The Scandal of Computer Security

Originally published at WIRED

The U.S. has become a digital civilization. Our industry, defense, medical care, entertainment, and communications all largely rely on information technology. In recent months, it has become increasingly evident that this digital civilization is under attack and that its protective strategies are failing.

Everywhere in the news are accounts of computer security hacks. Targets range from The New York Times, which was hit with 45 pieces of undetected malware in three months, to the Financial Times’ corrupted email system.

Even more troubling are the attacks on American intellectual property. According to the Pentagon, Chinese and Russian hackers have gained access to the very industrial base on which U.S. diplomacy and defense rests. The National Security Agency’s General Keith Alexander calls the loss of American intellectual property in cyber-attacks “the greatest transfer of wealth in history.”

All this is happening while the nation spends close to $50 billion on “computer security” as computer users fumble daily for passwords, usernames, PINs, and reset buttons. The DoD alone commands 65,000 IT professionals with a budget of $12.5 billion, most of which is spent on ineffective post-hack software security systems.

How are companies and consumers supposed to feel confident in their cyber-defense systems when security giants themselves fall victim to attacks? For example, Symantec, whose software identified just one of the 45 New York Times attacks, suffered a raid on its own Norton Utility source code assets. And its major rival McAfee inadvertently launched a devastating attack of its own, depriving millions of its customers of network access.

This pattern of ever-increasing expenditures with ever-deteriorating results bespeaks a failed technological paradigm and calls for a new approach to the problem. Fortunately such a new approach is readily available.

Acting through the Trusted Computing Group, some 130 computer industry companies, led by Microsoft, Intel, IBM, HP, Dell have adopted and demonstrated an ingenious and promising remedy for many of these vulnerabilities. Integrated into the innermost domains of the computer system and not removable by the user, it is called the Trusted Platform Module (TPM).

Moving crucial security operations into a hardware “vault” chip, unreachable by outside software, the TPM makes possible the establishment of a “root of trust” upon which security can be built. A secure cryptographic processor, it commands non-volatile memory that keeps its contents when the power goes out. Containing a true random number generator based in the physics of the chip rather than an algorithmic source, the TPM supplies the foundation for cryptographic “keys” that identify the computer to outsiders.

The TPM also commands a program counter that logs an indelible record of computer operations that cannot be overridden or saturated, no matter how long it is bombarded. The chip is architected so that no commands it is issued can ever induce it to relinquish its private cryptographic key, which uniquely identifies and authenticates the machine.

Most crucially, the TPM can perform the vital function of pre-boot hardware platform attestation, enabling the machine to report reliably on its own condition and identity. This means that together with implementation software, it can compare a mathematical “hash” of the existing hardware settings and hard drive contents with the previously stored “image,” flagging changes or malware and prohibiting boot-up until they are scrutinized and addressed. The TPM guarantees that the computer is a known device, booting into a trusted known state. Thus, it is a machine that can be safely linked to other networks and tap into valuable or sensitive services.

The Trusted Platform Module observes seven principles of security that are defied in practice, offering an entirely new paradigm — and a path to an improved computer architecture.

  1. People cannot be made secure. They are subject to trickery and seduction, impulse and inattention. Only devices can be secured.
  2. No secure system can rely on passwords.
  3. No security system works if it is not used. Thus these systems must improve the user’s experience and enhance the device’s performance, driving their adoption.
  4. The fewer interfaces a security system introduces, the better.
  5. The canonical security sequence is to authenticate the device, then link the user to it through a biometric method (such as fingerprints, face, or iris scans).
  6. Websites should admit only known devices – an approach known as “whitelisting.”
  7. Computer security is too important to be entrusted to computer security companies. It is an effect of computer architecture and is impaired by most patches and post-hack security programs.

Virtually all new business-class personal computers — some 600 million so far — now bear TPMs welded onto their motherboards. Samsung, Wave Systems, and others are now extending the technology to mobile devices such as tablets, network computers, and smartphones. Microsoft is spearheading the movement by mandating TPMs as a prerequisite for its new operating system, Windows 8.

However, despite the increasing consensus of its computer experts, the government has failed to assure the security of its own assets. Even in a war against relatively primitive forces in Afghanistan, the Pentagon has suffered several unpublicized computer hacks that remain vulnerable in ways that resourceful use of TPMs could rectify.

As a result of these stultifying confusions, almost no one has turned on the TPMs. In nearly all of the some 600 million computers that have them, the TPMs merely occupy space on the motherboards. Sleeping sentinels, their default mode is dormancy, since they are worthless without software to invoke their services and manage them.

Security is an indispensable part of computer architecture and design that must be incorporated from the bottom up. It cannot be sloughed off onto the users or relegated to an after-the-fact strategy based on retroactive bandaids and placebos.

Continued failure to respond to America’s cyber-security gap could pale all of Washington’s other scandals put together. The US still commands the vast majority of all global computer industry assets and capabilities Let us save ourselves from the need for a post-catastrophe investigation, among the ruins, by acting now when there is still time to prevent disaster.

George Gilder is a member of the Board of Directors at Wave Systems Corp. He is also Founder and Partner at The Gilder Technology Fund, a Senior Fellow at the Discovery Institute in Seattle, Washington, the Founder and Chairman of Gilder Publishing, LLC, and also the Chairman of George Gilder Fund Management.

George Gilder

Senior Fellow and Co-Founder of Discovery Institute
George Gilder is Chairman of Gilder Publishing LLC, located in Great Barrington, Massachusetts. A co-founder of Discovery Institute, Mr. Gilder is a Senior Fellow of the Center on Wealth & Poverty, and also directs Discovery's Technology and Democracy Project. His latest book, Life After Google: The Fall of Big Data and the Rise of the Blockchain Economy (2018), Gilder waves goodbye to today's Internet.  In a rocketing journey into the very near-future, he argues that Silicon Valley, long dominated by a few giants, faces a “great unbundling,” which will disperse computer power and commerce and transform the economy and the Internet.