Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter.
Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.
Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.
OCR for page 285
F
Some Related Trustworthiness Studies
COMPUTERS AT RISK: SAFE COMPUTING IN THE
INFORMATION AGE
Computers at Risk: Safe Computing in the Information Age (CSTB, 1991)
focused on security getting more and better computer and communica-
tions security into use, thereby raising the floor for all, rather than concen-
trating on special needs related to handling classified government informa-
tion. The report responded to prevailing conditions of limited awareness
by the public, system developers, system operators, and policymakers.
To help set and raise expectations about system security, the study recom-
mended the following:
· Development and promulgation of a comprehensive set of gener-
ally accepted security system principles (GSSP);
· Creation of a repository of data about incidents;
and
cations.
· Education in practice, ethics, and engineering of secure systems;
· Establishment of a new institution to implement these recommen
The report also analyzed and suggested remedies for the failure of the
marketplace to substantially increase the supply of security technology;
export control criteria and procedures were named as one of many con-
tributing factors. Observing that university-based research in computer
285
OCR for page 286
286
APPENDIX F
security was at a "dangerously low level," the report mentioned broad
areas where research should be pursued.
REPORT OF THE DEFENSE SCIENCE BOARD TASK FORCE ON
INFORMATION WARFARE DEFENSE (IW-D)
Produced by a Defense Science Board task force, Report of the Defense
Science Board Task Force on Information Warfare Defense (IW-D) (Defense
Science Board, 1996) focused on defending against cyber-threats and in-
formation warfare. The task force documented an increasing military
dependence on networked information infrastructures, analyzed vulner-
abilities of the current networked information infrastructure, discussed
actual attacks on that infrastructure, and formulated a list of threats (Box
F.1) that has been discussed broadly within the Department of Defense
(DOD) and elsewhere. The task force concluded:
. . . there is a need for extraordinary action to deal with the present and
emerging challenges of defending against possible information warfare
attacks on facilities, information, information systems, and networks of
the United States which isic] would seriously affect the ability of the
Department of Defense to carry out its assigned missions and functions.
Some of the task force recommendations answered organizational
questions: Where might various functions in support of IW-D be placed
OCR for page 287
APPENDIX F
287
and how might they be staffed and managed within the DOD? How
might senior-level government and industry leaders be made aware of
vulnerabilities and their implications? What legislation is needed? How
can current infrastructure dependencies and vulnerabilities be deter-
mined? How can information about ongoing threats and attacks be char-
acterized and disseminated?
The other recommendations concerned both short- and longer-term
technical means for repelling attacks. The task force urged greater use of
existing security technology, certain controversial encryption technology,]
and the construction of a minimum essential information infrastructure
(MEII). It also suggested a research program for furthering the develop-
ment of the following:
· System architectures that degrade gracefully and are resilient to
failures or attacks directed at single components;
· Methods for modeling, monitoring, and managing large-scale dis-
tributed systems; and
· Tools and techniques for automated detection and analysis of lo-
calized or coordinated large-scale attacks, and tools and methods for pre-
dicting anticipated performance of survivable distributed systems.
The task force noted the low levels of activity concerning computer secu-
rity and survivable systems at universities.
CRITICAL FOUNDATIONS: PROTECTING AMERICA'S
INFRASTRUCTURES
The President's Commission on Critical Infrastructure Protection
whose members were drawn from the private and public sector, studied
infrastructures that are critical to the security, public welfare, and eco-
nomic strength of the United States: information and communications
(e.g., telecommunications), physical distribution (e.g., rail, air, and mass
transport), energy (e.g., electric power generation and distribution), bank-
ing and finance, and vital human services (e.g., water supply, fire fight-
ing, and rescue). In its report, Critical Foundations: Protecting America's
Infrastructures (PCCIP, 1997), the commission concluded that all these
infrastructures were increasingly vulnerable to physical and cyber-threats.
And although the threat of cyber-attacks today appears to be small, the
Specifically, the task force recommended the deployment of the Multilevel Information
Systems Security Initiative (MISSI) and escrowed encryption. Those topics are discussed in
Chapters 4 and 6 of the present report.
OCR for page 288
288
APPENDIX F
prospect for such attacks in the future was found to be significant.2 Along
with the increasing threat, the commission noted an absence of any na-
tional focus for infrastructure protection. Formation of a public-private
partnership was urged. Private-sector involvement was advocated be-
cause infrastructure owners and operators, having the expertise and in-
centive, are best positioned to protect against and detect infrastructure
attacks. Federal government involvement is needed to facilitate collec-
tion and dissemination of information about tools, threats, and intent.
The federal government also is ideally situated for detection of coordi-
nated attacks, for overseeing defense-in-depth and defenses across infra-
structures, and for reducing the possibility that disturbances or attacks
could propagate within and across critical infrastructures.
