Alright, maybe SWIFT will be interested in high-assurance systems now. Any day now they'll start applying the best of real INFOSEC to a world-wide, financial-transfer network. Any day now... Probably not lol...
I can't glean useful information out of it except to note Fox-IT has some experts on hand that can help. They were mentioned. The hacks usually come from malicious insiders, social engineering of benign insiders, bad configurations, bad protocols, and especially 0-days in software. The interim solution should then be hardened OS with strong TCB, use of proven protocols, secure-by-default configuration, auditing/monitoring by third-parties for malicious insiders, and controls for both malicious and benign insiders. SWIFT's headlines indicate a lot of software implementing controls, analysis, and so on. I didn't see anything at a glance about making the implementation of those software, their protocols, or their OS's bulletproof.
So, I still don't trust them. This looks like the same shit management in banking and "security" industries come up with all the time. You know, the stuff used in dozens of companies that got bypassed by so-called "APT's" that sent emails with infected PDF's and Excel documents. Really "advanced" attacks it takes. Haha. Trick is, you need both the security features and assurance they're secure. Most of industry focuses on former where my type focuses on latter as much as possible. ;)
That's a nice design. They're trying really hard while staying within COTS components. So, I wanted to know what the TCB was running. Paydirt:
" The I/O Controller runs an isolated instance of Security
Enhanced Linux and has a separate TPM for measurements and identity anchoring."
Yeah, that's not trustworthy. It might get attacked less than competing systems but SELinux isn't a good TCB. The NSA themselves rate it like most of the rest at EAL4+: resistant to "inadvertant" or "casual" attempts to breach security. You want that trusted component to be running something stronger, preferably with low odds of 0-days. A minimal version of OpenBSD is a cheap start as their networking and Ethernet stacks probably had most review. Next best is a separation kernel enforcing policy with small TCB & user-mode stacks. There's commercial ones they can buy or FOSS ones to build on. Memory-safe language like Ada/SPARK or Rust for their trusted code. Paid or FOSS options for that, too.
The point being the hackers are going to look for ways to send in malicious data or cause unusual executions to get code into memory. Whatever they're using should stop that or isolate the damage with high confidence. Most don't, though. Even well-thought ones like this product.
EDIT: Thanks for the tip-off, though, as I occasionally send recommendations to security vendors. Might email them or use them as an example for high-security people of what kind of thing to build or market.
