I'm not a "security expert", I have no encyclopedic knowledge of the ways of criminals. Let's agree that is well established.
I do know how computers work, down to the transistor level. I've been playing with them since 1978.
Rules I would impose:
Industrial control systems would be isolated from the internet by a unidirectional network. Data could get out, ONLY. You can have helpers on the inside and outside to handle things like buffering logs, etc.
If you need remote control of something industrial, it has to be on a physically separate network, airgapped from the world.
In Government, I would have NEVER connected the Office of Personnel Management system to the internet, except to allow data INBOUND through a data diode. All outbound queries would require passing through a human with the proper security clearance.
All sensitive or classified systems would be similarly isolated, and only allow ingress of data.
Multilevel secure computing would be required for all government systems. Red Teams would be used to test security periodically, run by the Inspector General.
Capability Based Security would be the norm. Most users wouldn't see much of a difference in their day to day interactions.
Bug bounties would be required for any commercial software vendor, with public disclosure after 1 year of all payouts. Bugs submitted that aren't paid would be disclosed in 6 months.
The NSA would shift roles from spying on everything just because they can, to first making sure nobody can spy on us, and only then spying on everyone else.
> Because the lessons of capability based security were ignored for decades, and not taught, the common consensus is that computers can never be made secure, and your best hope is to hire the smartest people in the world, at less than the average market rate, to secure your systems.
I presume the OP is a fan of capability-security and while I'm not an expert on capabilities, I agree they can go a _long_ way to mitigating risk. Unfortunately, none of the mainstream OSs even offer a smidge of a way of actually working with capabilities. Google's recently laughed Fuschia _does_ support capabilities out of the box, but they have a long way to go before they're regarded as mainstream.
Things will continue to get worse. Google's Fuchsia and Genode are two capability based Operating Systems that are likely to be good enough to hack in the next year or so.
I expect 3-5 more years of this before enough experience is gained with Capability Based systems to finally cause mass adoption.
In the meanwhile, it would be nice to have a Raspberry Pi based data diode setup that can buffer all the standard stuff, as well as SCADA.
Also in the meanwhile, there is non-zero danger that Congress will use this as an excuse to purge the nation of general purpose computing available to the masses.
Also, the Military Industrial Complex will push for more funds from this.
Also, many a Startup will sell more security snake-oil.
If under "proper security" the author means something that is impenetrable then such thing does not and will never exist in general. We can approach some reasonable level but with the current explosion of software, its complexity, insane degree of dependency, every button of your shirt becoming "smart" gizmo connected to Amazon and whatnot I believe the situation for now will only get worse.
I'm not a "security expert", I have no encyclopedic knowledge of the ways of criminals. Let's agree that is well established.
I do know how computers work, down to the transistor level. I've been playing with them since 1978.
Rules I would impose:
Industrial control systems would be isolated from the internet by a unidirectional network. Data could get out, ONLY. You can have helpers on the inside and outside to handle things like buffering logs, etc.
If you need remote control of something industrial, it has to be on a physically separate network, airgapped from the world.
In Government, I would have NEVER connected the Office of Personnel Management system to the internet, except to allow data INBOUND through a data diode. All outbound queries would require passing through a human with the proper security clearance.
All sensitive or classified systems would be similarly isolated, and only allow ingress of data.
Multilevel secure computing would be required for all government systems. Red Teams would be used to test security periodically, run by the Inspector General.
Capability Based Security would be the norm. Most users wouldn't see much of a difference in their day to day interactions.
Bug bounties would be required for any commercial software vendor, with public disclosure after 1 year of all payouts. Bugs submitted that aren't paid would be disclosed in 6 months.
The NSA would shift roles from spying on everything just because they can, to first making sure nobody can spy on us, and only then spying on everyone else.
Also:
Email would require authentication on send
Null terminated strings would be abolished
Broadband would be nationalized and free to all