Abstract image of a woman sitting on books and studying on a laptop

Cyber Domain Security

ICSA, LLC, profile picture
ICSA, LLC

The document discusses the vulnerabilities of the cyber domain and the need for innovative solutions to enhance security in military and civilian infrastructure. It critiques the reliance on existing Turing machine technology and emphasizes the potential of finite programmable gate arrays (FPGAs) as a more secure alternative. The author calls for disciplined action and prioritization to transition towards this new technology and to mitigate risks associated with cyber threats.

Government & Nonprofit
1 of 25
Downloaded 40 times
1
2
3
4
Most read
5
6
7
Most read
8
9
10
11
12
13
14
15
16
17
18
19
Most read
20
21
22
23
24
25
CYBER DOMAIN SECURITY An ‘Outside the Box’ think for a different future Michael W. Wynne 21st Secretary, United States Air Force October 17, 2017
Cyber Domain Security The Promise of Cyber was for a better future in Command, Control and Communications The Vulnerability of Cyber returns C3 to the yesteryear Electronic Warfare on Steroids As Hill Street Blues would script: ‘Let’s do it to them before they do it to us’
Cyber Domain Security What I want to communicate today We Understand the Physics and Constraints of the Physical Domains? -  Laws, Agreements, and Mutual Enforcement -  Clear Image of Good and Bad Enforcement by Policing or Military action Today we are struggling with Vulnerability of the Virtual Domain—Cyber? -  Technology created a comfortable user friendly seemingly easy environment -  Bad Actors and Malevolent Designs meet each convenience with Bad outcomes -  How to assess: If this is a giant false start, and can technology solve the problem? If a False Start, can Military/Civilian muster the discipline to correct
Cyber Domain Security Old Horses Industrial Manpower Mechanical Revolution Vulnerable Circuit Design Wired Telephone System Regular Cellular Tubes and Gears Integrated Circuits-Turing Replacement Automobiles, Buses Mechanical Revolution Electric Power Hardened Circuit design Cellular System Smart Phones Integrated Circuit-Turing ?
Cyber Domain Security To Think ‘Outside the Box’ Need Agreement on the issue First: A: Examine whether the basis of Our Digital Networks (Turing Machines) need to be replaced B. Do Software corrective actions suffice Second: Examine the Barriers to effect a true solution Third: Prioritize the Pressing Applications to begin
Cyber Domain Security Thesis: TURING Computer Security is Impossible “This Sentence Is False” 6 If it’s true then it must be false, so Assert it false, and infer that it is true so Assert it true, then it is false, but … General Recursive ISAs Loop Forever Malware Goes Here Self-Deception Goes Here Proof: Gödel-Kleene: 1934: Halting Problem Identified Thus: Hack the Policy Reasoner Sony Root Kit “Ignore me” Stack Overflow “Do This” © 2017 Hackproof Technologies, Inc All Rights Reserved Hackproof Technologies, Inc – All Rights Reserved
CYBER DOMAIN SECURITY Early Warning Signs About the issue Pranks and Learning to Hack -  Incident in College Library deleting files not saved -  Defacing informational sites -  Diversion of searches US Government cites the issue -  Condoleeza Rice talks on www as wild wild west, with duping of ordinary users -  Unannounced Break-ins to data files leads to firewalls and encryption -  The US Air Force Mission altered to include the Cyber Domain Dire warnings up to present -  Loss of critical or Intellectual Data Files, Property -  Concerns about national attacks on infrastructure -  Cities, Health Care providers, Movie Studios files taken for Ransom
CYBER DOMAIN SECURITY Signs of an Issue: Growth of Private Armies Establishment of Public and private protection -  Unannounced Government Universities -  Announced College Training and learning -  Growth of web based ‘protectors’ -  Industry revenues top 20 Billion, and more Spy versus Spy erupts - Contests on Hacking -  Rise of ‘Black Hat’ convention, Hackers as teachers -  Platforms at risk-Autonomous Vehicles, some C3I, some Offensive How Much Protection is enough -  Legislators pass laws to protect public—not possible—Active Forensics? -  Industry Operators ask for guidance –what do we do? Resilience? -  Gate Guards, and Mal-detectors is cited as sufficient legal protection
Cyber Domain Security Signs of an Issue: Society’s response to Cyber Security Ambivalence because of loss of control -  We lock our doors, and cars, but follow instructions for IT security -  We look to Providers to set up protections -  Providers look to lawyers for liability relief Efficiency is higher in order of needs than security -  When security has requirements, employees complain about impact on work -  Consumer convenience and belief in anonymity Business/Military becoming more not less dependent on Cyber Security -  Movement to cloud, fusion, long range control -  Introduction of remote monitoring with after action audit to reduce costs -  IT upgrades focus on productivity, with security as a stated benefit -  Security maintenance for Mal-ware is a booming segment, post impact analysis
