Today I would like to publicly outline a new concept I have been contemplating that I believe could be a solution to cyber security breaches for large organisations and governments around the world.
My idea is named 'Lingua Aliena', which is Latin for 'Foreign Language'.
My belief is that for as long as internal information systems, such as databases, are connected in some way to the internet, either directly or by being connected to a third party network that ultimately has connections to the outside world, cyber criminals will always be able to develop TTP's to get in to that internal network and steal data. For the purposes of this article I am going to use the make believe Bank of Victoria as my example.
The Bank of Victoria (or BOV for short) is a traditional bank in Australia that has fully adopted modern banking mechanisms. Two factor authentication, zero trust policies internally etc. It has systems that are connected to the external internet and staff use Windows computers across the vast organisation, just like e very other bank, just like most companies.
The problem of course is that the operating systems used across the organisation are open to vulnerabilities, be it standard Windows OS in branches, Windows servers in the data centre or Active Directory. In addition all of these internal networked devices use the standard TCP/IP protocol for communication.
In essence my proposal, my idea, for Lingua Aliena, is for the bank to have their own custom made operating system for both work stations and servers written in a custom, secured new code base AND a custom designed new networking protocol. This means that threat actors, even if they are able to phish someone in the sales department to download a word doc with a malicious macro or send them to a website with malicious code, it won't matter because that code, no matter how good it is will not work on the banks computer systems because the code is completely different. It would be like trying to install an Android APK file on an iOS device!
My idea of a foreign language design guarantees that malicious code written in any programming language will not work on BOV's computer systems and even if it did it would not be able to escalate privileges or traverse the network because all of those standard technologies do not exist.
As a secondary level of protection there is an AI controlled server at the bank that has no possible way of communicating with the outside world. It has no traditional network card and no wifi, this machine is called the translator and performs two key tasks.
Firstly the AI server changes key information about the network across the entire network every 24 hours. Imagine fundamentally changing the TCP/IP protocol every day, let's say, for the purposes of a simple example, that every 24 hours we changed key information in ethernet frames, everything on the network would stop working, nothing would be able to communicate. In my proposal the AI server changes network protocol settings every 24 hours across the internal network so that if there was a situation where a threat actor was to somehow get malicious code to run on the banks custom OS the hacker would not be able to secure an advanced persistent threat or perform lateral movement.
The final part of Lingua Aliena is the translation layer, which is again performed by the Ai server. The AI server is able to receive standard Windows, MAC and Linux files, such as PDF's or Excel spreadsheets and perform an on-the-fly translation of those files so they can be read with the banks own software. A client can email in a Word document, which is received by the AI server which then translates that file in to a readable format on the banks own OS. No more tricky Microsoft Macros !! No more malware files that are packaged to look like PDF files. And the server can perform the same action with outgoing files. The banks own custom made word processor that would not work on any other OS sends the outbound attachment to the AI translator which converts the text in to a Word document, or whatever format you want.
Any phishing attacks where an employee accidentally reveals their credentials will no longer be a problem because no one outside the company has the right software that can run on the banks OS and even if they did they would still need to know how the internal networking protocol works, which of course changes every 24 hours.
Now I totally get that many people reading this article are going to be looking at this and saying its a stupid idea. Why would a large company go to the expense of developing their own code base, operating system, server software and networking protocol? I have thought about that alot and I understand that there would obviously be quite a significant cost involved upfront, however just for a moment factor in the cost of cyber breaches and cyber protection over let's say a ten or fifteen year period for a large organisation such as a bank.....Millions of dollars, possibly tens of millions by the time you take in to consideration the possibility of reputational damage and fines for breaches over that period of time. The cost of SOC teams, network defence, the list of current costs goes on. Just imagine a world where a bank or goverment department had their own propriety software language with their own operating system and software with their own custom network protocol and on top of all that a powerful AI server controlling the internal network and translating incoming files.
If you're reading this let me know your thoughts, I'm interested to see what people think and wether or not i should develop the idea further.
DAVID GILMORE