National Academies Press: OpenBook
« Previous: 4. Toxic Chemicals and Explosive Materials
Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×

5
Information Technology

INTRODUCTION

Information technology (IT) is essential to virtually all of the nation’s critical infrastructures, which makes any of them vulnerable to a terrorist attack on the computer or telecommunications networks of those infrastructures. IT plays a critical role in managing and operating nuclear-power plants, dams, the electric-power grid, the air-traffic-control system, and financial institutions. Large and small companies rely on computers to manage payroll, track inventory and sales, and perform research and development. Every stage of the distribution of food and energy, from producer to retail consumer, relies on computers and networks. A more recent trend is the embedding of computing capability in all kinds of devices and environments, as well as the networking of embedded systems into larger systems.1 These realities make the computer and communications systems of the nation a critical infrastructure in and of themselves, as well as major components of other kinds of critical infrastructure, such as energy or transportation systems.

The IT infrastructure can be conceptualized as four major elements: the Internet, the telecommunications infrastructure, embedded/real-time computing (e.g., avionics systems for aircraft control, SCADA systems controlling electrical energy distribution), and dedicated computing devices (e.g., desktop computers). Each of these plays a different role in national life and each has different vulnerabilities.

1  

See CSTB (2001a). Note that most CSTB reports contain many references to relevant literature and additional citations.

Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×

IT can also play a major role in the prevention, detection, and mitigation of terrorist attacks.2 By enabling wider awareness of critical information in the intelligence community,3 IT may facilitate the identification of important patterns of behavior. Advances in information fusion, which is the aggregation of data from multiple sources for the purpose of discovering some insight, may be able to help in uncovering terrorists or their plans in time to prevent attacks. In addition to prevention and detection, IT may also enable rapid and accurate identification of the nature of an attack and aid in responding more quickly.

THREATS ASSOCIATED WITH IT INFRASTRUCTURE

When the IT infrastructure is attacked, the target can be the IT itself. Alternatively, the true target of the terrorist may be another of our society’s infrastructures, and the terrorist can either launch or exacerbate the attack by exploiting the IT infrastructure, or use it to interfere with attempts to achieve a timely and effective response. Thus, IT is both a target and a weapon that can be deployed against other targets.

A terrorist attack that involves the IT infrastructure can operate in one of three different modes. First, the attack can come in “through the wires” alone. Second, it can include the physical destruction of some IT element, such as a critical data center or communications link. Third, the attack can rely on the compromising of a trusted insider who, for instance, provides passwords that permit outsiders to gain entry.4 All of these modes are possible and, because of the highly public nature of our IT infrastructure and of our society in general, impossible to fully secure. Nor are they mutually exclusive—and in practice they can be combined to produce even more destructive effects.

Most of the nation’s civil communications and data network infrastructure offer soft IT targets, but they tend to be localized either geographically or in mode of communication, and if no physical damage is done tend to be recoverable in a relatively short time. One can imagine the use of IT as the weapon in a series of relatively local attacks that are repeated against different targets—banks, hospitals, or local government services—so often that public confidence is shaken and significant economic disruption results. This report is focused on catastrophic terrorism, and the committee’s analysis is aimed at identifying those threats in particular and proposing S&T strategies for combating them. Of course, serious efforts are needed to employ security technologies that research might generate to harden all elements of the IT infrastructure to reduce the damage potential for such repeated attacks.

2  

CSTB (1996, 1999a).

3  

The intelligence community includes the CIA, FBI, NSA, and a variety of other agencies in the DOD and other departments.

4  

See CSTB (1999b).

Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×

IT Attack as an Amplifier of a Physical Attack

Given IT’s critical role in many other elements of the national infrastructure and in responding to a crisis, the targeting of IT as part of a multipronged attack scenario could have catastrophic consequences. Compromised IT can have several disastrous effects: expansion of terrorists’ opportunities to widen the damage of a physical attack (for example, by providing false information that drives people toward rather than away from the point of attack); diminishment of timely responses to the attack (by interfering with communications systems of first responders); and heightened terror in the population through misinformation (by providing false information about the nature of the threat). The techniques to compromise key IT systems—e.g., launching distributed denial-of-service (DDOS) attacks against Web sites and servers of key government agencies at the federal, state, and local levels, using DDOS to disrupt agencies’ telephone services and the emergency-response 911 system, or sending e-mails containing false information with forged return addresses so they appear to be from trusted sources—are fairly straightforward and widely known.

Other Possibilities for Attack Using IT

When an element of the IT infrastructure is directly targeted, the goal is to destroy a sufficient amount of IT-based capability to have a significant impact. For example, one might imagine attacks on the computers and data storage devices associated with important facilities. Irrecoverable loss of critical operating data and essential records on a large scale would likely result in catastrophic and irreversible damage to U.S. society. While no law of physics prevents the simultaneous destruction of all data backups and backup facilities in all locations, such an attack would be highly complex and difficult to execute, and is thus implausible.

The infrastructure of the Internet is another possible target, and given its prominence, may appeal to terrorists as an attractive target. The Internet could be seriously degraded for a relatively short period of time by a denial-of-service attack, but this is unlikely to be long lasting. The Internet itself is a densely connected network of networks,5 which means that a large number of important nodes would have to be destroyed simultaneously to bring it down for an extended period of time. Destruction of some key Internet nodes would result in slowed traffic across the Internet, but the ease with which Internet communications can be rerouted would minimize the long-term damage.6 (In this regard, the

5  

See CSTB (2001b). Note, however, that the amount of redundancy is primarily limited by economic factors.

6  

This comment largely applies to U.S. use of the Internet. It is entirely possible that other nations—whose traffic is often physically routed through the United States through one or two locations—would fare much worse in this scenario.

Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×

fact that substantial data-networking services survived the September 11 disaster despite the destruction of large amounts of equipment concentrated in the World Trade Center complex reflected redundancies in the infrastructure (and a measure of good fortune as well).)

Higher leverage could be obtained with a “through-the-wires” attack that would require the physical replacement of components in Internet relay points on a large scale, though such attacks would be much harder to plan and execute. Another attack that would provide greater leverage is on the Domain Name System (DNS), which provides translation for the Internet of domain names (e.g., example.com) to specific IP addresses (which denote specific Internet nodes). There are a relatively small number of “root name servers” that provide these translation services, and while the DNS is configured to provide redundancy in case of accidental failure, it has some vulnerability to an intentional physical attack that might target all name servers simultaneously. Though Internet operations would not halt instantly, an increasing number of sites would, over a period of time measured in hours to days, become inaccessible without root name servers to provide authoritative translation information. On the other hand, recovery from such an attack would be unlikely to take more than several days, since the servers themselves are general-purpose computers that are in common use.

A second point to consider is that most companies today do not rely on the Internet to carry out their core business functions. Even if a long-term disruption to the Internet were a major disruption to an e-commerce company such as Amazon.com, most other companies could resort to using phones and faxes again to replace the Internet for many important functions. (For example, the Department of the Interior was largely off the Internet since the beginning of December 2001,7 and it continues to operate more or less as usual.) Because the Internet is not (yet) central to most of American society, the impact of even severe damage to the Internet is less than what might be possible through other modes of attack.

The telecommunications infrastructure of the public switched network is likely to be less robust. Although the long-haul telecommunications infrastructure is capable of dealing with single-point failures in such centers (and perhaps even double-point failures), the physical redundancy in that infrastructure is not infinite, and taking out a relatively small number of major switching centers for long-distance telecommunications could result in a fracturing of the United States into disconnected regions.8 An additional vulnerability in this telecommunica-

7  

Jennifer Disabatino. 2001. “Court Order Shuts Down Dept. of Interior Web Sites,” COMPUTERWORLD, December 17. Available online at <http://www.computerworld.com/storyba/0,4125,NAV47_STO66665,00.html>.