Cyber Domain Security Signs of Issue: Society’s response to Cyber Security Shaken Belief That Nations security service is the best -  Shaken by Hacking of Government entities—is hope a strategy? -  Corporations do not go public with loss -  Banks mark up for losses as cost of business Solutions Offered for Impact on daily lives -  Life Lock offers ID Protection -  OPM offered subscription to Insurance for impact -  Life goes on, both on line and physically; lot’s of targets, little impact Free Capitalist Society, does not see solution just ahead -  Lot’s of adverts on advanced protection—Guarantees? -  A belief that one can pay for protection if needed -  Only in tight circle does NIST warning about impossibility and its impact
Cyber Domain Security Signs of an Issue: Long Term Impact on Society Transfer to Start –up industries -  Cyber Theft first traceable to woolen mills using photographic memory -  Cyber Theft of Intellectual Property allows competition catch up—Pol/Mil -  Impact is loss of Economic and Military Margins Lack of Innovation -  Discouraged producers might produce less innovation -  Impact of theft creates second class industry, harder to remain dominant -  All of world society loses in cyber open season Emphasis grows on encryption and coding so minimize gains -  Last years fight over Apple Phone a harbinger of the future -  Clouds response is to encrypt and scatter data around multiple service centers -  Emergence of multiple media authentication—once reserved for spies
Cyber Domain Security Societal Actions required: The Enemy Gets a Vote Cyber Gang Tactics are changing -  Phishing going mainstream -  Never open an external file -  Insider Failures lead to ‘ransom-ware’ -  Insurance Companies are resisting costly policies, pushing protection National Level Cyber are changing -  Cataloguing unprotected sites, ‘white listing’ as gate keepers -  Leaving Sophisticated Advanced Persistent Code behind -  Targeting Infrastructure rather than just Command and Control Centers Combining Physical and Virtual Combat Forces -  Fully integrating cyber into combat profile -  Keeping what helps and discarding difficult targets -  Keeping Intel open to Cyber Capability of opposing forces
Cyber Domain Security Pause for Observations: Where to go from here? World Future in Cyber -  Cooperation or Conflict -  Innovation or Stagnation -  Protect or Remain Vulnerable Current situation -  Systems are set for productivity -  Convenience is compromised by Security -  Current Level of turbulence is tolerated, expected, exposing Civilian Infrastructure Economy to essentially military action, no retribution—bigger walls, deeper moats– counter Military Action? Future Desired State -  Retention of productivity and convenience -  Security is embedded, and systems are self checking -  Attack and Defensive force applications are returned to physical sciences, retaining protected Command and Control. Husbanding advantages to our own development.
Cyber Domain Security Pause For Observation: Where to go from Here? Twelve Step Program brought by Alcoholics Anonymous -  Stipulates that behavior change must start with admission of problem -  Included is a stipulation that a solution is present and must be pursued -  Determination and Discipline are required We have been involved in digital computing since 1930’s -  Though considered academic, by mid-1940’s large digital processors were in test -  These large scale processors were driven by analog elements, to accomplish digital outcomes -  The discovery of integrated circuits began to eliminate analog from designs Systems design has a base requirement to measure responses to all inputs to the system -  The emergence of totally digital systems forgave this violation of responses -  Beta testing and cycle of corrective action minimized self induced ‘Bugs’ -  The inter-connection of digital systems allowed for externally induced ‘Bugs’
Cyber Domain Security Where Is Society Relative to Issue of False Start? Society believes there is a problem -  Presidential Level Direction to resolve -  Broadcasts when major attacks occur -  Insurance Conferences are littered with Cyber Intrusions Legislators are discussing freedom and protection -  As early as March/April 2001, FBI acknowledged problem -  Military Services cited concerns in 2006, began to organize -  Few hearings in our congress do not involve Cyber Issues Cyber Conferences are every where, even here -  Stevens Institute held wide ranging conference in Washington back in 2010 -  There was, and still is worry and concern, detection and correction, whole network is in BETA test, looking for ‘Bugs’—now called Mal-Ware -  Cyber Industry now nearing $20 Billion and growing—Band Aids, or fixes?
Cyber Domain Security Where to go from Here?: Systems Engineering Principles There are high level principles -  Build the Right Systems and build the system right -  Do the right things and do the things right There are more specific principles -  Base the Development Cycle on removing risk and enhancing value -  Specifications flow up as well as down the architecture -  Decompose systems, not requirements There are base Principles -  For a system, every output response should be linked to an input -  For a system, there should be a finiteness to the possibilities of output signals given a known finite set of possible inputs -  The possibility of Garbage In; Garbage out is eliminated-corrected -  Externally induced inputs differing from known inputs are rejected
