National Academies Press: OpenBook
Suggested Citation:"Front Matter." National Research Council. 2002. Cybersecurity Today and Tomorrow: Pay Now or Pay Later. Washington, DC: The National Academies Press. doi: 10.17226/10274.
×

Cybersecurity TODAY and TOMORROW

PAY NOW OR PAY LATER

Computer Science and Telecommunications Board

Division on Engineering and Physical Sciences

National Research Council

NATIONAL ACADEMY PRESS
Washington, D.C.

Suggested Citation:"Front Matter." National Research Council. 2002. Cybersecurity Today and Tomorrow: Pay Now or Pay Later. Washington, DC: The National Academies Press. doi: 10.17226/10274.
×

NATIONAL ACADEMY PRESS
2101 Constitution Avenue, N.W. Washington, D.C. 20418

NOTICE: The projects that are the basis of this synthesis report were approved by the Governing Board of the National Research Council, whose members are drawn from the councils of the National Academy of Sciences, the National Academy of Engineering, and the Institute of Medicine. The members of the committees responsible for the final reports of these projects and of the board that produced this synthesis were chosen for their special competences and with regard for appropriate balance.

Core support for the Computer Science and Telecommunications Board (CSTB) is provided by its public and private sponsors, which include federal agencies (the Air Force Office of Scientific Research, Defense Advanced Research Projects Agency, Department of Energy, National Aeronautics and Space Administration, National Institute of Standards and Technology, National Library of Medicine, National Science Foundation, and the Office of Naval Research); the Vadasz Family Foundation; and an evolving mix of charitable corporate and individual contributions. Sponsors enable but do not influence CSTB’s work. Any opinions, findings, conclusions, or recommendations expressed in this publication are those of the authors and do not necessarily reflect the views of the organizations or agencies that provide support for CSTB.

International Standard Book Number 0-309-08312-5

Additional copies of this report are available from the Computer Science and Telecommunications Board, National Research Council, 2101 Constitution Avenue, N.W., Washington, DC 20418. Call 202-334-2605 or e-mail the CSTB at cstb@nas.edu. This report is also available online at <http://www.cstb.org>.

Copyright 2002 by the National Academy of Sciences. All rights reserved.

Printed in the United States of America

Suggested citation: Computer Science and Telecommunications Board, Cybersecurity Today and Tomorrow: Pay Now or Pay Later, National Academy Press, Washington, D.C., 2002.

The National Academies intend for this document to be disseminated as far and as widely as possible, and you are encouraged to do so. To obtain permission to reproduce, reprint, or disseminate this document or portions of it (and it is the intent of the National Academies to grant such permission for noncommercial purposes routinely and promptly), please apply in writing to Dick Morris, Permissions Manager, National Academy Press, by e-mail (dmorris@nas.edu) or fax (202-334-2793), or phone 202-334-3335 for further information.

Suggested Citation:"Front Matter." National Research Council. 2002. Cybersecurity Today and Tomorrow: Pay Now or Pay Later. Washington, DC: The National Academies Press. doi: 10.17226/10274.
×

THE NATIONAL ACADEMIES

National Academy of Sciences

National Academy of Engineering

Institute of Medicine

National Research Council

The National Academy of Sciences is a private, nonprofit, self-perpetuating society of distinguished scholars engaged in scientific and engineering research, dedicated to the furtherance of science and technology and to their use for the general welfare. Upon the authority of the charter granted to it by the Congress in 1863, the Academy has a mandate that requires it to advise the federal government on scientific and technical matters. Dr. Bruce M. Alberts is president of the National Academy of Sciences.

The National Academy of Engineering was established in 1964, under the charter of the National Academy of Sciences, as a parallel organization of outstanding engineers. It is autonomous in its administration and in the selection of its members, sharing with the National Academy of Sciences the responsibility for advising the federal government. The National Academy of Engineering also sponsors engineering programs aimed at meeting national needs, encourages education and research, and recognizes the superior achievements of engineers. Dr. Wm. A. Wulf is president of the National Academy of Engineering.

The Institute of Medicine was established in 1970 by the National Academy of Sciences to secure the services of eminent members of appropriate professions in the examination of policy matters pertaining to the health of the public. The Institute acts under the responsibility given to the National Academy of Sciences by its congressional charter to be an adviser to the federal government and, upon its own initiative, to identify issues of medical care, research, and education. Dr. Kenneth I. Shine is president of the Institute of Medicine.

The National Research Council was organized by the National Academy of Sciences in 1916 to associate the broad community of science and technology with the Academy’s purposes of furthering knowledge and advising the federal government. Functioning in accordance with general policies determined by the Academy, the Council has become the principal operating agency of both the National Academy of Sciences and the National Academy of Engineering in providing services to the government, the public, and the scientific and engineering communities. The Council is administered jointly by both Academies and the Institute of Medicine. Dr. Bruce M. Alberts and Dr. Wm. A. Wulf are chairman and vice chairman, respectively, of the National Research Council.

