In 2009, security concerns were raised about the use of Chinese telecoms equipment in the UK's critical national infrastructure ('Spy chiefs fear Chinese cyber attack', The Times), and the potential for the equipment to be inadvertently or deliberately subverted in a cyber attack.
So, I was interested to read a ZDNet UK news article last week about the Chinese telecoms company Huawei opening a cybersecurity testing centre in the UK to certify its products for use in the UK's critical national infrastructure. The centre will be staffed entirely by security-cleared UK nationals who will work in collaboration with CESG (part of the UK government intelligence agency GCHQ) as part of the certification process to ensure that the evaluations meet the government's highest security standards. The ZDNet article also mentions that "the results of evaluations may be made available to operators and governments outside the UK", and although the Common Criteria security evaluation process is mentioned, it has been previously suggested that this more open approach to security would help Huawei to overcome security concerns in some countries.
Of course, the potential for equipment to contain vulnerabilities, either unintentionally or deliberately is not something new (as illustrated by the counterfeit CISCO routers episode in the US, which were believed to contain backdoors).
This got me thinking about the general subject of trusted platforms and the following questions:
- How do you know that the software you are running is the software that you are supposed to be running?
- How do you know that the hardware you are running on is the hardware that you are supposed to be running on?
- How do you know that the system and has not been counterfeited, or intercepted and modified during the supply chain?
These are fundamental security questions which are often overlooked and could have disastrous consequences for a system deployed within critical national infrastructure.
However, these fundamental issues are addressed by the MILS architecture and the Separation Kernel Protection Profile (SKPP) through the use of trusted hardware, attestation and trusted delivery using cryptographic signatures. These techniques can be used with VxWorks MILS to develop high assurance systems for critical national infrastructure, as well as multilevel secure and Cross-Domain Systems.
So what are you running, and do you trust it?