| If I had a magic wand: I'm not a "security expert", I have no encyclopedic knowledge of the ways of criminals. Let's agree that is well established. I do know how computers work, down to the transistor level. I've been playing with them since 1978. Rules I would impose: Industrial control systems would be isolated from the internet by a unidirectional network. Data could get out, ONLY. You can have helpers on the inside and outside to handle things like buffering logs, etc. If you need remote control of something industrial, it has to be on a physically separate network, airgapped from the world. In Government, I would have NEVER connected the Office of Personnel Management system to the internet, except to allow data INBOUND through a data diode. All outbound queries would require passing through a human with the proper security clearance. All sensitive or classified systems would be similarly isolated, and only allow ingress of data. Multilevel secure computing would be required for all government systems. Red Teams would be used to test security periodically, run by the Inspector General. Capability Based Security would be the norm. Most users wouldn't see much of a difference in their day to day interactions. Bug bounties would be required for any commercial software vendor, with public disclosure after 1 year of all payouts. Bugs submitted that aren't paid would be disclosed in 6 months. The NSA would shift roles from spying on everything just because they can, to first making sure nobody can spy on us, and only then spying on everyone else. Also: Email would require authentication on send Null terminated strings would be abolished Broadband would be nationalized and free to all |