Cyber Domain Security Personal Experiences Working with Mechanical and Analog Systems -  Infrastructure largely consists of aging Mechanical Systems - Manufacturing applications are fine applications of mechanical/ analog -  Because they are electrically controlled, managing by observation was the rule Working in the pre-connected IT Space -  Broke a large computational system by overwriting the executive routine -  In controlling air surfaces with a Computer, put a random table access in control loop -  During a test of and educational system a smart colleague discovered no firewall between stored and random memory, forced shutdown Observation on Working in the connected IT space -  Mistakes, once called ‘Bugs’ and ‘Glitches’ now deliberate Mal Ware -  ‘Bugs’ and ‘Glitches’ naming reserved for development cycle, not operational -  Systems design seems to target development cycle, integration, as discipline no longer know for all possible inputs (finite, countable) there are known outputs
Cyber Domain Security A Technology Resolution: Applying the concepts of Systems Engineering Holds out a path for a different future -  Finding a Turing machine substitute -  Requiring Defined outputs for every input -  Effectively requiring corrections for ‘Bugs’; ‘Glitches’ and ‘Malware’ -  Restoring Operator Authority and Control -  Hardening Circuits to EMP or Power Infrastructure Surge -  Retaining Convenience and Productivity wherever possible
Cyber Domain Security A Technology Resolution: Applying the concepts of Systems Engineering Holds out a path for a different future -  This effectively restores problems to development, ending public issues of detection -  This nullifies the effect of ‘distant disruption’, hardens against Physical response -  This can retain the value of Cyber, but reduce Military and Societal Issues, through research -  Works in combination with Encryption for Privacy
Cyber Domain Security Is there such a device? We have together tracked the history of the Integrated Circuit, seen how it has grown smaller, yet more Powerful We have not tracked its counterpart in finite arrays– the Fully Programmable Gate Array (FPGA) Technology Finite Gate Arrays conform to the principals of Systems Engineering – measured, bounded, proven hardening techniques They have as well taken full advantage of the technology revolution of Small yet more powerful, fit into server board slots, can be on the Internet They only process as planned, requiring offline, physical updating
Cyber Domain Security Where to go from Here? Thus Far we have travelled a path illustrated by the twelve steps -  We have Highlighted a Military and Societal issue -  We have identified where we possibly took a wrong path -  We have essentially proven, both theory and practice that it is the wrong path -  Now we must evaluate possible corrective actions Do we have the discipline to restore the benefit while correcting the deficiency? -  Where to start? -  Can we prioritize the substitution set? -  When are we completed? Can Start with Call to Action
Cyber Domain Security n  Today the IC Turing Circuit Board hardware is dirt cheap and available as a plug in to any server; while the value is in the app that runs upon layers of software with myriad vulnerabilities. n  Tomorrow; the FPGA Board hardware, will be less expensive to own and operate, also as a plug in to any server. With no more layers of vulnerability. It will require more careful coding in the initial set-up, with integrated apps. n  In both scenarios Disciplined User Policies will still need rigor to insure no misuse; but once the FPGA is installed, like a mechanical gear, maintenance should be low. n  Such a Transition will take prioritization and determination — such is the essence of Systems Engineering Discipline and Control
Cyber Domain Security Where to go from Here With Known Solution -  Apply to Military Weapons, and Command and Control Systems -  Apply to Public Utilities, Electric Grid, Gas -  Ultimate Goal: replace ‘Turing’ enterprise, retaining advantages Prioritize: Yes -  This will squeeze out the Gangs, and ‘Mal Ware’ from Bad actors -  This will not correct development errors, but will allow correction -  Military and Civil is now at risk, therefore next move is to protect
Cyber Domain Security Summary This Cyber domain is one of vulnerable convenience, operating a society or a military does not anticipate malevolent action, absent ability to police The Enemy, either Nation States, or bad Operators is voting every day to make things worse Corrective Action starts the Hardware revolution, and possible reduction in software dominance First mover can have an enormous advantage: Both in Civil and Military applications Can be done but will take disciplined action Mirrors the change from Industrial to Electric Thank You For allowing me to Talk of this Very Different Look at Cyber With strong leadership; We can make this different Secure future a reality
Cyber Domain Security Sources 1. R.L. Dick, FBI, Testimony 4/3/01 2. AP News 3/24/16 T. Abdullah and E. Tucker 3. a. AP News 3/24/16 Abdullah and Tucker b. IBT World: Russia- NATO Cyber 10/14/15 C, Harris 4. WebSphere Journal 3/18/06 Six Principles of Systems Eng. M. Cantor. G. Roose 5 Recent Articles by Wynne, 11/2016 “It’s the Hardware Stupid”; “Paying Protection to the Wrong Gang”; “Really Protecting Democracy—with Analog Computing” www.SLDinfo.com.

