|
This solution has been proposed before in security circles. The reason I have heard that it is not done is that just the act of hacking into a system can destroy things that are important. With a pen tester the company can review their plan and make sure it won't affect critical systems. With the government randomly hacking systems they will eventually touch something they should not have. Encrypting all the systems for non-compliance is even worse, some systems will be effectively destroyed or require months to recover from just being off and unavailable. Some things can be recovered fairly easily (database rollbacks, replays) but often a lot of transaction history is lost when the systems go offline. We are not actually sure we could restart the USA power grid if the whole thing went down at the same time (never happened before). You do NOT want an uncontrolled shutdown of an oil refinery or chemical plant. There is a business cost too while the systems are down which might be viewed as a "fine", but that is a fine imposed with no legal recourse. A company could take the government to court, but they may never be able to recover from this "fine". The amount of the "fine" will vary per company also, some companies with the right recovery architecture could just consider it a cost of doing business and find it is cheaper than doing good security, others may be wiped out. There is no way to make the "fine" proportional to the crime. None of this solves the problem of zero-days either. The only thing that I know of that sometimes could work against zero-days are intrusion detection/anomaly detection. They do not guarantee that you'll be able to stop the intrusion in time though, especially if the entire attack is automated or really sneaky, masquerading as normal users or third party vendors. An automated IDS that can halt an attack is a very risky thing; change your business practice one day and that could shut down your network meaning you just attacked yourself. It could be purposely triggered by an attacker also as a denial of service. The only ransomware solution I can envision is gradual hardening, like in the old days of Sun workstations and how airplanes became so safe. Make only small incremental changes and respond to feedback so over time the system gets more and more secure, until everything is just secure by default except when rare new vulnerabilities are discovered (new zero days, but if the system doesn't change much they should get rarer and more difficult to discover with time discouraging people from trying to find new ones). This is expensive and takes time and kills innovation, but I don't think there is a quick fix. So reserve/require it for critical systems and let innovative systems be more subject to failure and attacks. The first step would be deciding what is critical (the power grid? facebook? your grocery store IT system?) and hence should be required to follow this practice. Eventually even the more innovative services will benefit from using some of the well hardened systems. Ransomware will run rampant meanwhile, diminishing with time. I view this as similar to global warming, there is not just one problem, there are thousands of problems in networks, computers, OS's, apps, services, and users, and it is not going to be fixed with a patch (especially when patches are also an attack channel).
Big companies probably already do something like this (hence they continue to use Windows NT or DOS or invent their own flavor of Linux), but this is also something that should probably be a government requirement for the grid, chemical plants, ISP's and anything we can not risk having fail. |