• "But conventional security is not enough. The complexity of today's operational environment means organisations must embrace a level of business resilience that is normally associated with the protection of critical national infrastructure."

    Detica, a BAE Systems Company

  • "Even a relatively small quantum computer, one that had a few tens of thousands of qubits, could consider so many different values at once that it would be able to break all known [ed: RSA, D&H, ECC, AES-128] codes commonly used for secure Internet communication.”

    Prof Seth Lloyd of MIT, MIT Review 2008

  • “Business now relies on information infrastructures that are interlinked and interdependent… The way in which these hidden interdependencies pervade our everyday lives is staggering and, in some cases, may go unchecked for many years until an incident occurs that revels the true nature of the interdependences' impact.”

    The British Government’s Technology Strategy Board, 2008
  • “Consider the use of smart cards ... for especially critical functions.  Although more costly than software, when properly implemented the assurance gain is great.  The form-factor is not as important as the existence of an isolated processor and address space for assured operations – an ‘Island of Security,’ if you will.  Such devices can communicate with each other through secure protocols and provide a web of security connecting secure nodes located across a sea of insecurity in the global net.”

    Brian Snow, Former Technical Director of the US National Security Agency (NSA), "We need assurance!", 1999-2008

  • The software security industry today is at about the same stage as the auto industry was in 1930" ... "it looks fast, goes nice but in an accident you die.” ... "The major shortfall is absence of assurance (or safety) mechanisms in software. If my car crashed as often as my computer does, I would be dead by now."

    Brian Snow, Former Technical Director of the US National Security Agency (NSA), "We need assurance!", 1999-2008

  • In the next five years we will counter many 'hacker' attacks but we will not be safe from Nation States and other large entities

    Brian Snow, Former Technical Director of the US National Security Agency (NSA), "We need assurance!", 1999-2008

  • “The current way which organisations approach security can be recognised as an underlying market failure which consists of fire fighting security problems, silo'd implementation of technologies, uncontrolled application development practices and a failure to address systemic problems. Organisations tend to deal with one problem at a time that results in the deployment of point solutions to treat singular problems. This failure is typical of an uncontrolled marketplace evolving with little or no co-ordination.

    The British Government’s Technology Strategy Board, 2008
  • "First and foremost, there is no proper excuse for continued use of a broken cryptographic primitive (MD5) when sufficiently strong alternatives are readily available, for example SHA-2. Secondly, there is no substitute for security awareness." ... "Advice from experts should be taken seriously and early in the process. In this case, MD5 should have been phased out soon after 2004."

    Alexander Sotirov, Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, Benne de Wegerr, "MD5 considered harmful today - Creating a rogue CA certificate", December 2008
  • Build-in Security: Ensure that security is considered and built into the design of new infrastructure, so that our critical assets are protected from the start and more resilient to naturally-occurring and deliberate threats throughout their life-cycle."

    Obama-Biden Plan, Agenda: Homeland Security, December 2008

  • "Today’s systems must anticipate future attacks. Any comprehensive system – whether for authenticated communications, secure data storage, or electronic commerce – is likely to remain in use for five years or more. It must be able to withstand the future: smarter attackers, more computational power, and greater incentives to subvert a widespread system. There won’t be time to upgrade it in the field."

    Bruce Schneier, "Why Cryptography Is Harder Than It Looks", 1997
  • “The more complex the threats become, the more you have to do the basics and groundwork really well. Staying aware and on top of new vulnerabilities and ensuring that patches and software updates are rapidly implemented is crucial.”

    Jeff Shipley, Cisco Intelligence Collection Manager, Cisco 2008 Annual Security Report

  • “Briefly and simply, assurance work makes a user or a creditor more confident that the system works as intended without flaws, without surprises, even in the presence of malice.” … “The major shortfall is absence of assurance or safety mechanisms in software.  If my car crashed as often as my computer does, I’d be dead by now.”

