It's time to change the basics of Cyber Security

It's time to change the basics of Cyber Security

SW is an exact discipline,where is possible everything clearly describe, programme and test.

Content of presentation

Comparison IT with other industries

Security on railways

Aircraft safety

IT - long-term problem

Solving problems with Cyber Security

The difference between the IT and other fields
of human activity

Security on railways more than 130 years

Aircraft safety - cca 100 years

IT/ Cyber security - 20 years persistent problems

A quick view at IT and compared with other industries

The difference between the IT and other fields
of human activity

Also in other fields was solutions, which was gradually overcome.

Design and programing of computer programs

Creating SW and/or firmware is an exact discipline, which can be clearly defined, programmed and tested

SW Authors may not respect the physical and/ or chemical laws, as in other fields

Design and programing of computer programs

More than 20 years of problems with computer viruses and hacker attacks

The situation is getting worse because more use of smart phones, SCADA and IoT (Internet of Things)

The main obstacle to solving the problem of Cyber security

ICT "experts" say : There is no other solution

The current solution is only possible

You do not understand this problem

Always exist a solution, this is the foundation of progress

Security on railways

More than 130 years of experience

The security rules on railway traffic

Old mechanical signal device was ruled over wireWhen the wire is severed then the signal drop down, to "Stop"

Even at the time when was used steam locomotives were building and improvement fail-safe systems


Traffic lights

When the bulb breaks up in the green light, then the light turns on yellow

When the bulb breaks up in the yellow light, then the light turns on red

When the bulb breaks up in the red light, then automatically turns on a red light at the previous signal device


History and progress

Outdoor security equipment is improving from 1870 to the present. (invention Siemens und Halske)

Outdoor security equipment was and is proposed as a fail-safe system. Thus, the fault must occur safer state. (red light on traffic lights, the withdrawal of rail barriers, etc.)

!!! Computers of dispatchers using the normal OS !!!

Safety in the production and repair of aircraft

More than 100 year of experience and improvement

False screws and other parts

On September 8, 1989 crashed of a charter flight no. 394. The airplane Convair CV-580 company Partnair fallen off vertical tail surfaces

Used uncertified screws for fixing the vertical tail surfaces

Solutions - tightening of the purchase and registration of spare parts for aircraft

False screws and other parts

Revelations of fake and poor quality parts caused many changes in the tracking of parts from the manufacturer to the aircraftNorm EN9100 / ISO9120

The documentsFAA-2006-25877

FAA FAR 21.305

PMA ( Parts Manufacturer Approval)

Dreamliner 777 & battery

The new Boeing 777 Dreamliner had a problem with on-board batteries

In January '14 it was not allowed to operate these aircraft

Traffic was allowed again in April '14 after the elimination of problems with the on-board batteries

Cyber Security - long-term problem

Hidden applications

Operating systems were created without safety requirements

On the http://www.eeggs.com is a list of applications that programmers hid in operating systems or other programs

The contradiction between aircraft and IT

Is possible to smuggle out into the operating system strange "parts", malicious executable file (virus)

In the operating system is can surreptitiously modify or alter the original "parts", a program or library

In the IT area is no reliable evidence and/ or control as in aviation

The contradiction between aircraft and IT

Antivirus, antimalware can find only known viruses or suspicious behavior

This solution is not enough !!

Proof : Stuxnet, Regin, DarkHotel, etc. and many other viruses every day

The causes of problems in the IT environment

PR and business were and is stronger than voice of technicians

Still exist blind trust to freedom of use PC and Internet

Users' wishes were more important than the quality and order

The causes of problems in the IT environment

Antivirus looking for known problems (virus)

Standards and norms do not define the real basics of Cyber Security

"Experts" said that the biggest problem are users

Not a problem
somewhere else?

Not a problem on author SW side?

Creating software is a exact discipline, in which is possible clearly describe everything

The programmer does not need to respect the laws of nature. Aircraft designer must

Bugs in software are caused by poor human work

How to change it ??

Basis for progress - Change is possible !!

The next step - You want really a change ??

Inspiration is in other fields - aerospace, automobiles

Security must be the basis of the system, not an add-on

Course of solving the problem

Checking the integrity of the programs and / or libraries

Control based on publicly known algorithms

The new Internet service that ensures comparing of control's parameters

The golden rule
The Three Laws of Cyber Security

Checksums of file on the user's device

=

Checksums of file issued by author SW

The golden rule in the picture

First step definition of rules

Law no. 1

Checksums must be always the same

Law no. 2 The network shall enable checksum verification

Law no. 3 The operating system has to verify the checksum

Another at http://rule.salamandr.cz

Second step a new service on the Internet

Three rules define a base. Implementation would be in the form of a new Internet service

Technically, it is a proven and workable solutions


Inspiration : Traceability of parts in aviation

Motto : Always exist a solution, this is the foundation of progress

Basis rule :
Checksums of file on the user's device= Checksums of file issued by author SW


Jiri [email protected]://rule.salamandr.cz

See also : PYRAMID of Cyber Security