fans do, or unintentionally that the core kernel repository for Linux was broken into and pwned not two or three months ago.   The funny thing is that the crackers that got in left tracks and apparently did not know what the website contained.  The kernel should have been compromised.  People forget that the first infections were on Unix and derivative machines decades and years before there were any infections for Windows.

     

     

     

  • Enthusiast of the Freedom on

    What about Chrome OS (it's Linux, I know)? NSA wrote about it in good perspective... 

  • Anonymous on

    The Linux-derived Qubes operating system' based on "disposable vm" seems like an interestingsat tempt at a secure OS from the ground up.

  • 3 on

    Are you fucking kidding me?  A "trusted" platform from one of the largest spy agencies in the world.

     Who in their right mind would trust the U.S. Government and it's contactors to produce a truely secure OS?

     Oh yes......I'm sure that there is some fucking idiot out there that would!

     Please....give me a fucking break (.)

     (((3))) 

    PS: Link of the week: http://emptywheel.firedoglake.com/2011/06/27/nsa-managers-modified-or-supressed-studies-on-thinthread-and-trailblazer/ 

  • Kiril Varbanov on

    What about OpenBSD and NetBSD? Alterations possible, made it as secure as you want it to be.
    Return the changes back to the community, and we should be all happy.

  • Timo Knuutila on

    Reading Bruce Schneiers Secrets&Lies, this is like an echo of the realities told in the book already years ago. So what we have is lack of financial incentive to do anything. Probably also because the higher earners people are, the more possibilities they have on earning from grey or black market abusing all the vulnerabilities that exist, via infromation-laundering companies and people.

  • Anonymous on

    "What we need is a secure operating system..."

    Hey! We have known that for FORTY YEARS! A high-level defense department study was done in the early 70's to test the security of existing OS's and develop ways to modify them to be secure. The conclusion of the study was that it couldn't be done. The only way to get a secure OS would be to design it from the ground up with security as the primary objective.

    There was an opportunity to do this at the time of the paradigm shift from mainframe systems to networks of servers, minis and micros connected through the Internet. But of course it didn't happen. All the HW/SW providers wanted to get out systems with the most advanced capabililties in the shortest possible time. It's called competition, which of course always trumps security.

    So now Microsoft, Adobe and other vendors have "patch Tuesdays" (the MS name for it) every month. And yet security penetrations like STUXNET, RSA, botnets, and the theft of huge numbers of credit card and other supposedly secure data are literally a million times worse than anything that happened in the good old mainframe days. ...and still getting worse!

    Are we just now re-learning what has been known for FORTY YEARS?

  • 3xBan on

    So water is wet, we all know this.  And it is very easy to say the solution to all our security woes is a mythical OS.  Yes that is why we are losing the battle, we don't have the Excalibur of systems! 

    • Heavily segment your network, put the most sensitive information on its own network controlled by sneaker net.
    • Whitelist the apps and internet.  Control what you know, block what you don't.  This would include proper filtering both web and even domain requests.
    • Put as many obstacles for attackers so that if they do manage to breach, it will take a very long time for them to get what they want.

    There are a bunch of other items, after all the HW/SW is configured properly, you still need to educate the users.

    As for developing a proprietary OS, well sure, if you create a new OS that no one knows about, it will be very hard to crack it.  Google created their own OS, built their own servers and implement many strong security controls throughout their enterprise, but they were affected by Aurora.  So long as there is software and hardware, there will be people to crack it.

  • Rich the Mongoose on

    BSD has its warts as well. All OSes built to date have security "warts" because none was built with security as a primary requirement to start with.

    Bigman is right we need to go past the UNIX paradigm thinking into something new. Aside from all its advantages and iterative improvements, UNIX is 40+ years old. We do need a new OS. The problem is the market will resist this change since it's cheaper to fix, forgive and forget than start from scratch.

     

  • Anonymous on

    Governments don't want a secure OS, they got the entire technological industry telling them everything your doing. Google records all your searches, they turn this over to governments. Firefox w/Ghostery currently has 667 web bugs in it's database. Slashdot for Confidential-Data-Not-Safe-On-Solid-State-Disks. Slashdot: German Politician Demonstrates Extent of Cell Phone Tracking. US News: The snitch in your pocket. ISP's record all your web traffic. Wired: Whistle blower outs NSA spy room. Slashdot: NSA backdoor creates security hole in Windows. Apple hires David Rice. New York Times: New Web Code Draws Concern over Privacy Risks Browser , Flash, Silverlight, HTML cookies, EverCookies. Lifehacker: Facebook is tracking your every move on the web Search Apple: Apple-Q-A-on-Location-Data.html Cellbrite devices. theNewspaper: Michigan Police Search Cell Phones During Traffic Stops Thinq_: Creepy app warns of an end to privacy theguardian: Google may use games to analyze net users Wikipedia: Remotely activated mobile phone microphones ABCnews: OnStar reverses privacy policy, won't track non-subscribers The Australian Financial Review: Peeping TomTom sells your every move. "Firesheep" Wall Street Journal: MasterCard and Vista to use your purchases to target ads online.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.