More Related Content

PPTX
Information Security Management System ISO/IEC 27001:2005
ControlCase
 
PPTX
Security risk management
Prachi Gulihar
 
PDF
CompTIA Security+ SY0-601 Domain 1
ShivamSharma909
 
PDF
Cyber Security and Cloud Computing
Keet Sugathadasa
 
PDF
Cyber Threat Intelligence
mohamed nasri
 
PPTX
Network Security
Manoj Singh
 
PDF
Malware detection-using-machine-learning
Security Bootcamp
 
PDF
Secure by Design - Security Design Principles for the Rest of Us
Eoin Woods
 
Information Security Management System ISO/IEC 27001:2005
ControlCase
 
Security risk management
Prachi Gulihar
 
CompTIA Security+ SY0-601 Domain 1
ShivamSharma909
 
Cyber Security and Cloud Computing
Keet Sugathadasa
 
Cyber Threat Intelligence
mohamed nasri
 
Network Security
Manoj Singh
 
Malware detection-using-machine-learning
Security Bootcamp
 
Secure by Design - Security Design Principles for the Rest of Us
Eoin Woods
 

What's hot (20)

PPSX
Security policies
Nishant Pahad
 
PPTX
Social Engineering
Cyber Agency
 
PDF
Overview of the Cyber Kill Chain [TM]
David Sweigert
 
PDF
Cyber security
Shivam Yadav
 
PPTX
Identity and Access Management (IAM)
Identacor
 
PPTX
VAPT PRESENTATION full.pptx
DARSHANBHAVSAR14
 
PDF
CS6004 Cyber Forensics
Kathirvel Ayyaswamy
 
PDF
Authentication techniques
IGZ Software house
 
PPTX
Mathematics of Asymmetric cryptography
Sou Jana
 
PPT
Computer security overview
CAS
 
PDF
Cybersecurity risk management 101
Srinivasan Vanamali
 
PPTX
RSA algorithm
Arpana shree
 
PPTX
Cia security model
Imran Ahmed
 
PDF
Cyber security and demonstration of security tools
Vicky Fernandes
 
PDF
Cloud Computing Security
Dhaval Dave
 
PDF
What is Differential Privacy?
Georgian
 
PPTX
Ethical hacking
Alapan Banerjee
 
PPTX
Cybersecurity
A. Shamel
 
PDF
Network Security Fundamentals
Rahmat Suhatman
 
PDF
Application of Machine Learning in Cyber Security
Dr. Umesh Rao.Hodeghatta
 
Security policies
Nishant Pahad
 
Social Engineering
Cyber Agency
 
Overview of the Cyber Kill Chain [TM]
David Sweigert
 
Cyber security
Shivam Yadav
 
Identity and Access Management (IAM)
Identacor
 
VAPT PRESENTATION full.pptx
DARSHANBHAVSAR14
 
CS6004 Cyber Forensics
Kathirvel Ayyaswamy
 
Authentication techniques
IGZ Software house
 
Mathematics of Asymmetric cryptography
Sou Jana
 
Computer security overview
CAS
 
Cybersecurity risk management 101
Srinivasan Vanamali
 
RSA algorithm
Arpana shree
 
Cia security model
Imran Ahmed
 
Cyber security and demonstration of security tools
Vicky Fernandes
 
Cloud Computing Security
Dhaval Dave
 
What is Differential Privacy?
Georgian
 
Ethical hacking
Alapan Banerjee
 
Cybersecurity
A. Shamel
 
Network Security Fundamentals
Rahmat Suhatman
 
Application of Machine Learning in Cyber Security
Dr. Umesh Rao.Hodeghatta
 
Ad

Similar to Cyber Domain Security (20)

PPTX
Clinton- Cyber IRT Balto 10_2012
Don Grauel
 
PDF
Cyber security for Developers
techtutorus
 
PDF
Gus Hunt's Work-Bench Enterprise Security Summit Keynote
Work-Bench
 
PPTX
Jack Whitsitt - Yours, Anecdotally
EnergySec
 
PDF
02_Security_Audit_-_Common_Cyber_Attacks_9.pdf
RakeshPatel583282
 
PPT
December ISSA Meeting Executive Security Presentation
whmillerjr
 
PDF
The Cyber Security Landscape: An OurCrowd Briefing for Investors
OurCrowd
 
PDF
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
Shah Sheikh
 
PDF
IoT Devices Security Threats in 2023. How to Protect Your IoT Ecosystem?
Utah Tech Labs
 
PPT
IT Security for the Physical Security Professional
ciso_insights
 
PDF
Cybersecurity for Energy: Moving Beyond Compliance
EnergySec
 
PPTX
Showreel ICSA Technology Conference
Institute of Chartered Secretaries and Administrators
 
PPT
Principles of information security Chapter 1 (1).ppt
EstherBaguma
 
PPT
Chapter 1 (1) (1).pptghtrtt76utrurtutrut
ugpgcs22
 
PPT
CCNA Security 02- fundamentals of network security
Ahmed Habib
 
PPT
Introduction to Cyber Security
Stephen Lahanas
 
PDF
Cybersecurity op de bestuurstafel
SURFnet
 
PDF
John Walsh, Sypris on Cyber Physical Systems - Boston SECoT MeetUp 2015
Paul F. Roberts
 
PPT
Chapter 1.ppt
abrahamermias1
 
PPTX
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Knowledge Group
 
Clinton- Cyber IRT Balto 10_2012
Don Grauel
 
Cyber security for Developers
techtutorus
 
Gus Hunt's Work-Bench Enterprise Security Summit Keynote
Work-Bench
 
Jack Whitsitt - Yours, Anecdotally
EnergySec
 
02_Security_Audit_-_Common_Cyber_Attacks_9.pdf
RakeshPatel583282
 
December ISSA Meeting Executive Security Presentation
whmillerjr
 
The Cyber Security Landscape: An OurCrowd Briefing for Investors
OurCrowd
 
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
Shah Sheikh
 
IoT Devices Security Threats in 2023. How to Protect Your IoT Ecosystem?
Utah Tech Labs
 
IT Security for the Physical Security Professional
ciso_insights
 
Cybersecurity for Energy: Moving Beyond Compliance
EnergySec
 
Showreel ICSA Technology Conference
Institute of Chartered Secretaries and Administrators
 
Principles of information security Chapter 1 (1).ppt
EstherBaguma
 
Chapter 1 (1) (1).pptghtrtt76utrurtutrut
ugpgcs22
 
CCNA Security 02- fundamentals of network security
Ahmed Habib
 
Introduction to Cyber Security
Stephen Lahanas
 
Cybersecurity op de bestuurstafel
SURFnet
 
John Walsh, Sypris on Cyber Physical Systems - Boston SECoT MeetUp 2015
Paul F. Roberts
 
Chapter 1.ppt
abrahamermias1
 
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Knowledge Group
 
Ad

More from ICSA, LLC (20)