Suggested Citation:"Front Matter." National Research Council. 2002. Cybersecurity Today and Tomorrow: Pay Now or Pay Later. Washington, DC: The National Academies Press. doi: 10.17226/10274.
×

COMPUTER SCIENCE AND TELECOMMUNICATIONS BOARD

DAVID D. CLARK,

Massachusetts Institute of Technology,

Chair

DAVID BORTH,

Motorola Labs

JAMES CHIDDIX,

AOL Time Warner

JOHN M. CIOFFI,

Stanford University

ELAINE COHEN,

University of Utah

W. BRUCE CROFT,

University of Massachusetts at Amherst

THOMAS E. DARCIE,

AT&T Labs Research

JOSEPH FARRELL,

University of California at Berkeley

JEFFREY M. JAFFE,

Bell Laboratories, Lucent Technologies

ANNA KARLIN,

University of Washington

BUTLER W. LAMPSON,

Microsoft Corporation

EDWARD D. LAZOWSKA,

University of Washington

DAVID LIDDLE,

U.S. Venture Partners

TOM M. MITCHELL,

Carnegie Mellon University

DONALD NORMAN,

Nielsen Norman Group

DAVID A. PATTERSON,

University of California at Berkeley

HENRY (HANK) PERRITT,

Chicago-Kent College of Law

BURTON SMITH,

Cray Inc.

TERRY SMITH,

University of California at Santa Barbara

LEE SPROULL,

New York University

JEANNETTE M. WING,

Carnegie Mellon University

MARJORY S. BLUMENTHAL, Director

HERBERT S. LIN, Senior Scientist

ALAN S. INOUYE, Senior Program Officer

JON EISENBERG, Senior Program Officer

LYNETTE I. MILLETT, Program Officer

CYNTHIA PATTERSON, Program Officer

STEVEN WOO, Program Officer

DAVID PADGHAM, Research Associate

JANET BRISCOE, Administrative Officer

MARGARET HUYNH, Senior Project Assistant

DAVID DRAKE, Senior Project Assistant

JANICE SABUDA, Senior Project Assistant

JENNIFER BISHOP, Senior Project Assistant

BRANDYE WILLIAMS, Staff Assistant

   

NOTE: For more information on CSTB, see its Web site at <http://www.cstb.org>, or write to CSTB, National Research Council, 2101 Constitution Avenue, N.W., Washington, DC 20418, call at (202) 334-2605, or e-mail the CSTB at cstb@nas.edu.

Suggested Citation:"Front Matter." National Research Council. 2002. Cybersecurity Today and Tomorrow: Pay Now or Pay Later. Washington, DC: The National Academies Press. doi: 10.17226/10274.
×

Preface

Starting with the publication of the report Computers at Risk: Safe Computing in the Information Age in 1991 (National Academy Press, Washington, D.C.), the Computer Science and Telecommunications Board (CSTB) has examined the issue of computer and communications security a number of times, from a number of perspectives. While there has been progress in security, it is a sad commentary on the state of the world that what CSTB wrote more than 10 years ago is still timely and relevant. For those who work in computer security, there is a deep frustration that research and recommendations do not seem to translate easily into deployment and utilization.

The events of September 11, 2001, suggest—indeed demand—that we take a renewed look at the security and robustness of our nation’s infrastructure. Now, if ever, we see the importance of having critical systems resistant to attack and serviceable in times of crisis. From our telephone system to air traffic control to the Internet, we will be greatly harmed if these systems fail us just when we need them most.

The vulnerabilities are not new, only freshly brought into focus. And the approaches that will mitigate these threats are not unknown, only underutilized. So CSTB has taken the approach of drawing on its past work to point out that much of what we need to do is available to us now, if only we choose to act.

The staff of the CSTB have assembled this report from the broad base of its existing reports. Herb Lin deserves special thanks for the effort necessary to produce this report quickly.

David D. Clark, Chair

Computer Science and

Telecommunications Board

Suggested Citation:"Front Matter." National Research Council. 2002. Cybersecurity Today and Tomorrow: Pay Now or Pay Later. Washington, DC: The National Academies Press. doi: 10.17226/10274.
×
This page in the original is blank.
Suggested Citation:"Front Matter." National Research Council. 2002. Cybersecurity Today and Tomorrow: Pay Now or Pay Later. Washington, DC: The National Academies Press. doi: 10.17226/10274.
×

Acknowledgment of Reviewers

This report was reviewed in draft form by individuals chosen for their diverse perspectives and technical expertise, in accordance with procedures approved by the National Research Council’s (NRC’s) Report Review Committee. The purpose of this independent review is to provide candid and critical comments that will assist the institution in making the published report as sound as possible and to ensure that the report meets institutional standards for objectivity, evidence, and responsiveness to the study charge. The review comments and draft manuscript remain confidential to protect the integrity of the deliberative process. We wish to thank the following individuals for their participation in the review of this report:

Steven Bellovin, AT&T Labs Research,

Thomas Berson, Anagram Laboratories,

John Davis, Mitretek Systems Inc.,

Carl Landwehr, National Science Foundation,

Fred Schneider, Cornell University, and

Willis Ware, RAND Corporation.

