Click for next page ( 286

The National Academies of Sciences, Engineering, and Medicine
500 Fifth St. N.W. | Washington, D.C. 20001

Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement

Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page 285
F Some Related Trustworthiness Studies COMPUTERS AT RISK: SAFE COMPUTING IN THE INFORMATION AGE Computers at Risk: Safe Computing in the Information Age (CSTB, 1991) focused on security getting more and better computer and communica- tions security into use, thereby raising the floor for all, rather than concen- trating on special needs related to handling classified government informa- tion. The report responded to prevailing conditions of limited awareness by the public, system developers, system operators, and policymakers. To help set and raise expectations about system security, the study recom- mended the following: Development and promulgation of a comprehensive set of gener- ally accepted security system principles (GSSP); Creation of a repository of data about incidents; and cations. Education in practice, ethics, and engineering of secure systems; Establishment of a new institution to implement these recommen The report also analyzed and suggested remedies for the failure of the marketplace to substantially increase the supply of security technology; export control criteria and procedures were named as one of many con- tributing factors. Observing that university-based research in computer 285

OCR for page 285
286 APPENDIX F security was at a "dangerously low level," the report mentioned broad areas where research should be pursued. REPORT OF THE DEFENSE SCIENCE BOARD TASK FORCE ON INFORMATION WARFARE DEFENSE (IW-D) Produced by a Defense Science Board task force, Report of the Defense Science Board Task Force on Information Warfare Defense (IW-D) (Defense Science Board, 1996) focused on defending against cyber-threats and in- formation warfare. The task force documented an increasing military dependence on networked information infrastructures, analyzed vulner- abilities of the current networked information infrastructure, discussed actual attacks on that infrastructure, and formulated a list of threats (Box F.1) that has been discussed broadly within the Department of Defense (DOD) and elsewhere. The task force concluded: . . . there is a need for extraordinary action to deal with the present and emerging challenges of defending against possible information warfare attacks on facilities, information, information systems, and networks of the United States which isic] would seriously affect the ability of the Department of Defense to carry out its assigned missions and functions. Some of the task force recommendations answered organizational questions: Where might various functions in support of IW-D be placed

OCR for page 285
APPENDIX F 287 and how might they be staffed and managed within the DOD? How might senior-level government and industry leaders be made aware of vulnerabilities and their implications? What legislation is needed? How can current infrastructure dependencies and vulnerabilities be deter- mined? How can information about ongoing threats and attacks be char- acterized and disseminated? The other recommendations concerned both short- and longer-term technical means for repelling attacks. The task force urged greater use of existing security technology, certain controversial encryption technology,] and the construction of a minimum essential information infrastructure (MEII). It also suggested a research program for furthering the develop- ment of the following: System architectures that degrade gracefully and are resilient to failures or attacks directed at single components; Methods for modeling, monitoring, and managing large-scale dis- tributed systems; and Tools and techniques for automated detection and analysis of lo- calized or coordinated large-scale attacks, and tools and methods for pre- dicting anticipated performance of survivable distributed systems. The task force noted the low levels of activity concerning computer secu- rity and survivable systems at universities. CRITICAL FOUNDATIONS: PROTECTING AMERICA'S INFRASTRUCTURES The President's Commission on Critical Infrastructure Protection whose members were drawn from the private and public sector, studied infrastructures that are critical to the security, public welfare, and eco- nomic strength of the United States: information and communications (e.g., telecommunications), physical distribution (e.g., rail, air, and mass transport), energy (e.g., electric power generation and distribution), bank- ing and finance, and vital human services (e.g., water supply, fire fight- ing, and rescue). In its report, Critical Foundations: Protecting America's Infrastructures (PCCIP, 1997), the commission concluded that all these infrastructures were increasingly vulnerable to physical and cyber-threats. And although the threat of cyber-attacks today appears to be small, the Specifically, the task force recommended the deployment of the Multilevel Information Systems Security Initiative (MISSI) and escrowed encryption. Those topics are discussed in Chapters 4 and 6 of the present report.