PDF
Jack Rowley on USV Technologies
ICSA, LLC
 
PDF
Team osprey
ICSA, LLC
 
PDF
Presentation By Hugh Fraser
ICSA, LLC
 
PDF
Presentation richard czumak
ICSA, LLC
 
PDF
Presentation By Air Vice Marshal (Retd.) Chris Deeble
ICSA, LLC
 
PDF
BG langford Presentation at Williams Foundation seminar October 24 2019
ICSA, LLC
 
PDF
AIRCDRE Phil Gordon on the Changing Character of Manouvre
ICSA, LLC
 
PDF
A Historical Perspective on Manoeuvre
ICSA, LLC
 
PDF
Rebuild of Conventional Forces and implications for Training
ICSA, LLC
 
PPTX
Rebuild of Conventional Forces
ICSA, LLC
 
PDF
GATR HADR Efforts
ICSA, LLC
 
PDF
Wing Commander Alison MacCarthy Brief
ICSA, LLC
 
PDF
Lt Col Beaumont Brief on Logistics
ICSA, LLC
 
PDF
MBDA Briefing at Williams Foundation Seminar, April 11, 2019
ICSA, LLC
 
PDF
Plan b
ICSA, LLC
 
PDF
Far from the Sanctuaries: Sustaining a Fifth Generation Fight in the Indo-Pac...
ICSA, LLC
 
PDF
Mike Tarlton Briefing to Williams Fondation Seminar on Joint Strike, August ...
ICSA, LLC
 
PDF
Air Marshal Atha, RAF, Presentation to Williams Foundation Seminar on Joint S...
ICSA, LLC
 
PDF
James Heading Briefing to Williams Foundation Seminar on Joint Strike, August...
ICSA, LLC
 
PDF
Dr. Tom Bussing Briefing to Williams Foundation Seminar on Joint Strike, Augu...
ICSA, LLC
 
Jack Rowley on USV Technologies
ICSA, LLC
 
Team osprey
ICSA, LLC
 
Presentation By Hugh Fraser
ICSA, LLC
 
Presentation richard czumak
ICSA, LLC
 
Presentation By Air Vice Marshal (Retd.) Chris Deeble
ICSA, LLC
 
BG langford Presentation at Williams Foundation seminar October 24 2019
ICSA, LLC
 
AIRCDRE Phil Gordon on the Changing Character of Manouvre
ICSA, LLC
 
A Historical Perspective on Manoeuvre
ICSA, LLC
 
Rebuild of Conventional Forces and implications for Training
ICSA, LLC
 
Rebuild of Conventional Forces
ICSA, LLC
 
GATR HADR Efforts
ICSA, LLC
 
Wing Commander Alison MacCarthy Brief
ICSA, LLC
 
Lt Col Beaumont Brief on Logistics
ICSA, LLC
 
MBDA Briefing at Williams Foundation Seminar, April 11, 2019
ICSA, LLC
 
Plan b
ICSA, LLC
 
Far from the Sanctuaries: Sustaining a Fifth Generation Fight in the Indo-Pac...
ICSA, LLC
 
Mike Tarlton Briefing to Williams Fondation Seminar on Joint Strike, August ...
ICSA, LLC
 
Air Marshal Atha, RAF, Presentation to Williams Foundation Seminar on Joint S...
ICSA, LLC
 
James Heading Briefing to Williams Foundation Seminar on Joint Strike, August...
ICSA, LLC
 
Dr. Tom Bussing Briefing to Williams Foundation Seminar on Joint Strike, Augu...
ICSA, LLC
 

Recently uploaded (20)

PDF
Item # 1a - August 11, 2025 Meeting Minutes
ahcitycouncil
 
PDF
Bridging Nations Through Mobility: Indonesia’s Vision for Transportation Dipl...
Dr. Zar RDJ
 
PPTX
Presentation on CGIAR’s Policy Innovation Program _18.08.2025 FE.pptx
Ahmed Ali
 
PDF
Driving Change with Compassion - The Source of Hope Foundation
Stephen Robert
 
PDF
Items # 3&4 - Residential Haunted House Ordinance
ahcitycouncil
 
PDF
PPT Item # 8 - Pool Pocket Staff Report
ahcitycouncil
 
PPT
An Introduction To National Savings CDNS.ppt
zash11
 
PDF
The Landscape Observatory of Catalonia. A Journey of Fifteen Years
Pere Sala i Martí
 
PDF
How Does AI Work? - by Google.org from aiclassasean.org
m12233261
 
PDF
Dean, Jodi: Concept Paper - Multi Family Lot
Jodi Dean
 
PPTX
PPT for Meeting with CM 18.08.2025complete (1).pptx
OoMinisterSocialWelf
 
PDF
The Council of Europe Landscape Convention: A key instrument for an innovativ...
Pere Sala i Martí
 
PDF
Item # 1b - August 12, 2025 Special Meeting Minutes
ahcitycouncil
 
PPTX
Introduction to the NAP Process and NAP Global Network
NAP Global Network
 
PPTX
Key Points of 2025 ORAOHRA of the CSC from CSI
bingeaocoo
 
DOCX
Diplomatic Studies and Migration- Global Perspectives and Practices.docx
abbastwd03
 
PDF
The Landscape Observatory of Catalonia. Some projects and challenges
Pere Sala i Martí
 
PDF
The Landscape Charter to mobilise rural stakeholders and plan action
Pere Sala i Martí
 