8  

An exacerbating factor is that many organizations rely on leased lines to provide high(er)-assurance connectivity. However, these lines are typically leased from providers of telecommunications infrastructure, and hence suffer from many of the same kinds of vulnerabilities as ordinary lines.

Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×

tions infrastructure is the local loop connecting central switching offices to end users—full recovery from the destruction of a central office entails the tedious rewiring of tens or hundreds of thousands of individual connections. Destruction of central offices on a large scale is difficult, simply because even an individual city has many of them, but destruction of a few central offices associated with key facilities or agencies (e.g., those of emergency response agencies, or of the financial district) would certainly have a significant immediate, though localized, impact.

The IT systems and networks supporting the nation’s financial system are undeniably critical. However, banking transactions occur through separate networks such as SWIFT and CHIPS; attacks on these networks would require significantly more effort and risk to plan and implement than comparable assaults on the open Internet. For example, successful attacks on SWIFT and CHIPS would likely necessitate significant insider access.9

Embedded/real-time computing in specific systems could be attacked. One example is the possibility of corruption over time, much as a Y2K bug was built into many embedded real-time systems. Of particular concern could be avionics in airplanes, collision avoidance systems in automobiles, and other transportation systems. Such attacks would require a significant insider presence in technically responsible positions in key sectors of the economy over long periods of time.

A second type of attack on embedded computing is illustrated by the notion of an attack on the systems controlling elements of the nation’s critical infrastructure, e.g., the electric-power grid, the air-traffic-control system, the financial network, and water purification and delivery. An attack on these systems could trigger an event and perhaps stimulate an inappropriate response to the event that drives the system into a catastrophic state. The discussion below, presented as an example, focuses on the electric-power grid10—in particular, on the supervisory control and data acquisition (SCADA) systems that underlie IT’s control of the electric-power grid—but similar considerations apply to other parts of the nation’s infrastructure.

9  

The fact that these networks are separate and physically distinct from those of the Internet and the public switched telecommunications network reduces the risk of penetration considerably. In addition, security consciousness is much higher in financial networks than on the Internet. On the other hand, the fact that these networks are much smaller than the Internet suggests that there is less redundancy in them and that the computing platforms are likely to be less diverse than the platforms on the Internet, a factor that tends to reduce their security characteristics as compared to those of the Internet.

10  

Note that the electric power grid is one of the few, if not the only, truly “national” infrastructures in which it is theoretically possible that a failure in a region could cascade to catastrophic proportions before it could be dealt with.

Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×

Box 5.1 describes some of the security issues associated with SCADA systems. Attacks on SCADA systems could obviously result in disruption of the network (“soft” damage), but because SCADA is used to control physical elements, such attacks could also result in irreversible physical damage. In those cases where backups for the damaged components were not readily available (and might have to be remanufactured from scratch), such damage could have long-lasting impact.

An electronic attack on a portion of the electric-power grid could result in significant damage, easily comparable to that associated with a local blackout. The real leverage of such an attack would likely be in amplifying the damage and costs associated with a physical attack on some other element of the critical infrastructure.

Another disaster scenario that could rise to the level of catastrophic damage would be an attack on a local or regional power system that cascades to shut down electrical power, possibly with physical damage that could take weeks to repair, over a much wider area. On the other hand, it is unclear whether such an attack could actually be mounted, and a detailed study both of SCADA systems and the electric-power system is probably required in order to assess this possibility. The committee notes, however, that because of the inordinate complexity of the nation’s electric-power grid, the effects on the overall grid of a major disruptive event in one part of the system are difficult to predict with any confidence (both for grid operators and terrorists). Thus, any nonlocalized impact on the power grid would be as much a matter of chance as a foreseeable consequence. (See Chapter 6 for a further discussion on electric power vulnerabilities.)

