Cyber Moonshot: What would it take?

At the last Palo Alto Networks Ignite conference keynote, then CEO Mark McLaughlin (Mark you will be missed) spoke about a “Cyber Moonshot.” He is not the only one, there are plenty advocating for the the idea. There has even been talk at the White House. It is an appealing idea. The old sop, “if we can put a man on the moon, then why can’t we <fill in your pet problem>?” This implies that the moon landing is one of the most difficult tasks ever accomplished by humans.  It might well be, but securing cyberspace may make it look like a walk in the park. 

So what would a Cyber Moonshot look like? There have been a large number of initiatives that have been labeled as Cyber Moonshots in an effort to get support. I’m interested in what a real Cyber Moonshot would look like. So here is my whack at it and I’d be interested in your ideas.

Parameters

The Apollo program cost about $25 billion, in today’s dollars that’s about $150 billion. Since the estimated annual cost of cybercrime in the US is $100 billion per year, $150 billion sounds like a reasonable budget. The 2009 ARRA spent about $831 billion that might be a good upper limit. The moon landing took less than 10 years, but the Apollo program continued until 1973, so let’s give ourselves a dozen years to do this. There wasn’t much private industry contribution to the effort other than direct contracts, but I don’t see how we could do it any other way, so funded, incentivized, or unfunded private participation is OK. 

My Plan

Our current version of cyberspace has been built on a shaky foundation. We’ve been trying to patch it up for decades and at best have held a standoff with our adversaries, at worst we are totally hosed. So I’d build a completely new, secure cyberspace that exists in parallel with our current cyberspace. I’ll call it Secure Cyberspace in contrast to the Internet or whatever we call cyberspace now. It would be incompatible with current systems so the problems that we see with the SIPRNet would be eliminated. So would most of the functionality that we are used to. In Secure Cyberspace you would do your banking on your secure device (maybe text based?) and post your tweets with your conventional iPhone. Maybe someday Facebook will make it to Secure Cyberspace, but certainly not initially. The idea is that the Federal Government oversees building something it would use, hopefully providing enough business to make participation viable. Others than require security use it as it makes sense, building a sustaining amount of use. The Moonshot team is lead by a NASA-like organization but is a partnership with private industry, so when I say Moonshot team, it includes private sector experts.

Physical Infrastructure

As we all know when you own a layer in the OSI model, you own all the layers above. Generally, we already have enough fiber, data centers, and cell towers. Even $831 Billion is not enough to replace all our current physical infrastructure, so I’d set standards for all physical infrastructure going forward and determine how much risk we can take with our current construction. The Moonshot team draws a line and Secure Cyberspace only uses physical infrastructure that meets these standards. The Moonshot team creates the standards and either certifies facilities or certifies people who certify facilities.

Hardware

The Moonshot team creates mechanisms to verify hardware configurations in servers, storage, network equipment etc. It also creates mechanisms to verify components in the supply chain. All hardware used in secure cyberspace is manufactured in a trusted manor. The Moonshot team sets the standards, funds development, purchases enough hardware to serve the secure needs of the government. Manufacturers sell their products to those wishing to use secure cyberspace. Moonshot QA teams certify all hardware used on Secure Cyberspace.

Network

Packet switching was developed to solve a problem that we really don’t have anymore. The Moonshot team will develop a secure network protocol with secure end-to-end connections and absolute information on every participant along the way. The receiver is assured that the message is coming from the sender and vice versa. Each node on the network verifies all connected nodes and keeps non-reputable records.  There is a control plane to this network that also verifies all attacked devices.

Identity

The Moonshot team develops and deploys digital identity that is firmly tied to physical identity for all users. A person will have one and only one strong identity. Methods for using this identity are very strong (something you know, something you are, something you have?) so that the physical identity of every participant in Secure Cyberspace is known and can’t be repudiated. In the Secure Cyberspace everyone will know you’re a dog.

Platform Software

Operating systems and middleware are built using only secure (all the things we know how to do but when we put them in languages people go back to using C) programing languages. Systems are designed so that only authorized configuration changes are allowed. The Moonshot team develops the programing languages and compliers. It creates a secure architecture and the methods that verify its correct implementation. Maybe “proofs of correctness” is too strict of a requirement, but the quality of this software has to be “life critical” quality and the liability for defects significant.

Applications

The applications will be written in one of the secure languages and follow the Moonshot team developed architectures and standards. Before they can be used in Secure Cyberspace they will have to pass the Moonshot team’s QA inspection. The QA team might reside in the software shop like the USDA food inspectors for food plants. Secure Cyberspace will have a more thorough “walled garden” than what we use today.

Tech Professionals

Tech engineers will be professionally licensed like civil engineers are today. Part of their training and experience will include security. Not everyone working in tech will need to be licensed, but like professional engineers today each project will have licensed professionals accountable. The Moonshot team runs licensing for these professionals. 

Users

Users will have training in security. This means that just like you need a driver’s license to operate a motor vehicle, you’ll need a user’s license with an annual training and testing requirement to use Secure Cyberspace. This system would be established and run by the Moonshot team and eventually turned over to states to run. 

Operation

The government operates Secure Cyberspace initially for its own needs. Since the design is secure from the start it has no problem sharing. Financial institutions, health care, etc. opt into using the network, covering the costs as they go. Some are direct costs like buying hardware and software while some are indirect like paying for the operation of the Secure Cyberspace.

Conclusion

We invest a lot of money and get technology that is very difficult to use, and can’t do much for us. (Sounds like a typical government program, I know) We involve the government in ways that restrict innovation and freedom while being an annoyance. This would be a hard sell, but I think that this is what it would take. What do you think?