PDF
ACHO's Six WEEK UPDATE REPORT ON WATER SACHETS DISTRIBUTION IN RENK COUNTY - ...
JohnMutPamYar
 
PDF
An Easy Approach to Kerala Service Rules
arunrj1977
 
Item # 1a - August 11, 2025 Meeting Minutes
ahcitycouncil
 
Bridging Nations Through Mobility: Indonesia’s Vision for Transportation Dipl...
Dr. Zar RDJ
 
Presentation on CGIAR’s Policy Innovation Program _18.08.2025 FE.pptx
Ahmed Ali
 
Driving Change with Compassion - The Source of Hope Foundation
Stephen Robert
 
Items # 3&4 - Residential Haunted House Ordinance
ahcitycouncil
 
PPT Item # 8 - Pool Pocket Staff Report
ahcitycouncil
 
An Introduction To National Savings CDNS.ppt
zash11
 
The Landscape Observatory of Catalonia. A Journey of Fifteen Years
Pere Sala i Martí
 
How Does AI Work? - by Google.org from aiclassasean.org
m12233261
 
Dean, Jodi: Concept Paper - Multi Family Lot
Jodi Dean
 
PPT for Meeting with CM 18.08.2025complete (1).pptx
OoMinisterSocialWelf
 
The Council of Europe Landscape Convention: A key instrument for an innovativ...
Pere Sala i Martí
 
Item # 1b - August 12, 2025 Special Meeting Minutes
ahcitycouncil
 
Introduction to the NAP Process and NAP Global Network
NAP Global Network
 
Key Points of 2025 ORAOHRA of the CSC from CSI
bingeaocoo
 
Diplomatic Studies and Migration- Global Perspectives and Practices.docx
abbastwd03
 
The Landscape Observatory of Catalonia. Some projects and challenges
Pere Sala i Martí
 
The Landscape Charter to mobilise rural stakeholders and plan action
Pere Sala i Martí
 