OCR for page 285
288 APPENDIX F prospect for such attacks in the future was found to be significant.2 Along with the increasing threat, the commission noted an absence of any na- tional focus for infrastructure protection. Formation of a public-private partnership was urged. Private-sector involvement was advocated be- cause infrastructure owners and operators, having the expertise and in- centive, are best positioned to protect against and detect infrastructure attacks. Federal government involvement is needed to facilitate collec- tion and dissemination of information about tools, threats, and intent. The federal government also is ideally situated for detection of coordi- nated attacks, for overseeing defense-in-depth and defenses across infra- structures, and for reducing the possibility that disturbances or attacks could propagate within and across critical infrastructures. Broad public awareness regarding the nature and extent of cyber- threats is a necessary part of any defense that hinges on private-sector participation. Programs were recommended to elevate public awareness of infrastructure threats, vulnerabilities, and interdependencies. The com- mission also recommended considering legislation that would enable fed- eral and private-sector responses to infrastructure vulnerabilities and at- tacks. The government was also counseled by the commission to serve as a role model for the private sector in the use of standards and best prac- tices, taking precautions that are proportionate to the threat and the value of what is being protected. Substantially increased support for research was recommended by the commission; the present level of funding3 was deemed insufficient for future needs (Davis, 1997~. Federal support is crucial for sound business reasons, the private sector is not likely to invest significant resources in longer-term research that could fuel needed advances. The research and development vision articulated by the com- mission starts with $500 million for fiscal year 1999 and climbs to $1 billion in 2004 for government-sponsored basic research; and the vision has the private sector using that basic research to create new technology for infrastructure protection. The commission suggests a range of research topics. Those concerning networked computer systems and cyber-threats include the following: Information assurance: The effective protection of the communica- tions infrastructure and the information created, stored, processed, and transmitted on it. 2The report notes that attackers, tools are becoming more advanced and more accessible, so less skill is needed to launch ever more sophisticated attacks. Moreover, the increasing interconnectivity and complexity of critical infrastructures increase their vulnerability. 3Government funding was estimated at $150 million per year and industrial funding at $1 billion to $1.5 billion per year.

OCR for page 285
APPENDIX F 289 Monitoring and threat detection: Reliable automated monitoring and detection systems, timely and effective information collection technolo- gies, and efficient data reduction and analysis tools for identifying and characterizing localized or coordinated large-scale attacks against infra- structure. Vulnerability assessment and systems analysis: Methods and tools to identify critical nodes within infrastructures, to examine infrastructure interdependencies, and to help understand the behavior of complex sys- tems. Risk management and decision support: Methods and tools to help decision makers prioritize the use of finite resources to reduce risk. Protection and mitigation: System control and containment and iso- lation technologies to protect systems against the spectrum of threats. Contingency planning, incident response, and recovery: Methods and tools for planning for, responding to, and recovering from incidents such as natural disasters and physical and cyber-based attacks that affect local or national infrastructures. CRYPTOGRAPHY'S ROLE IN SECURING THE INFORMATION SOCIETY A number of mechanisms for enhancing information system trust- worthiness depend on the use of cryptography. Cryptography, however, is a double-edged sword. It can help legitimate businesses and law- abiding citizens keep information confidential, but it can help organized crime and terrorists keep information confidential. Conflict between the protection of confidential information for legitimate businesses and law- abiding citizens and the need for law enforcement and intelligence agen- cies to obtain information has fueled a U.S. policy debate concerning both import/export restrictions and domestic deployment of cryptography. The issues are subtle. They were explored during an 18-month study by the National Research Council's Computer Science and Telecommuni- cations Board (CSTB) the so-called CRISIS report (an acronym of the report's full title) edited by Dam and Lin (CSTB, 1996) that was com- pleted just as the present NIS trustworthiness study was getting under way. Bringing together a wide range of perspectives on the subject, the CRISIS report concluded that the then-current U.S. cryptography policy4 was not adequate to support the information security requirements of an information society. Although acknowledging that increased use of cryp- tography placed an increased burden on law enforcement and intelli 4The report was released in May 1996.

OCR for page 285
290 APPENDIX F gence activities, the CRISIS report asserted that the interests of the nation overall would be best served by a policy that fosters a judicious transition toward broad use of cryptography. CRISIS does not make recommendations for further research, so it is unlike the other studies just surveyed. What CRISIS does say is directly relevant to the present study in two ways. First, the existence of CRISIS helped delimit the scope of the present study. With CRISIS in hand, the present study was freed to concentrate on other aspects of information systems trustworthiness. Second, CRISIS provides a foundation for the present study's discussions about cryptography policy and its implica- tions regarding widespread deployment of cryptography. As discussed in Chapters 2, 4, and 6 of the present study, the broad availability of cryptography can affect how NIS trustworthiness problems are solved. REFERENCES Computer Science and Telecommunications Board (CSTB), National Research Council. 1991. Computers at Risk: Safe Computing in the Information Age. Washington, DC: National Academy Press. Computer Science and Telecommunications Board (CSTB), National Research Council. 1996. Cryptography's Role in Securing the Information Society, Kenneth W. Dam and Herbert S. Lin, eds. Washington, DC: National Academy Press. Davis, John C. 1997. (Draft) Research and Development Recommendations for Protecting and Assuring Critical National Infrastructures. Washington, DC: President's Commission on Critical Infrastructure Protection, December 7. Defense Science Board. 1996. Report of the Defense Science Board Task Force on Information Warfare Defense (IW-D). Washington, DC: Office of the Under Secretary of Defense for Acquisition and Technology, November 21. President's Commission on Critical Infrastructure Protection (PCCIP). 1997. Critical Foun dations: Protecting America's Infrastructures. Washington, DC: PCCIP, October.