Security is largely a quality problem, and quality is something you do not something you buy; this is why. For some reason I've latched onto baseball as my analogy for this.
A high-performing team has quality metrics, not only for the players but for the team. A high-performing individual outperforms a low-performing individual (a tautalogy for sure, definitional even). What qualities would you say the high-performing individual exhibits?
If you give both players high-quality or low-quality gear, what happens?
Can a baseball player who does a quality job of hitting home runs make better baseballs? Oh yeah: can they make better baseballs within the constraints under which baseballs are made? Why do those constraints exist?
The high-performing team is going to practice. They will wear out or destroy equipment in the process. Teammembers could potentially suffer career-ending injuries, during practice. During practice.
But when the real thing comes along, the practice is the deciding factor for performance individually and as a team.
Of course cybersecurity can be solved... the solution was worked out in the 1970s, and there are commercially available secure systems. The Operating Systems most of us use daily, on the other hand, do not support multi-level security, nor the Bell-LaPadula model.
If we did use such systems, the user interface would be almost identical, but our applications would only be able to open the files we fed them, and not everything, by default. The world would be a much more secure place, but that would have made the NSA's job a lot harder, so such systems aren't talked about much.
>IME secure systems are hard to use in practice, and performance is usually worse than less secure systems.
If you're talking about tacked on layers of lockdown like SElinux, AppArmor, UAC on windows, "Access to X" on your phone, etc... that's obviously true. However, a capabilities based system should be almost identical in terms of the users view of things.. instead of calling a dialog to get a file name then directly opening the file, a "powerbox" is used which returns the capability to access a file.
As far as the user knows, the code behavior is identical, and they don't need to change their interactions.
We've all adopted ersatz capability systems when we moved to virtual machines, containers, and the like... just a far more course grained control of access instead of individual files at runtime.
I'm hoping that we finally fix computer security before I leave this world, but I'm having my doubts. WASM is a good step in the right direction, as long as they don't bypass the capabilities model in the name of "ease of use", it should help quite a bit.
Perpetual cat and mouse game. I would venture to guess we are in a 'hackers winning' cycle right now. In a couple years itll cycle back to us winning.
Imagine a hospital. There will ALWAYS be people looking to break in to find out some specific information. "What did the doctors do that resulted in the death of my loved one?"
This is APT you can never stop regardless of budget. they can build any 0day, go to any extent, build completely custom undetectable tools that will never be stoppable.