Policy Actions for Securing Computers

Societies rely on information technology, be it for business operations, private life, or for critical infrastructures. However, IT systems are not reliably protected against attacks on data integrity or confidentiality, as the debates around the Stuxnet worm and the NSA have shown. It is expected that powerful organizations, such as foreign competitors or secret services, will launch significant attacks on businesses or infrastructures in the future.

Industry cannot invest large sums to create highly secure systems, as users who did not yet suffer large damages will not be willing to pay for their development costs. Therefore, only a slow migration takes place towards, e.g., the use of virtualization to isolate sensitive or risky applications. Moreover, the paths to highly secure systems are not clear.  One path would be to have careful specification, implementation and evaluation. This path is known to be expensive but would provide a level of protection so far unknown. However, even such implementations might be hacked. Therefore, a path towards provably secure systems might be preferable. Though significant progress has been made, the development of provably secure computing systems faces three challenges: first, a large open source software base needs to be created. Second, matching hardware needs to be designed and ultimately an entire secure system. Third, means need to be explored to make sure that actual implementations match the system design, without insiders planting Trojan horses, and without having any implementation errors.

In either case, a policy push is needed which must take place in at least some economically significant countries. It is needed (1) to make the problems and solutions better known, (2) to explore the costs and benefits of the paths, and (3) to make some path mandatory. The latter could be done in a gradual way, starting with some devices and applications.