Trust in Cyberspace (1999) / Chapter Skim
Currently Skimming:
1 Introduction
1 Introduction
Pages 12-25
The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.
From page 12... ...
That dependence, with its new levels and kinds of vulnerabilities, is attracting growing attention from government and industry. Within the last 2 years, the Office of Science and Technology Policy in the White House, the President's National Security Telecommunications Advisory Committee, the President's Commission on Critical Infrastructure Protection, the Defense Science Board, and the General Accounting Office have each issued reports on the vulnerabilities of networked information systems.~ Congressional hearings,2 articles in the popular press, and concern 1See Cybernation: The American Infrastructure in the Information Age: A Technical Primer on Risks and Reliability (Executive Office of the President, 1997)
|
From page 13... ...
And since research takes time to bear fruit, the nation's dependence on networked information systems will greatly exceed their trustworthiness unless this research is initiated soon. Articulating an agenda for that research is the primary goal of this study; that detailed agenda and its rationale constitute the core of this report.
|
From page 14... ...
The trustworthiness of an NIS encompasses correctness, reliability, security (conventionally including secrecy, confidentiality, integrity, and availability) , privacy, safety, and survivability (see Appendix K for definitions of these terms)
|
From page 15... ...
Requirements invariably change through the development process, and the definition of system correctness changes accordingly. 7The computer Emergency Response Team ~CERTy/Coordination center ~cc' is an element of the Networked systems Survivability Program in the Software Engineering Institute at Carnegie Mellon university.
|
From page 16... ...
Errors made in the operation of a system also can lead to systemwide disruption. NISs are complex, and human operators err: an operator installing a corrupted top-level domain name server database at Network Solutions effectively wiped out access to roughly a million sites on the Internet in fuly 1997 (Wayner, 1997~; an employee's uploading of an incorrect set of translations into a Signaling System 7 processor led to a 90minute network outage for AT&T toll-free telephone service in September 1997 (Perillo, 1997~.
|
From page 17... ...
Finally, there are the effects of hostile attacks on NIS trustworthiness and on perceptions of NIS trustworthiness. Evidence abounds that the Internet and the public telephone networks not only are vulnerable to attacks but also are being penetrated with some frequency.
|
From page 18... ...
According to FBI Director Louis Freeh speaking at the March 1997 Computer Crime Conference in New York City, a Swedish hacker shut down a 911 emergency call system in Florida for an hour (Milton, 1997~. And in March of 1997, a series of commands sent from a hacker's personal computer disabled vital services to the Federal Aviation Administration control tower at the Worcester, Massachusetts, airport (Boston Globe, 1998~.
|
From page 19... ...
demonstrated that computers controlling electric power distribution are, in fact, accessible from the Internet. It is doubtless only a matter of time before the control network for the public telephone network is discovered to be similarly connected having just one computer connected (directly or indirectly)
|
From page 20... ...
Based substantially on the commission's recommendations and findings, Presidential Decision Directive 63 (White House National Security Council, 1998) outlines a procedure and administrative structure for developing a national infrastructure protection plan.
|
From page 21... ...
And the need to simultaneously support all of the dimensions of trustworthiness invites reconsidering known approaches for individual dimensions of trustworthiness with an eye toward possible interactions. The Internet and public telephone network figured prominently in the study committee's thinking, and that emphasis is reflected in Chapter 2 of this report.
|
From page 22... ...
Second, the high cost of building a global communications infrastructure from the ground up implies that one or both of these two networks is likely to furnish communications services for most other NISs.ll With such a pivotal role, the trustworthiness and vulnerabilities of these communications fabrics need to be understood. Commercial software packages and systems and not systems custom-built from scratch are also a central subject of this report, as is most evident in Chapter 3 on software development.
|
From page 23... ...
What is being sought can be achieved today for single dimensions of trustworthiness, lending some credibility to the vision being articulated. For example, highly reliable computing systems are routinely constructed from unreliable components (by using replication)
|
From page 24... ...
1997. "Main Event: Power Outages Flag Technology Overload, Rule-making Gaps," IEEE Spectrum, 1997 Technology Analysis and Forecast.
|
From page 25... ...
1996. Information Security Computer Attacks at Department of Defense Pose Increasing Risks: A Report to Congressional Requesters.
|
Key Terms
This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More
information on Chapter Skim is available.