Comment Re:The secret word is "trust". (Score 1) 2
The DoD is known for viruses transporting payloads across airgaps onto Internet-connected machines. One thing it isn't is "so secure".
But, to the extent that it IS secure, it uses pretty much what I outlined. They use Class 3 certs for all users and all machines, and have done since about 2001. The US Navy got to trial run thei system to shake down the defects in the design, before they rolled it out to everyone. Beyond that, they use segregated networks (in principle, physical separation rather than logical separation, but who knows?) and encrypted communications.
What I've done above is take what the US DoD uses today, threw in what the US DoD recommended but never actually implemented in the 70s to fill in some of the gaps, and also included what the US DoD implemented and actually used in the way of Trusted OS deisgns in the 70s and 80s. The NSA and IRS likely use some variants on the same techniques.
So, what I've got above is pretty much why the DoD is as secure as it is.
What I've done is augmented it to handle the fact that you need to verify the hardware and not just the endpoint, and that you need to verify the physical host independently of the logical host. But that's pretty much it.