In many of the same ways as embedded computing could be attacked, dedicated computers could also be corrupted in hard-to-detect ways. One possible channel arises from the extensive use of foreign IT talent among software vendors. Once working on the inside, perhaps after a period of years in which they act to gain responsibility and trust, it could happen that these individuals would be able to introduce additional but unauthorized functionality into systems that are widely used. Under such circumstances, their target might not be the general-purpose computer used in the majority of offices around the country, but rather the installation of hidden rogue code in particular sensitive offices. Another channel arises from the connection of computers through the Internet; such connections provide a potential route through which terrorists might attack computer systems that do provide important functionality for many sectors of the economy. (It is likely that Internet-connected computer systems that provide critical functionality to companies and organizations are better protected through firewalls and other security measures than the average system on the Internet, but as press reports in recent years make clear, such measures do not guarantee that outsiders cannot penetrate them.)

Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×

BOX 5.1
Security Vulnerabilities and Problems of SCADA Systems

Today’s supervisory control and data acquisition (SCADA) systems have been designed with little or no attention to security. For example, data in SCADA systems are often sent “in the clear.” Protocols for accepting commands are open, with no authentication required. Control channels are often wireless or leased lines that pass through commercial telecommunications facilities. For example, unencrypted radio-frequency command pathways to SCADA systems are common and, for economic reasons, the Internet itself is increasingly used as a primary command pathway. Thus, there is minimal protection against the forgery of control messages or of data and status messages. Such control paths present obvious vulnerabilities.

In addition, today’s SCADA systems are built from commercial off-the-shelf components and are based on operating systems that are known to be insecure. Deregulation has meant placing a premium on the efficient use of existing capacity, and hence interconnections to shift supply from one location to another have increased. Problems of such distributed dynamic control, in combination with the complex, highly interactive nature of the system being controlled, have become major issues in operating the power grid reliably.

A final problem arises because of the real-time nature of SCADA systems, in which timing may be critical to performance and optimal efficiency (timing is important because interrupts and other operations can demand millisecond accuracy): Security add-ons in such an environment can complicate timing estimates and can cause severe degradation to SCADA performance.

Compounding the difficulty of SCADA systems’ tasks is the fact that information about their vulnerability is so readily available. Such information was first brought into general view in 1998-1999, when numerous details on potential Y2K problems were put up on the World Wide Web. Additional information of greater detail—dealing with potential attacks that were directly or indirectly connected to the President’s Commission on Critical Infrastructure Protection—was subsequently posted on Web pages as well. Product data and educational videotapes from engineering associations can be used to familiarize potential attackers with the basics of the grid and with specific elements. Information obtained through semiautomated reconnaissance to probe and scan the networks of a variety of power suppliers could provide terrorists with detailed information about the internals of the SCADA network, down to the level of specific makes and models of equipment used and version releases of corresponding software. And more inside information could be obtained from sympathetic engineers and operators.

Disproportionate Impacts

Some disaster scenarios result in significant loss or damage that is all out of proportion to the actual functionality or capability destroyed. In particular, localized damage that results in massive loss of confidence in some critical part of the infrastructure could have such a disproportionate impact. For example, if terror-

Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×

ists were able to make a credible claim that the control software of a popular fly-by-wire airliner was corrupted and could be induced to cause crashes on demand, perhaps demonstrating it once, public confidence in the airline industry might well be undermined. A more extreme scenario might be that the airlines themselves might ground airplanes until they could be inspected and the software validated.

To the extent that critical industries or sectors rely on any element of the IT infrastructure, such disproportionate-impact disaster scenarios are a possibility.

