In 1973, the Bell-Lapadula security model was introduced and is fundamentally still how security is implemented: with static fortress mentality,
In 1987, the U.S. Department of Defense published the Red Book; the Network Interpretation of the lauded Orange Book that set forth many of the principles for information security. The results were, essentially, ‘we have no earthly idea how to secure a network’.
Today, we now assume our networks are ‘P0wn3d’ - already infiltrated by hostiles. We ‘know’ that by adding more technology, our security problems will go away. We think of ‘the network’ as a single ‘thing’ and attempt to protect it as such. It isn’t and we can’t.
TCP/IP. It was just an experiment. Today, it is the inter-infrastructural foundation of civilization. The internet of things is adding so-called intelligence to some 50+ billion endpoints. Where's the security? Or privacy? Massive new projects using next generation, smarter, faster ways of doing the same old stuff all over again is the ultimate deja vu epic fail of security.
Is this any way to run a business? Or a planet? I hope to offer a corrective view. Analogue Network Security. Geeky. Interdisciplinary. Exciting, emerging security model to fix our woes. Finally, three Memes for your consideration.
1. ROOT is the root of all cyber-evil.
2. Passwords will be the downfall of us all. The game is really about IdM.
3. Security requires a single, interdisciplinary metric for the cyber, physical and human domains.
C’mon, 50 years of practice and we're still…? Well, screw it. You’ll see. I have a few ideas.