Solutions are needed to replace the archaic air-gapping of computers used to isolate and protect sensitive defense information, the U.S. Government has decided. Air-gapping, used often now, is the practice of physically isolating data-storing computers from other systems, computers, and networks. It theoretically can’t be compromised because there is nothing between the machines — there are no links into the machines; they’re removed.
However, many say air-gapping is no longer practical, as the cloud and internet takes a hold of massive swaths of data and communications.
“Keeping a system completely disconnected from all means of information transfer is an unrealistic security tactic,” says Defense Advanced Research Projects Agency (DARPA) on its website, announcing an initiative to develop completely new hardware and software that will allow defense communications to take place securely among myriad existing systems, networks, and security protocols.
The Guaranteed Architecture for Physical Security (GAPS) program it is introducing will be split into three formal areas: hardware, software, and validation against Department of Defense (DoD) systems. A fourth realm is also promised, and that’s the commercialization of the elements:
“Commercializing the resulting technologies is also an objective,” the publicly funded DARPA federal agency says. The GAPS program should “create safer commercial systems that could be used for preserving proprietary information and protecting consumer privacy.”
Commercializing something like a defense security architecture — the objective being to secure data as it moves between disparate systems — could ultimately help commerce in a similar way to how the government has assisted the internet by allowing a military-owned, watered-down GPS to be used by all. Getting funding also becomes easier.
“Modern computing systems must be able to communicate with other systems,” DARPA says of its plans. That includes “those with different security requirements.” It’s saying cloud systems and the internet are here, aren't going away, and need to be dealt with, in other words.
The problem with air-gapping
Air-gapping does work. The problem with it, though, is it’s not only hard to implement and enforce (workers have gotten used to networks and cloud), but it’s expensive. Installing breaks between systems not only affects working collaborations, but it’s hard to setup due to overall complexity. And it’s equally difficult to administer: You can’t just send patches across the network — there isn’t one.
“Interfaces to such air-gapped systems are typically added in after the fact and are exceedingly complex, placing undue burden on systems operators as they implement or manage them,” DARPA explains.
A better solution, then, in today's environment is to accept that users need, or want to share, data and to figure out how to keep the important bits more private, particularly as the data crosses networks and systems, with all having varying levels of, and types of, security implementations and ownership.
The GAPS thrust will be in isolating the sensitive “high-risk” transactions and providing what the group calls “physically provable guarantees” or assurances. A new cross-network architecture, tracking, and data security will be developed that creates “protections that can be physically enforced at system runtime.”
How they intend to do that is still to be decided. Radical forms of VPNs — an encrypted pipe through the internet would be today’s attempted solution. Whichever method they choose will be part of a $1.5 billion, five-year investment in government and defense electronics systems. And enterprise and the consumer may benefit.
“As cloud systems proliferate, most people still have some information that they want to physically track, not just entrust to the ether,” says Walter Weiss, DARPA program manager, in the release.
Thanks to Patrick Nelson (see source)