Possibility, Likelihood, and Impact

The scenarios above are necessarily speculative. But it is possible to make some judgments that relate to their likelihood:

  • Attacks that require insider access are harder to mount and thus less likely than attacks that do not. Insiders must be placed or recruited, and insiders are not necessarily entirely trustworthy from the standpoint of the attacker. Individuals with specialized expertise chosen to be placed as infiltrators may not survive the screening process, and because there are a limited number of such individuals, it can be difficult to insert an infiltrator into a target organization. In addition, compared to approaches not relying on insiders, insiders may leave behind more tracks that can call attention to their activities. This judgment depends, of course, on the presumed diligence on the part of employers to ensure that their key IT personnel are trustworthy, but it is worth remembering that the most devastating espionage episodes in recent U.S. history have involved insiders (Aldrich Ames and Robert Hanssen).

  • Attacks that require execution over long periods of time are harder to mount and thus less likely than attacks that do not. Planning often takes place over a long period of time, but the actual execution of a plan can be long as well as short. When a plan requires extended activity that if detected would be regarded as abnormal, it is more likely to be discovered and/or thwarted.

  • Terrorist attacks can be sustained over time as well as occur in individual instances. If the effects of an attack sustained over time (perhaps over months or years) are cumulative, and if the attack goes undetected, the cumulative effects could reach very dangerous proportions. Because such an attack proceeds a little bit at a time, the resources needed to carry it out may well be less than in more concentrated attacks, thus making it more feasible.

  • Plans that call for repeated attacks are less likely than plans that call for single attacks. For example, it is possible that repeated attacks on the Internet could render large parts of it inoperative for extended periods of time. Such an onslaught might be difficult to sustain, however, because it would be readily detected and efforts would be made to counter it. Instead, an adversary with the

Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×

wherewithal to conduct such repeated attacks would be more likely to make the initial strike and then use the recovery period not to stage and launch another strike against the Internet but to attack the physical infrastructure; this could leverage the inoperative Internet to cause additional damage and chaos.

  • Terrorists, like other parties, have limited resources. Thus, they are likely to concentrate their efforts where the impact is largest for the smallest expenditure of resources. For example, terrorists who want to create immediate public fear and terror are more likely to use a physical attack (perhaps in conjunction with an attack using IT to amplify the resulting damage) than an attack that targets IT exclusively. The reason is that the latter is not likely to be as cinematic as other attacks. What would television broadcast? There would be no dead or injured people, no buildings on fire, no panic in the streets, and no emergency-response crews to the rescue. The image of a system administrator typing furiously is simply much less terrifying than images of buildings collapsing.

  • The IT infrastructure (or some element of it) can be a weapon used in an attack on something else as well as the target of an attack. An attack using the IT infrastructure as a weapon has advantages and disadvantages from the point of view of a terrorist planner. It can be conducted at a distance in relative physical safety, in a relatively anonymous fashion, and in potentially undetectable ways. On the other hand, the impact of such an attack (by assumption, some other critical national asset) is indirect, harder to predict, and less certain.

  • State sponsorship of terrorism poses threats of a different and higher order of magnitude, for a variety of reasons that include access to large amounts of financial backing and the ability to maintain an actively adversarial stance at a high level for extended periods of time. For example, state-sponsored terrorism might use the state’s intelligence services to gain access to bribable or politically sympathetic individuals in key decision-making places, or to systematically corrupt production or distribution of hardware or software.

  • Some of the scenarios above are potentially relevant to information warfare attacks against the United States, i.e., attacks launched or abetted by hostile nation-states and/or directed against U.S. military forces or assets. A hostile nation conducting an information attack on the United States is likely to conceal its identity to minimize the likelihood of retaliation, and hence may resort to sponsoring terrorists who can attack without leaving clear national signatures.

