
Flashback: Declassified 1970 DOD cybersecurity document still relevant - jgrahamc
http://arstechnica.com/security/2016/04/flashback-declassified-1970-dod-cybersecurity-document-still-relevant/
======
nickpsecurity
It's one of the ones I used to post years ago to show the difference between
highly assured security and mainstream security offerings. The hardware,
TEMPEST, and maintenance men issues usually drew blank stares. They also
rarely knew what a TCB was or why you should care about its complexity.
(shakes head)

As usual, mainstream tends to gradually re-discover old concepts and build on
them. TEMPEST stuff has been rediscovered as "side-channels" with plenty of
attention. They're getting wiser on hardware issues with TAO leaks justifying
what we've said all along about what tradeoffs/investments are required to
fight nation-states. No it wasn't just red-tape or paranoia haha. Red teams
knew about maintenance men and insider threats a long time with companies just
mostly ignoring the stuff.

Be interesting to see how long it takes for the rest to seep into their
consciousness. Thirty to forty years for some issues this document suggests.

------
131hn
unsigned timestamp error (sorry)

