Take a look also at the Three Laws of ICT Security.
It's time to change the basics of Cyber Security. SW is an exact discipline,
where is possible everything clearly describe, programme and test.
1. napravnik.jiri@salamandr.cz
It's time to change the basics ofIt's time to change the basics of
Cyber SecurityCyber Security
SW is an exact discipline,
where is possible everything clearly describe,
programme and test.
3. napravnik.jiri@salamandr.cz
The difference between the IT andThe difference between the IT and
other fieldsother fields
of human activityof human activity
➔ Security on railways – more than 130 years
➔ Aircraft safety - cca 100 years
➔ IT/ Cyber security - 20 years persistent problems
5. napravnik.jiri@salamandr.cz
The difference between the IT andThe difference between the IT and
other fieldsother fields
of human activityof human activity
Also in other fields was solutions, which was gradually
overcome.
6. napravnik.jiri@salamandr.cz
Design and programing ofDesign and programing of
computer programscomputer programs
Creating SW and/or firmware is an exact discipline,
which can be clearly defined, programmed and tested
SW Authors may not respect the physical and/ or
chemical laws, as in other fields
7. napravnik.jiri@salamandr.cz
Design and programing ofDesign and programing of
computer programscomputer programs
➔ More than 20 years of problems with computer viruses
and hacker attacks
➔ The situation is getting worse because more use of
smart phones, SCADA and IoT (Internet ofThings)
8. napravnik.jiri@salamandr.cz
The main obstacle to solving theThe main obstacle to solving the
problem of Cyber securityproblem of Cyber security
ICT "experts" say :
➔ There is no other solution
➔ The current solution is only possible
➔ You do not understand this problem
Always exist a solution, this is the
foundation of progress
10. napravnik.jiri@salamandr.cz
The security rules on railway trafficThe security rules on railway traffic
Old mechanical signal device was ruled over wire
When the wire is severed then the signal drop down, to "Stop"
Even at the time
when was used
steam locomotives
were building and
improvement
fail-safe systems
11. napravnik.jiri@salamandr.cz
The security rules on railway trafficThe security rules on railway traffic
Traffic lights
When the bulb breaks up in the green light, then the
light turns on yellow
When the bulb breaks up in the yellow light, then the
light turns on red
When the bulb breaks up in the red light, then
automatically turns on a red light at the previous signal
device
12. napravnik.jiri@salamandr.cz
The security rules on railway trafficThe security rules on railway traffic
History and progress
Outdoor security equipment is improving from 1870 to
the present. (invention Siemens und Halske)
Outdoor security equipment was and is proposed as a
fail-safe system. Thus, the fault must occur safer state.
(red light on traffic lights, the withdrawal of rail barriers,
etc.)
!!! Computers of dispatchers using the normal OS !!!
13. napravnik.jiri@salamandr.cz
Safety in the production andSafety in the production and
repair of aircraftrepair of aircraft
More than 100 year of experience and improvement
14. napravnik.jiri@salamandr.cz
False screws and other partsFalse screws and other parts
● On September 8, 1989 crashed of
a charter flight no. 394.The
airplane Convair CV-580 company
Partnair fallen off vertical tail
surfaces
● Used uncertified screws for fixing
the vertical tail surfaces
● Solutions - tightening of the
purchase and registration of spare
parts for aircraft
15. napravnik.jiri@salamandr.cz
False screws and other partsFalse screws and other parts
Revelations of fake and poor
quality parts caused many
changes in the tracking of parts
from the manufacturer to the
aircraft
● Norm EN9100 / ISO9120
● The documents
– FAA-2006-25877
– FAA FAR 21.305
● PMA ( Parts Manufacturer
Approval)
16. napravnik.jiri@salamandr.cz
Dreamliner 777 & batteryDreamliner 777 & battery
● The new Boeing 777 Dreamliner
had a problem with on-board
batteries
● In January '14 it was not allowed to
operate these aircraft
● Traffic was allowed again in April
'14 after the elimination of
problems with the on-board
batteries
19. napravnik.jiri@salamandr.cz
The contradiction between aircraft and ITThe contradiction between aircraft and IT
● Is possible to smuggle out into the operating
system strange "parts", malicious executable
file (virus)
● In the operating system is can surreptitiously
modify or alter the original "parts", a program or
library
● In the IT area is no reliable evidence and/ or
control as in aviation
20. napravnik.jiri@salamandr.cz
The contradiction between aircraft and ITThe contradiction between aircraft and IT
● Antivirus, antimalware can find only known
viruses or suspicious behavior
● This solution is not enough !!