While these considerations make certain types of attack more or less likely, none of the scenarios described above can be categorically excluded. This fact argues in favor of a long-term commitment to a strategic R&D program that will contribute to the robustness of the telecommunications and data networks and of the platforms embedded in them. Such a program would involve both fundamental research into the scientific underpinnings of information and network security and the development of deployable technology that would contribute to informa-

Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×

tion and network security. Ultimately, the strengthening of the nation’s IT infrastructure can improve our ability to prevent, detect, respond to, and recover from terrorist attacks on the nation.11

The shape of a strategic research and development agenda is described below. However, it should be noted that this agenda has broad applicability to efforts against terrorism, against information warfare, and against cybercrime. While the scope and complexity of issues with respect to each of these areas may well vary (e.g., an agenda focused on cybercrime may place more emphasis on forensics useful in prosecution), the committee believes that there is enough overlap in the research problems and approaches to make it unwise to articulate a separate R&D agenda for each area.

SHORT-TERM RECOMMENDATIONS

Developing a significantly less vulnerable information infrastructure is an important long-term goal for the country. This long-term goal must focus on the creation of new technologies and paradigms for enhancing security and reducing the impact of security breaches. In the meantime, the IT vulnerabilities of the first-responder network should receive priority attention. Efforts should focus on hardening first responders’ communications capability, as well as those portions of their computing systems devoted to coordination and control of an emergency response.

Existing technology can be used to achieve many of the improvements needed in telecommunications and computing. Unfortunately, the expertise to achieve a more secure system often does not reside within the host organizations—this may be the case, for example, in local and state government. These realities lead, then, to three short-term recommendations:

Short-Term Recommendation 5.1: Develop a program to increase the security of emergency-response agencies’ communications systems against attack, based on the use of existing technologies (perhaps slightly enhanced).

Some possible options include a separate emergency-response communications network that is deployed in the immediate aftermath of a disaster, and the use of the public network to support virtual private networks, with priority given to traffic from emergency responders. Given the fact that emergency-response agencies are largely state and local, no federal agency has the responsibility and authority to carry out this recommendation. Thus it would likely have to rely on incentives (probably financial) to persuade state and local responders to participate.

11  

See CSTB (1996, 1999a).

Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×

Short-Term Recommendation 5.2: Promote the use of best practices in information and network security throughout all relevant public agencies and private organizations.

Nearly all organizations, whether in government or the private sector, could do much better with respect to information and network security than they do today simply by exploiting what is already known about that subject, as discussed at length in Cybersecurity Today and Tomorrow: Pay Now or Pay Later.12 (For example, many technologies for securing IT systems, such as encryption, secure authentication, and the use of private networks for critical communications, are available but not widely deployed.) Those responsible for requiring and implementing such changes range from chief technical (or even executive) officers to system administrators. There is currently no clear locus of responsibility within government to undertake such “promotion” across the private sector—information and network security there is not subject to government regulation—nor even across government itself. The Office of Management and Budget has sought to promote information and network security in the past, but despite its actions the state of information and network security in government agencies remains highly inadequate. In the final analysis, even though the market has largely failed to provide sufficient incentives for the private sector to take adequate action with respect to information and network security, it is likely that market mechanisms will be more successful than regulation in improving the security of the nation’s IT infrastructure, though they have yet to do so. The challenge for public policy is to ensure that such market mechanisms develop.

Short-Term Recommendation 5.3: Ensure that a mechanism exists for providing authoritative IT support to federal, state, and local agencies that have immediate responsibilities for responding to a terrorist attack.

One option is to place the mechanism administratively in existing government or private organizations (e.g., the National Institute of Standards and Technology, the Office of Homeland Security, the Department of Defense, or the Computer Emergency Response Team of the Software Engineering Institute at Carnegie Mellon University); and a second option is to create a national body to coordinate the private sector and local, state, and federal authorities.13 In the short term, a practical option for providing emergency operational support would be to exploit IT expertise in the private sector, much as the armed services draw on the private sector (National Guard and reserve forces) to augment active-duty forces during emergencies. Such a strategy, however, must be a complement to a

12  

CSTB (2002a).

13  

Note that CSTB has a pending full-scale project on information and network security R&D that will address federal funding and structure in much greater detail than is possible in this report.

Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×

more persistent mechanism for providing ongoing IT expertise and assistance to emergency-response agencies.

LONG-TERM RECOMMENDATIONS: INVESTING IN IT RESEARCH

The three areas of IT research described below have significant promise in helping to reduce the likelihood or impact of a terrorist attack:

  1. Information and network security. Research in information and network security is critically relevant to the nation’s counterterrorism efforts for several reasons.14 First, IT attacks can amplify the impact of physical attacks and lessen the effectiveness of emergency responses; reducing such vulnerabilities will require major advances in information and network security. Second, the increasing levels of damage caused by cybercrime and the tendency to rely on the Internet as the primary networking entity both suggest that the likelihood of severe damage through a cyberattack is increasing. Finally, the evolution of the Internet demonstrates increasing homogeneity in hardware and software, which makes it more vulnerable at the same time that it becomes more critical. To address these problems, more researchers and trained professionals focused on information and network security will be needed. Unfortunately, there are currently fewer researchers in these fields than there were a decade ago.15

  2. New IT for emergency response. C3I (command, control, communications, and information) systems are critical to emergency responders for coordinating their efforts and increasing the promptness and effectiveness of response, i.e., saving lives, treating the injured, and protecting property. The issues raised by C3I for emergency response for terrorist disasters differ from those for natural disasters for several reasons. First, the number of responding agencies, including those from the local, regional, state, and federal levels—with possibly conflicting and overlapping areas of responsibility—increases the level of complexity. Second, there is a need to support immediate rescue and medical operations while also securing the site against further attack. Third, the different agencies—such as rescue, law enforcement, intelligence, and security—often have conflicting needs. For example, security issues distinguish terrorist attacks from natural disasters: In the former, security against further attack is essential and must be provided, but security also generally interferes with immediate operations.

  3. New IT for detection, prevention, remediation, and attribution of attacks. Information fusion promises to play a central role in countering future terrorist

14  

CSTB (1990, 1999b, 2001a).

15  

“Boehlert Gives Cyber Security Address at ITAA Forum,” December 12, 2001. Available online at <http://www.house.gov/boehlert/itaaspeech1212.htm>.

Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×

efforts. In every case, information from many sources will have to be acquired, integrated, and appropriately interpreted to support decision makers (ranging from emergency-response units to intelligence organizations). Given the range of formats, the permanence and growing volume of information from each source, and the difficulty of accurately analyzing information from single sources, let alone multiple sources, information fusion offers researchers a challenge.

In each of these areas, discussed in turn below, some knowledge is in hand and partial solutions have been developed. Additional research is needed, however, because these solutions are not sufficiently robust or effective, they degrade performance or functionality too severely, or they are too hard to use or too expensive to deploy.

It must also be noted that although technology is central to all these areas, it is not the sole element of concern. None of the related problems can be solved by technology alone; every solution is subject to the reality of being implemented and operated by humans. These are system issues, where individual, social, and organizational behaviors are part of the system and therefore must be part of the research and design. Technology cannot be studied in isolation from how it is deployed, and failure to attend to the human, political, social, and organizational aspects of solutions will doom technology to failure.

To assist decision makers, the committee has included rough assessments of the criticality of the various research areas identified, the difficulty of particular problems, and the likely time scale on which progress could be made (Table 5.1). The criticality of a research area reflects the vulnerabilities that might be reduced if significant advances in that area were accomplished and deployed; areas are ranked high, medium, or low. The difficulty of the research—that is, how hard it will be to make significant progress—are rated very difficult, difficult, or easy. Finally, the time frame for progress is identified as 1 to 4 years, 5 to 9 years, or 10 years or more. Of course, the deployment of research results also presents obstacles, which may reduce effectiveness or lengthen the time until a research result can become a reality. Finally, a caveat: These assessments are subjective and subject to some debate.

