It's time to change the basics of Cyber Security

napravnik.jiri@salamandr.cz
It's time to change the basics ofIt's time to change the basics of
Cyber SecurityCyber Security
SW is an exact discipline,
where is possible everything clearly describe,
programme and test.

Content of presentationContent of presentation
➔ Comparison IT with other industries
➔ Security on railways
➔ Aircraft safety
➔ IT - long-term problem
➔ Solving problems with Cyber Security

The difference between the IT andThe difference between the IT and
other fieldsother fields
of human activityof human activity
➔ Security on railways – more than 130 years
➔ Aircraft safety - cca 100 years
➔ IT/ Cyber security - 20 years persistent problems

A quick view at IT and comparedA quick view at IT and compared
with other industrieswith other industries

The difference between the IT andThe difference between the IT and
other fieldsother fields
of human activityof human activity
Also in other fields was solutions, which was gradually
overcome.

Design and programing ofDesign and programing of
computer programscomputer programs
Creating SW and/or firmware is an exact discipline,
which can be clearly defined, programmed and tested
SW Authors may not respect the physical and/ or
chemical laws, as in other fields

Design and programing ofDesign and programing of
computer programscomputer programs
➔ More than 20 years of problems with computer viruses
and hacker attacks
➔ The situation is getting worse because more use of
smart phones, SCADA and IoT (Internet ofThings)

The main obstacle to solving theThe main obstacle to solving the
problem of Cyber securityproblem of Cyber security
ICT "experts" say :
➔ There is no other solution
➔ The current solution is only possible
➔ You do not understand this problem
Always exist a solution, this is the
foundation of progress

Security on railwaysSecurity on railways
More than 130 years of experience

The security rules on railway trafficThe security rules on railway traffic
Old mechanical signal device was ruled over wire
When the wire is severed then the signal drop down, to "Stop"
Even at the time
when was used
steam locomotives
were building and
improvement
fail-safe systems

Traffic lights
When the bulb breaks up in the green light, then the
light turns on yellow
When the bulb breaks up in the yellow light, then the
light turns on red
When the bulb breaks up in the red light, then
automatically turns on a red light at the previous signal
device

History and progress
Outdoor security equipment is improving from 1870 to
the present. (invention Siemens und Halske)
Outdoor security equipment was and is proposed as a
fail-safe system. Thus, the fault must occur safer state.
(red light on traffic lights, the withdrawal of rail barriers,
etc.)
!!! Computers of dispatchers using the normal OS !!!

Safety in the production andSafety in the production and
repair of aircraftrepair of aircraft
More than 100 year of experience and improvement

False screws and other partsFalse screws and other parts
● On September 8, 1989 crashed of
a charter flight no. 394.The
airplane Convair CV-580 company
Partnair fallen off vertical tail
surfaces
● Used uncertified screws for fixing
the vertical tail surfaces
● Solutions - tightening of the
purchase and registration of spare
parts for aircraft

False screws and other partsFalse screws and other parts
Revelations of fake and poor
quality parts caused many
changes in the tracking of parts
from the manufacturer to the
aircraft
● Norm EN9100 / ISO9120
● The documents
– FAA-2006-25877
– FAA FAR 21.305
● PMA ( Parts Manufacturer
Approval)

Dreamliner 777 & batteryDreamliner 777 & battery
● The new Boeing 777 Dreamliner
had a problem with on-board
batteries
● In January '14 it was not allowed to
operate these aircraft
● Traffic was allowed again in April
'14 after the elimination of
problems with the on-board
batteries

Cyber Security - long-Cyber Security - long-
term problemterm problem

Hidden applicationsHidden applications
Operating systems were created without safety
requirements
On the http://www.eeggs.com is a list of
applications that programmers hid in operating
systems or other programs

The contradiction between aircraft and ITThe contradiction between aircraft and IT
● Is possible to smuggle out into the operating
system strange "parts", malicious executable
file (virus)
● In the operating system is can surreptitiously
modify or alter the original "parts", a program or
library
● In the IT area is no reliable evidence and/ or
control as in aviation

The contradiction between aircraft and ITThe contradiction between aircraft and IT
● Antivirus, antimalware can find only known
viruses or suspicious behavior
● This solution is not enough !!
● Proof : Stuxnet, Regin, DarkHotel, etc. and
many other viruses every day

The causes of problems in the ITThe causes of problems in the IT
environmentenvironment
● PR and business were and is stronger than
voice of technicians
● Still exist blind trust to freedom of use PC and
Internet
● Users' wishes were more important than the
quality and order

The causes of problems in the IT environmentThe causes of problems in the IT environment
● Antivirus looking for known problems (virus)
● Standards and norms do not define the real
basics of Cyber Security
● "Experts" said that the biggest problem are
users

Not a problemNot a problem
somewhere else?somewhere else?

Not a problem on author SW side?Not a problem on author SW side?
● Creating software is a exact discipline, in
which is possible clearly describe everything
● The programmer does not need to respect the
laws of nature. Aircraft designer must
● Bugs in software are caused by poor human
work

How to change it ??How to change it ??
● Basis for progress - Change is possible !!
● The next step - You want really a change ??
● Inspiration is in other fields - aerospace,
automobiles
● Security must be the basis of the system,
not an add-on

Course of solving the problemCourse of solving the problem
● Checking the integrity of the programs and /
or libraries
● Control based on publicly known algorithms
● The new Internet service that ensures
comparing of control's parameters

The golden ruleThe golden rule
TheThree Laws of Cyber SecurityTheThree Laws of Cyber Security
Checksums of file on the user's deviceChecksums of file on the user's device
==
Checksums of file issued by author SWChecksums of file issued by author SW

The golden rule in the pictureThe golden rule in the picture

First step – definition of rulesFirst step – definition of rules
Law no. 1Law no. 1
Checksums must be always the sameChecksums must be always the same
Law no. 2Law no. 2
The network shall enable checksum verificationThe network shall enable checksum verification
Law no. 3Law no. 3
The operating system has to verify the checksumThe operating system has to verify the checksum
Another at http://rule.salamandr.czAnother at http://rule.salamandr.cz

Second step –Second step – a new service on the Interneta new service on the Internet
Three rules define a base. ImplementationThree rules define a base. Implementation
would be in the form of a new Internetwould be in the form of a new Internet
serviceservice
Technically, it is a proven and workableTechnically, it is a proven and workable
solutionssolutions

Inspiration :Inspiration : Traceability of parts in aviationTraceability of parts in aviation
Motto : Always exist a solution, this is the foundation
of progress
Basis rule :Basis rule :
Checksums of file on the user's deviceChecksums of file on the user's device
==
Checksums of file issued by author SWChecksums of file issued by author SW

Jiri Napravnik
http://rule.salamandr.cz
See also : PYRAMID of Cyber SecuritySee also : PYRAMID of Cyber Security

It's time to change the basics of Cyber Security

Recommended

Recommended

More Related Content

What's hot

What's hot (7)

Similar to It's time to change the basics of Cyber Security

Similar to It's time to change the basics of Cyber Security (20)

More from Jiří Napravnik

More from Jiří Napravnik (11)

Recently uploaded

Recently uploaded (20)

It's time to change the basics of Cyber Security