ACHO's Six WEEK UPDATE REPORT ON WATER SACHETS DISTRIBUTION IN RENK COUNTY - ...
JohnMutPamYar
 
An Easy Approach to Kerala Service Rules
arunrj1977
 

Cyber Domain Security

  • 1. CYBER DOMAIN SECURITY An ‘Outside the Box’ think for a different future Michael W. Wynne 21st Secretary, United States Air Force October 17, 2017
  • 2. Cyber Domain Security The Promise of Cyber was for a better future in Command, Control and Communications The Vulnerability of Cyber returns C3 to the yesteryear Electronic Warfare on Steroids As Hill Street Blues would script: ‘Let’s do it to them before they do it to us’
  • 3. Cyber Domain Security What I want to communicate today We Understand the Physics and Constraints of the Physical Domains? -  Laws, Agreements, and Mutual Enforcement -  Clear Image of Good and Bad Enforcement by Policing or Military action Today we are struggling with Vulnerability of the Virtual Domain—Cyber? -  Technology created a comfortable user friendly seemingly easy environment -  Bad Actors and Malevolent Designs meet each convenience with Bad outcomes -  How to assess: If this is a giant false start, and can technology solve the problem? If a False Start, can Military/Civilian muster the discipline to correct
  • 4. Cyber Domain Security Old Horses Industrial Manpower Mechanical Revolution Vulnerable Circuit Design Wired Telephone System Regular Cellular Tubes and Gears Integrated Circuits-Turing Replacement Automobiles, Buses Mechanical Revolution Electric Power Hardened Circuit design Cellular System Smart Phones Integrated Circuit-Turing ?
  • 5. Cyber Domain Security To Think ‘Outside the Box’ Need Agreement on the issue First: A: Examine whether the basis of Our Digital Networks (Turing Machines) need to be replaced B. Do Software corrective actions suffice Second: Examine the Barriers to effect a true solution Third: Prioritize the Pressing Applications to begin
  • 6. Cyber Domain Security Thesis: TURING Computer Security is Impossible “This Sentence Is False” 6 If it’s true then it must be false, so Assert it false, and infer that it is true so Assert it true, then it is false, but … General Recursive ISAs Loop Forever Malware Goes Here Self-Deception Goes Here Proof: Gödel-Kleene: 1934: Halting Problem Identified Thus: Hack the Policy Reasoner Sony Root Kit “Ignore me” Stack Overflow “Do This” © 2017 Hackproof Technologies, Inc All Rights Reserved Hackproof Technologies, Inc – All Rights Reserved
  • 7. CYBER DOMAIN SECURITY Early Warning Signs About the issue Pranks and Learning to Hack -  Incident in College Library deleting files not saved -  Defacing informational sites -  Diversion of searches US Government cites the issue -  Condoleeza Rice talks on www as wild wild west, with duping of ordinary users -  Unannounced Break-ins to data files leads to firewalls and encryption -  The US Air Force Mission altered to include the Cyber Domain Dire warnings up to present -  Loss of critical or Intellectual Data Files, Property -  Concerns about national attacks on infrastructure -  Cities, Health Care providers, Movie Studios files taken for Ransom
  • 8. CYBER DOMAIN SECURITY Signs of an Issue: Growth of Private Armies Establishment of Public and private protection -  Unannounced Government Universities -  Announced College Training and learning -  Growth of web based ‘protectors’ -  Industry revenues top 20 Billion, and more Spy versus Spy erupts - Contests on Hacking -  Rise of ‘Black Hat’ convention, Hackers as teachers -  Platforms at risk-Autonomous Vehicles, some C3I, some Offensive How Much Protection is enough -  Legislators pass laws to protect public—not possible—Active Forensics? -  Industry Operators ask for guidance –what do we do? Resilience? -  Gate Guards, and Mal-detectors is cited as sufficient legal protection
  • 9. Cyber Domain Security Signs of an Issue: Society’s response to Cyber Security Ambivalence because of loss of control -  We lock our doors, and cars, but follow instructions for IT security -  We look to Providers to set up protections -  Providers look to lawyers for liability relief Efficiency is higher in order of needs than security -  When security has requirements, employees complain about impact on work -  Consumer convenience and belief in anonymity Business/Military becoming more not less dependent on Cyber Security -  Movement to cloud, fusion, long range control -  Introduction of remote monitoring with after action audit to reduce costs -  IT upgrades focus on productivity, with security as a stated benefit -  Security maintenance for Mal-ware is a booming segment, post impact analysis
  • 10. Cyber Domain Security Signs of Issue: Society’s response to Cyber Security Shaken Belief That Nations security service is the best -  Shaken by Hacking of Government entities—is hope a strategy? -  Corporations do not go public with loss -  Banks mark up for losses as cost of business Solutions Offered for Impact on daily lives -  Life Lock offers ID Protection -  OPM offered subscription to Insurance for impact -  Life goes on, both on line and physically; lot’s of targets, little impact Free Capitalist Society, does not see solution just ahead -  Lot’s of adverts on advanced protection—Guarantees? -  A belief that one can pay for protection if needed -  Only in tight circle does NIST warning about impossibility and its impact
  • 11. Cyber Domain Security Signs of an Issue: Long Term Impact on Society Transfer to Start –up industries -  Cyber Theft first traceable to woolen mills using photographic memory -  Cyber Theft of Intellectual Property allows competition catch up—Pol/Mil -  Impact is loss of Economic and Military Margins Lack of Innovation -  Discouraged producers might produce less innovation -  Impact of theft creates second class industry, harder to remain dominant -  All of world society loses in cyber open season Emphasis grows on encryption and coding so minimize gains -  Last years fight over Apple Phone a harbinger of the future -  Clouds response is to encrypt and scatter data around multiple service centers -  Emergence of multiple media authentication—once reserved for spies
  • 12. Cyber Domain Security Societal Actions required: The Enemy Gets a Vote Cyber Gang Tactics are changing -  Phishing going mainstream -  Never open an external file -  Insider Failures lead to ‘ransom-ware’ -  Insurance Companies are resisting costly policies, pushing protection National Level Cyber are changing -  Cataloguing unprotected sites, ‘white listing’ as gate keepers -  Leaving Sophisticated Advanced Persistent Code behind -  Targeting Infrastructure rather than just Command and Control Centers Combining Physical and Virtual Combat Forces -  Fully integrating cyber into combat profile -  Keeping what helps and discarding difficult targets -  Keeping Intel open to Cyber Capability of opposing forces
  • 13. Cyber Domain Security Pause for Observations: Where to go from here? World Future in Cyber -  Cooperation or Conflict -  Innovation or Stagnation -  Protect or Remain Vulnerable Current situation -  Systems are set for productivity -  Convenience is compromised by Security -  Current Level of turbulence is tolerated, expected, exposing Civilian Infrastructure Economy to essentially military action, no retribution—bigger walls, deeper moats– counter Military Action? Future Desired State -  Retention of productivity and convenience -  Security is embedded, and systems are self checking -  Attack and Defensive force applications are returned to physical sciences, retaining protected Command and Control. Husbanding advantages to our own development.
