Analogue Network Security
Time, Broken Stuff, Engineering, Systems, My Audio Career, and Other Musings on Six Decades of Thinking About it All
In 1972, the Anderson reference monitor security model was introduced. Static fortress mentality was, (and still is), fundamentally how information security is implemented. Along came Bell, LaPadula, and Biba a few years later, with some enhancements, notably for MLS, multi-level security systems.
In 1987, the U.S. Department of Defense published the Red Book, The Trusted Network Interpretation of the lauded 1983-85 Orange Book that set forth many of the principles for information security. The results were, essentially, “We have no earthly idea how to secure a network.”
Today, we now assume our networks are probably already infiltrated by hostiles. We know that by adding more technology, our security problems will go away. We think of the network as a single thing and attempt to protect it as such. It isn’t, and we can’t.
TCP/IP. It was just an experiment. Today, it is the inter-infrastructural foundation of civilization. The Internet of Things is adding so-called intelligence to some 50+ billion endpoints and trillions of sensors. Where’s the security? The privacy?
Massive new projects, using next-generation products, from quarterly profit-incented vendors, promise the same old stuff all over again. The ultimate deja vu epic fail of security.
Is this any way to run a planet?
C’mon, fifty years of practice and we’re still…? Well, screw it. You’ll see.
Security requires a single, interdisciplinary metric for the cyber, physical, and human domains. Digital is not binary.
Then, for me, things fell into place. I have a few ideas I’d like to share.