Conceptual Differentiators
Cyber security seems increasingly divided between two distinct directional ideologies, namely the Clean Environment’s “security through the absence of insecurity” and the Malicious Host’s school of thought’s adherence to the doctrine of “security in the presence of insecurity”. Both seem to present viable conceptual alternatives, with the former benefiting from strong implementation acceptance hampered by woefully inadequate results, while the latter construct suffers from both poor acceptance and implementation results, despite being the recognized as a cyber security whole grail of sorts.
In-order to more effectively assess the efficacy of each respective model, metrics are required. To this end, we have chosen as a single metric, namely the ability of each ideology to meet the generally and specifically stated objectives of cyber security. Bruce Schneier in his book Beyond Fear provides in our view a cogent generic definitional objective: “security is about preventing adverse consequences from the intentional and unwarranted actions of others.” A more software specific set of cyber security directives, as outlined by the U.S. Department of Homeland Security is that to be considered secure, software must exhibit three properties:
-
1
Dependability:
Dependable software executes predictably and operates correctly under all conditions, including hostile conditions, including when the software comes under attack or runs on a malicious host. External faults that threaten the software’s dependable operation are seen as a security issue when (1) the faults result from malicious intent or (2) the faults, regardless of their cause, make the software vulnerable to threats to its security.
-
2
Trustworthiness:
Trustworthy software contains few if any vulnerabilities or weaknesses that can be intentionally exploited to subvert or sabotage the software’s dependability. In addition, to be considered trustworthy, the software must contain no malicious logic that causes it to behave in a malicious manner.
-
3
Survivability (also referred to as “Resilience”):
Survivable—or resilient—software is software that is resilient enough to (1) either resist (i.e., protect itself against) or tolerate (i.e., continue operating dependably in spite of) most known attacks plus as many novel attacks as possible,and (2) recover as quickly as possible, and with as little damage as possible, from those attacks that it can neither resist nor tolerate.
In order to more effectively assess the conceptual potential and current results, the following framework summarily compares and contrasts each ideological direction, as follows.
| Attribute | Clean Environment School | Malicious Host School |
| Ideology | Sterilization & Immunization thru Elimination | Immunization thru Neutralization & Compartmentalization |
| Threat Mandate | Identify and Eliminate | Defeat |
| Metaphors | Fortress/Cops and Robbers | Biology/Healthcare & War |
| Problem Definition | Problems and Puzzles | Mess/Wicked Problems |
| Problem Definition Outcome | Point Solution | System |
| Technological Strategy | Defense In Depth | No Transitive Insecurity |
| Technological Emphasis | Detect and Respond | Deter and Prevent |
| Action State | Reactive | Proactive |
| Centricity | Device/Network | User/Owner |
| Focus | Device Security | Data Security |
| Awareness (Identity and Apps) | Low | High |
| Scalable/Secure Identity Infrastructure | No | Yes |
| Key Performance Metric | No Missed Threats | No Effective Threats |
| Performance on Key Metric | Low (20% – 50% threats undetected) | High (No known ‘in-the-wild’ weaknesses) |
| Industry Awareness / Acceptance | High/High | Low/low |
Summarizing the noted general and specific objectives as: “prevent”, “execute predictably when under attack”, “contains few if any vulnerabilities or weaknesses that can be intentionally exploited”, and “resilient, to resist or recover from attacks”, it would appear readily self-evident which is the more robust conceptual direction. For those that are a little more results vs. theory or model oriented, the clean environment models large and growing number of both vulnerabilities and undetected threats provides strong empirical evidence of its operational ‘challenges’ if not outright failure. We would further posit that the almost universal current acceptance of this model among cyber security professions also provides an intuitive explanation why so many smart, well funded people, projects and companies are failing to achieve more meaningful results. In stark contrast, the Malicious Host approach is both conceptually much stronger as well as empirically more robust given its eradication of at a minimum all of the most material threat vectors currently plaguing cyber space, but is admittedly quite new and would benefit from experiential seasoning.
In short, it is our view that need for technologies that address the Malicious Host problem are imperative to stopping today’s growing list of all too evident threats as well as to provide the foundational security fabric to enable compelling realities of cloud computing and mobile form factors facilitating “anytime, anywhere access to anything”. In short, the immortal words of Victor Hugo, “nothing is as powerful as an idea whose time has come” and the need for cyber-security capable of operating in a Malicious Host environment is an idea who time has definitely come. A special and HUGE ‘thank-you’ to the late, great Robert Masotti who not only introduced us to the Hugo quote, but also taught us that courageous grace is possible irrespective of the unforgiving plight of ones circumstances and against insurmountable odds, among other things…