    Brian Snow, Former Technical Director of the US National Security Agency (NSA), "We need Assurance", AusCERT 2008

Resources Frequently asked questions Security in general fact: Security is on the 2009 agenda for America
fact: Security is on the 2009 agenda for America


The incoming U.S. President Elect, Barack Obama, has outlined a Homeland Security agenda here.

The agenda outlines the need for a hardened computing infrastructure in the United States.

This is an ambitious project that would require the entire network communications system to be upgraded and every network attached computer hardened. Synaptic technologies are targeted towards this type of endeavour.

The line between government infrastructure, commercial infrastructure and personal computer has blurred.  Today critical communications infrastructure, commercial networks and home networks are often built using exactly the same hardware and software. This is a natural result of economies of scale and the need to interoperate. The line is further blurred when we consider that today over a million computers attached to the Internet have been hacked. These computers are being used to conduct co-ordinated attacks against commercial and government organisations, and even against the insecure network infrastructure itself.

The techniques required to design and build reliable, high assurance devices are known. They are used daily in the medical, aviation, nuclear and defense sectors. Synaptic incrementally enhances known trusted protocols and algorithms to achieve 50-to-100 year security in large scale public networks. Synaptic has filed patent applications over the hardware and software techniques that enable these low cost, scalable, long-lived security systems to be designed using conservative well studied cryptographic components. These components can be deployed incrementally but they are also smaller parts of a larger vision to deploy a new hardened communications infrastructure that is being designed as a cryptographic high-assurance project from it's inception.  A universal network carrier that is capable of retroactively upgrading the security and performance of all carried data and voice communications protocols.

The Synaptic technologies relate specifically to the following points quoted from the Obama-Biden Homeland Security plan:

  • Initiate a Safe Computing R&D Effort and Harden our Nation's Cyber Infrastructure: Support an initiative to develop next-generation secure computers and networking for national security applications. Work with industry and academia to develop and deploy a new generation of secure hardware and software for our critical cyber infrastructure.
  • Protect the IT Infrastructure That Keeps America's Economy Safe: Work with the private sector to establish tough new standards for cyber security and physical resilience.
  • Create a National Infrastructure Protection Plan: Develop an effective critical infrastructure protection and resiliency plan for the nation and work with the private sector to ensure that targets are protected against all hazards.
  • Build-in Security: Ensure that security is considered and built into the design of new infrastructure, so that our critical assets are protected from the start and more resilient to naturally-occurring and deliberate threats throughout their life-cycle.
  • Prevent Corporate Cyber-Espionage: Work with industry to develop the systems necessary to protect our nation's trade secrets and our research and development. Innovations in software, engineering, pharmaceuticals and other fields are being stolen online from U.S. businesses at an alarming rate.
  • Develop a Cyber Crime Strategy to Minimize the Opportunities for Criminal Profit: Shut down the mechanisms used to transmit criminal profits by shutting down untraceable Internet payment schemes. Initiate a grant and training program to provide federal, state, and local law enforcement agencies the tools they need to detect and prosecute cyber crime.
  • Mandate Standards for Securing Personal Data and Require Companies to Disclose Personal Information Data Breaches: Partner with industry and our citizens to secure personal data stored on government and private systems. Institute a common standard for securing such data across industries and protect the rights of individuals in the information age.
  • Give Real Authority to the Privacy and Civil Liberties Board: Support efforts to strengthen the Privacy and Civil Liberties Board with subpoena powers and reporting responsibilities. Give the Board a robust mandate designed to protect American civil liberties and demand transparency from the Board to ensure accountability.
  • Invest in Critical Infrastructure Projects: Invest in our nation's most pressing short and long-term infrastructure needs, including modernizing our electrical grid and upgrading our highway, rail, ports, water, and aviation infrastructure. Establish a Grid Modernization Commission to facilitate adoption of Smart Grid practices to improve efficiency and security of our electricity grid.

 

 
This website uses cookies to manage authentication, navigation, and to provide you with a better and more personal service. By continuing to use this website, you are consenting to this use. Find out more here.