Although the reviewers listed above have provided many constructive comments and suggestions, they were not asked to endorse the conclusions or recommendations, nor did they see the final draft of the report before its release. The review of this report was overseen by Gerry Dinneen. Appointed by the NRC’s Report Review Committee, he was

Page viii Cite
Suggested Citation:"Front Matter." National Research Council. 2002. Cybersecurity Today and Tomorrow: Pay Now or Pay Later. Washington, DC: The National Academies Press. doi: 10.17226/10274.
×

responsible for making certain that an independent examination of this report was carried out in accordance with institutional procedures and that all review comments were carefully considered. Responsibility for the final content of this report rests entirely with the Computer Science and Telecommunications Board and the National Research Council.

Suggested Citation:"Front Matter." National Research Council. 2002. Cybersecurity Today and Tomorrow: Pay Now or Pay Later. Washington, DC: The National Academies Press. doi: 10.17226/10274.
×
Page R1
Suggested Citation:"Front Matter." National Research Council. 2002. Cybersecurity Today and Tomorrow: Pay Now or Pay Later. Washington, DC: The National Academies Press. doi: 10.17226/10274.
×
Page R2
Suggested Citation:"Front Matter." National Research Council. 2002. Cybersecurity Today and Tomorrow: Pay Now or Pay Later. Washington, DC: The National Academies Press. doi: 10.17226/10274.
×
Page R3
Suggested Citation:"Front Matter." National Research Council. 2002. Cybersecurity Today and Tomorrow: Pay Now or Pay Later. Washington, DC: The National Academies Press. doi: 10.17226/10274.
×
Page R4
Suggested Citation:"Front Matter." National Research Council. 2002. Cybersecurity Today and Tomorrow: Pay Now or Pay Later. Washington, DC: The National Academies Press. doi: 10.17226/10274.
×
Page R5
Suggested Citation:"Front Matter." National Research Council. 2002. Cybersecurity Today and Tomorrow: Pay Now or Pay Later. Washington, DC: The National Academies Press. doi: 10.17226/10274.
×
Page R6
Suggested Citation:"Front Matter." National Research Council. 2002. Cybersecurity Today and Tomorrow: Pay Now or Pay Later. Washington, DC: The National Academies Press. doi: 10.17226/10274.
×
Page R7
Page viii Cite
Suggested Citation:"Front Matter." National Research Council. 2002. Cybersecurity Today and Tomorrow: Pay Now or Pay Later. Washington, DC: The National Academies Press. doi: 10.17226/10274.
×
Page R8
Suggested Citation:"Front Matter." National Research Council. 2002. Cybersecurity Today and Tomorrow: Pay Now or Pay Later. Washington, DC: The National Academies Press. doi: 10.17226/10274.
×
Page R9
Suggested Citation:"Front Matter." National Research Council. 2002. Cybersecurity Today and Tomorrow: Pay Now or Pay Later. Washington, DC: The National Academies Press. doi: 10.17226/10274.
×
Page R10
Next: 1 Cybersecurity Today and Tomorrow »
Cybersecurity Today and Tomorrow: Pay Now or Pay Later Get This Book
×
Buy Paperback | $21.00 Buy Ebook | $16.99
MyNAP members save 10% online.
Login or Register to save!
Download Free PDF

This report reviews past NRC studies that have examined various dimensions of computer and network security and vulnerability and brings the results forward into the context of the current environment of security and vulnerability. The review includes work done since 1991, such as Computers at Risk (1991), Cryptography’s Role in Securing the Information Society (1996), For the Record: Protecting Electronic Health Information (1997), Trust in Cyberspace (1999), Continued Review of the Tax Systems Modernization of the Internal Revenue Service (1996), Realizing the Potential of C4I (1999), and Embedded, Everywhere (2001).

  1. ×

    Welcome to OpenBook!

    You're looking at OpenBook, NAP.edu's online reading room since 1999. Based on feedback from you, our users, we've made some improvements that make it easier than ever to read thousands of publications on our website.

    Do you want to take a quick tour of the OpenBook's features?

    No Thanks Take a Tour »
  2. ×

    Show this book's table of contents, where you can jump to any chapter by name.

    « Back Next »
  3. ×

    ...or use these buttons to go back to the previous chapter or skip to the next one.

    « Back Next »
  4. ×

    Jump up to the previous page or down to the next one. Also, you can type in a page number and press Enter to go directly to that page in the book.

    « Back Next »
  5. ×

    Switch between the Original Pages, where you can read the report as it appeared in print, and Text Pages for the web version, where you can highlight and search the text.

    « Back Next »
  6. ×

    To search the entire text of this book, type in your search term here and press Enter.

    « Back Next »
  7. ×

    Share a link to this book page on your preferred social network or via email.

    « Back Next »
  8. ×

    View our suggested citation for this chapter.

    « Back Next »
  9. ×

    Ready to take your reading offline? Click here to buy this book in print or download it as a free PDF, if available.

    « Back Next »
Stay Connected!