● Proof : Stuxnet, Regin, DarkHotel, etc. and
many other viruses every day
21. napravnik.jiri@salamandr.cz
The causes of problems in the ITThe causes of problems in the IT
environmentenvironment
● PR and business were and is stronger than
voice of technicians
● Still exist blind trust to freedom of use PC and
Internet
● Users' wishes were more important than the
quality and order
22. napravnik.jiri@salamandr.cz
The causes of problems in the IT environmentThe causes of problems in the IT environment
● Antivirus looking for known problems (virus)
● Standards and norms do not define the real
basics of Cyber Security
● "Experts" said that the biggest problem are
users
24. napravnik.jiri@salamandr.cz
Not a problem on author SW side?Not a problem on author SW side?
● Creating software is a exact discipline, in
which is possible clearly describe everything
● The programmer does not need to respect the
laws of nature. Aircraft designer must
● Bugs in software are caused by poor human
work
25. napravnik.jiri@salamandr.cz
How to change it ??How to change it ??
● Basis for progress - Change is possible !!
● The next step - You want really a change ??
● Inspiration is in other fields - aerospace,
automobiles
● Security must be the basis of the system,
not an add-on
26. napravnik.jiri@salamandr.cz
Course of solving the problemCourse of solving the problem
● Checking the integrity of the programs and /
or libraries
● Control based on publicly known algorithms
● The new Internet service that ensures
comparing of control's parameters
27. napravnik.jiri@salamandr.cz
The golden ruleThe golden rule
TheThree Laws of Cyber SecurityTheThree Laws of Cyber Security
Checksums of file on the user's deviceChecksums of file on the user's device
==
Checksums of file issued by author SWChecksums of file issued by author SW
29. napravnik.jiri@salamandr.cz
TheThree Laws of Cyber SecurityTheThree Laws of Cyber Security
First step – definition of rulesFirst step – definition of rules
Law no. 1Law no. 1
Checksums must be always the sameChecksums must be always the same
Law no. 2Law no. 2
The network shall enable checksum verificationThe network shall enable checksum verification
Law no. 3Law no. 3
The operating system has to verify the checksumThe operating system has to verify the checksum
Another at http://rule.salamandr.czAnother at http://rule.salamandr.cz
30. napravnik.jiri@salamandr.cz
TheThree Laws of Cyber SecurityTheThree Laws of Cyber Security
Second step –Second step – a new service on the Interneta new service on the Internet
Three rules define a base. ImplementationThree rules define a base. Implementation
would be in the form of a new Internetwould be in the form of a new Internet
serviceservice
Technically, it is a proven and workableTechnically, it is a proven and workable
solutionssolutions
31. napravnik.jiri@salamandr.cz
It's time to change the basics ofIt's time to change the basics of
Cyber SecurityCyber Security
Inspiration :Inspiration : Traceability of parts in aviationTraceability of parts in aviation
Motto : Always exist a solution, this is the foundation
of progress
Basis rule :Basis rule :
Checksums of file on the user's deviceChecksums of file on the user's device
==
Checksums of file issued by author SWChecksums of file issued by author SW
32. napravnik.jiri@salamandr.cz
It's time to change the basics ofIt's time to change the basics of
Cyber SecurityCyber Security
Jiri Napravnik
napravnik.jiri@salamandr.cz
http://rule.salamandr.cz
See also : PYRAMID of Cyber SecuritySee also : PYRAMID of Cyber Security