Broad public awareness regarding the nature and extent of cyber-
threats is a necessary part of any defense that hinges on private-sector
participation. Programs were recommended to elevate public awareness
of infrastructure threats, vulnerabilities, and interdependencies. The com-
mission also recommended considering legislation that would enable fed-
eral and private-sector responses to infrastructure vulnerabilities and at-
tacks. The government was also counseled by the commission to serve as
a role model for the private sector in the use of standards and best prac-
tices, taking precautions that are proportionate to the threat and the value
of what is being protected. Substantially increased support for research
was recommended by the commission; the present level of funding3 was
deemed insufficient for future needs (Davis, 1997~. Federal support is
crucial for sound business reasons, the private sector is not likely to
invest significant resources in longer-term research that could fuel needed
advances. The research and development vision articulated by the com-
mission starts with $500 million for fiscal year 1999 and climbs to $1
billion in 2004 for government-sponsored basic research; and the vision
has the private sector using that basic research to create new technology
for infrastructure protection.
The commission suggests a range of research topics. Those concerning
networked computer systems and cyber-threats include the following:
· Information assurance: The effective protection of the communica-
tions infrastructure and the information created, stored, processed, and
transmitted on it.
2The report notes that attackers, tools are becoming more advanced and more accessible,
so less skill is needed to launch ever more sophisticated attacks. Moreover, the increasing
interconnectivity and complexity of critical infrastructures increase their vulnerability.
3Government funding was estimated at $150 million per year and industrial funding at $1
billion to $1.5 billion per year.
OCR for page 289
APPENDIX F
289
· Monitoring and threat detection: Reliable automated monitoring and
detection systems, timely and effective information collection technolo-
gies, and efficient data reduction and analysis tools for identifying and
characterizing localized or coordinated large-scale attacks against infra-
structure.
· Vulnerability assessment and systems analysis: Methods and tools to
identify critical nodes within infrastructures, to examine infrastructure
interdependencies, and to help understand the behavior of complex sys-
tems.
· Risk management and decision support: Methods and tools to help
decision makers prioritize the use of finite resources to reduce risk.
· Protection and mitigation: System control and containment and iso-
lation technologies to protect systems against the spectrum of threats.
· Contingency planning, incident response, and recovery: Methods and
tools for planning for, responding to, and recovering from incidents such
as natural disasters and physical and cyber-based attacks that affect local
or national infrastructures.
CRYPTOGRAPHY'S ROLE IN SECURING
THE INFORMATION SOCIETY
A number of mechanisms for enhancing information system trust-
worthiness depend on the use of cryptography. Cryptography, however,
is a double-edged sword. It can help legitimate businesses and law-
abiding citizens keep information confidential, but it can help organized
crime and terrorists keep information confidential. Conflict between the
protection of confidential information for legitimate businesses and law-
abiding citizens and the need for law enforcement and intelligence agen-
cies to obtain information has fueled a U.S. policy debate concerning both
import/export restrictions and domestic deployment of cryptography.
The issues are subtle. They were explored during an 18-month study
by the National Research Council's Computer Science and Telecommuni-
cations Board (CSTB) the so-called CRISIS report (an acronym of the
report's full title) edited by Dam and Lin (CSTB, 1996) that was com-
pleted just as the present NIS trustworthiness study was getting under
way. Bringing together a wide range of perspectives on the subject, the
CRISIS report concluded that the then-current U.S. cryptography policy4
was not adequate to support the information security requirements of an
information society. Although acknowledging that increased use of cryp-
tography placed an increased burden on law enforcement and intelli
4The report was released in May 1996.
OCR for page 290
290
APPENDIX F
gence activities, the CRISIS report asserted that the interests of the nation
overall would be best served by a policy that fosters a judicious transition
toward broad use of cryptography.
CRISIS does not make recommendations for further research, so it is
unlike the other studies just surveyed. What CRISIS does say is directly
relevant to the present study in two ways. First, the existence of CRISIS
helped delimit the scope of the present study. With CRISIS in hand, the
present study was freed to concentrate on other aspects of information
systems trustworthiness. Second, CRISIS provides a foundation for the
present study's discussions about cryptography policy and its implica-
tions regarding widespread deployment of cryptography. As discussed
in Chapters 2, 4, and 6 of the present study, the broad availability of
cryptography can affect how NIS trustworthiness problems are solved.
REFERENCES
Computer Science and Telecommunications Board (CSTB), National Research Council.
1991. Computers at Risk: Safe Computing in the Information Age. Washington, DC:
National Academy Press.
Computer Science and Telecommunications Board (CSTB), National Research Council.
1996. Cryptography's Role in Securing the Information Society, Kenneth W. Dam and
Herbert S. Lin, eds. Washington, DC: National Academy Press.
Davis, John C. 1997. (Draft) Research and Development Recommendations for Protecting and
Assuring Critical National Infrastructures. Washington, DC: President's Commission on
Critical Infrastructure Protection, December 7.
Defense Science Board. 1996. Report of the Defense Science Board Task Force on Information
Warfare Defense (IW-D). Washington, DC: Office of the Under Secretary of Defense for
Acquisition and Technology, November 21.
President's Commission on Critical Infrastructure Protection (PCCIP). 1997. Critical Foun
dations: Protecting America's Infrastructures. Washington, DC: PCCIP, October.
Representative terms from entire chapter:
information warfare