  • 14. Cyber Domain Security Pause For Observation: Where to go from Here? Twelve Step Program brought by Alcoholics Anonymous -  Stipulates that behavior change must start with admission of problem -  Included is a stipulation that a solution is present and must be pursued -  Determination and Discipline are required We have been involved in digital computing since 1930’s -  Though considered academic, by mid-1940’s large digital processors were in test -  These large scale processors were driven by analog elements, to accomplish digital outcomes -  The discovery of integrated circuits began to eliminate analog from designs Systems design has a base requirement to measure responses to all inputs to the system -  The emergence of totally digital systems forgave this violation of responses -  Beta testing and cycle of corrective action minimized self induced ‘Bugs’ -  The inter-connection of digital systems allowed for externally induced ‘Bugs’
  • 15. Cyber Domain Security Where Is Society Relative to Issue of False Start? Society believes there is a problem -  Presidential Level Direction to resolve -  Broadcasts when major attacks occur -  Insurance Conferences are littered with Cyber Intrusions Legislators are discussing freedom and protection -  As early as March/April 2001, FBI acknowledged problem -  Military Services cited concerns in 2006, began to organize -  Few hearings in our congress do not involve Cyber Issues Cyber Conferences are every where, even here -  Stevens Institute held wide ranging conference in Washington back in 2010 -  There was, and still is worry and concern, detection and correction, whole network is in BETA test, looking for ‘Bugs’—now called Mal-Ware -  Cyber Industry now nearing $20 Billion and growing—Band Aids, or fixes?
  • 16. Cyber Domain Security Where to go from Here?: Systems Engineering Principles There are high level principles -  Build the Right Systems and build the system right -  Do the right things and do the things right There are more specific principles -  Base the Development Cycle on removing risk and enhancing value -  Specifications flow up as well as down the architecture -  Decompose systems, not requirements There are base Principles -  For a system, every output response should be linked to an input -  For a system, there should be a finiteness to the possibilities of output signals given a known finite set of possible inputs -  The possibility of Garbage In; Garbage out is eliminated-corrected -  Externally induced inputs differing from known inputs are rejected
  • 17. Cyber Domain Security Personal Experiences Working with Mechanical and Analog Systems -  Infrastructure largely consists of aging Mechanical Systems - Manufacturing applications are fine applications of mechanical/ analog -  Because they are electrically controlled, managing by observation was the rule Working in the pre-connected IT Space -  Broke a large computational system by overwriting the executive routine -  In controlling air surfaces with a Computer, put a random table access in control loop -  During a test of and educational system a smart colleague discovered no firewall between stored and random memory, forced shutdown Observation on Working in the connected IT space -  Mistakes, once called ‘Bugs’ and ‘Glitches’ now deliberate Mal Ware -  ‘Bugs’ and ‘Glitches’ naming reserved for development cycle, not operational -  Systems design seems to target development cycle, integration, as discipline no longer know for all possible inputs (finite, countable) there are known outputs
  • 18. Cyber Domain Security A Technology Resolution: Applying the concepts of Systems Engineering Holds out a path for a different future -  Finding a Turing machine substitute -  Requiring Defined outputs for every input -  Effectively requiring corrections for ‘Bugs’; ‘Glitches’ and ‘Malware’ -  Restoring Operator Authority and Control -  Hardening Circuits to EMP or Power Infrastructure Surge -  Retaining Convenience and Productivity wherever possible
  • 19. Cyber Domain Security A Technology Resolution: Applying the concepts of Systems Engineering Holds out a path for a different future -  This effectively restores problems to development, ending public issues of detection -  This nullifies the effect of ‘distant disruption’, hardens against Physical response -  This can retain the value of Cyber, but reduce Military and Societal Issues, through research -  Works in combination with Encryption for Privacy
  • 20. Cyber Domain Security Is there such a device? We have together tracked the history of the Integrated Circuit, seen how it has grown smaller, yet more Powerful We have not tracked its counterpart in finite arrays– the Fully Programmable Gate Array (FPGA) Technology Finite Gate Arrays conform to the principals of Systems Engineering – measured, bounded, proven hardening techniques They have as well taken full advantage of the technology revolution of Small yet more powerful, fit into server board slots, can be on the Internet They only process as planned, requiring offline, physical updating
  • 21. Cyber Domain Security Where to go from Here? Thus Far we have travelled a path illustrated by the twelve steps -  We have Highlighted a Military and Societal issue -  We have identified where we possibly took a wrong path -  We have essentially proven, both theory and practice that it is the wrong path -  Now we must evaluate possible corrective actions Do we have the discipline to restore the benefit while correcting the deficiency? -  Where to start? -  Can we prioritize the substitution set? -  When are we completed? Can Start with Call to Action
  • 22. Cyber Domain Security n  Today the IC Turing Circuit Board hardware is dirt cheap and available as a plug in to any server; while the value is in the app that runs upon layers of software with myriad vulnerabilities. n  Tomorrow; the FPGA Board hardware, will be less expensive to own and operate, also as a plug in to any server. With no more layers of vulnerability. It will require more careful coding in the initial set-up, with integrated apps. n  In both scenarios Disciplined User Policies will still need rigor to insure no misuse; but once the FPGA is installed, like a mechanical gear, maintenance should be low. n  Such a Transition will take prioritization and determination — such is the essence of Systems Engineering Discipline and Control
  • 23. Cyber Domain Security Where to go from Here With Known Solution -  Apply to Military Weapons, and Command and Control Systems -  Apply to Public Utilities, Electric Grid, Gas -  Ultimate Goal: replace ‘Turing’ enterprise, retaining advantages Prioritize: Yes -  This will squeeze out the Gangs, and ‘Mal Ware’ from Bad actors -  This will not correct development errors, but will allow correction -  Military and Civil is now at risk, therefore next move is to protect
  • 24. Cyber Domain Security Summary This Cyber domain is one of vulnerable convenience, operating a society or a military does not anticipate malevolent action, absent ability to police The Enemy, either Nation States, or bad Operators is voting every day to make things worse Corrective Action starts the Hardware revolution, and possible reduction in software dominance First mover can have an enormous advantage: Both in Civil and Military applications Can be done but will take disciplined action Mirrors the change from Industrial to Electric Thank You For allowing me to Talk of this Very Different Look at Cyber With strong leadership; We can make this different Secure future a reality
  • 25. Cyber Domain Security Sources 1. R.L. Dick, FBI, Testimony 4/3/01 2. AP News 3/24/16 T. Abdullah and E. Tucker 3. a. AP News 3/24/16 Abdullah and Tucker b. IBT World: Russia- NATO Cyber 10/14/15 C, Harris 4. WebSphere Journal 3/18/06 Six Principles of Systems Eng. M. Cantor. G. Roose 5 Recent Articles by Wynne, 11/2016 “It’s the Hardware Stupid”; “Paying Protection to the Wrong Gang”; “Really Protecting Democracy—with Analog Computing” www.SLDinfo.com.