Information and Network Security

A broad overview of some of the major issues in information and network security is contained in the CSTB report Cybersecurity Today and Tomorrow: Pay Now or Pay Later.16

Despite diligent efforts to create an effective perimeter defense for computer and telecommunications systems, penetration by a determined adversary is highly

16  

CSTB (2002a).

Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×

TABLE 5.1 A Taxonomy of Priorities

Category

Criticality

Difficulty

Time Scale for R&D for Significant Progress and Deployment

Improved Information and Network Security

High

Difficult

5-9 years

Detection and identification

High

Difficult

5-9 years

Architecture and design for containment

High

Difficult

5-9 years

Large-system backup and decontamination

High

Difficult

5-9 years

Less buggy code

High

Very difficult

5-9 years

Automated tools for system configuration

High

Difficult

1-4 years

Auditing functionality

Low

Difficult

10+ years

Trade-offs between usability and security

Medium

Difficult

5-9 years

Security metrics

Medium

Difficult

1-4 years

Intelligence gathering

Medium

Difficult

1-4 years

Field studies of security

High

Easy

1-4 years

C3I for Emergency Response

High

Difficult

1-4 years

Ad hoc interoperability

High

Easy

1-4 years

Emergency deployment of communications capacity

High

Easy

1-4 years

Security of rapidly deployed ad hoc networks

Medium

Difficult

5-9 years

Information management and decision support tools

Medium

Difficult

5-9 years

Communications with the public during emergency

High

Difficult

1-4 years

Emergency sensor deployment

High

Easy

1-4 years

Precise location identification

Medium

Difficult

5-9 years

Mapping the physical infrastructure of IT

High

Easy

1-4 years

Characterizing the functionality of regional networks for emergency responders

High

Difficult

1-4 years

Information Fusion

High

Difficult

1-4 years

Data mining

High

Difficult

1-4 years

Data integration

High

Difficult

1-4 years

Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×

Category

Criticality

Difficulty

Time Scale for R&D for Significant Progress and Deployment

Language technologies

High

Difficult

1-4 years

Image and video processing

High

Difficult

5-9 years

Evidence combination

Medium

Difficult

1-4 years

Privacy and Confidentiality

High

Difficult

1-4 years

Planning for the Future

Medium

Difficult

10+ years

likely. Software flaws, lax procedures for creating and guarding passwords, compromised insiders, and nonsecure entry points all lead to the conclusion that watertight perimeters cannot be assumed. Nevertheless, strengthening defensive perimeters is helpful, and this section deals with methodologies (those of today and tomorrow) that can detect or confine an intruder and, if necessary, aid in recovery from attack by taking corrective action. (Box 5.2 describes some of the fundamental principles of defensive strategy.) The technology discussed here, as in other parts of this IT chapter, is applicable both to cyberterrorism and cybercrime. In addition, many advances in information and network security can improve computer systems’ inherent reliability and availability, which are perennial concerns even under ordinary, nonthreat conditions. Such dual-use capability could help generate broader interest in research and development on defensive technology, as well as motivate its incorporation into industry products.

Research to minimize the damage caused by a cyberattack can be grouped in three generic areas: detection and identification, containment, and recovery.

Authentication, Detection, and Identification

Given that an intruder may gain access to a conventional system or, with significantly more effort, a highly secure system, what technology can be deployed to detect and identify the intruder? Similarly, how do we detect a denial-of-service attack and track its originator?17

Detection of an intruder or a denial-of-service attack is more difficult than it

17  

CSTB (1999c), pp. 144-152; CSTB (1999b). A denial-of-service attack is one in which a target is flooded with a huge number of requests for service, thus keeping it busy servicing these (bogus) requests and unable to service legitimate ones.

Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×

BOX 5.2
Principles of Defensive Strategy

Computer or telecommunications systems that contain sensitive information, or whose functioning is critical, must be protected at high levels of security. Several policies should be mandatory:

  • Use of encryption for communication between system elements and use of cryptographic protocols. These practices help to ensure data integrity between major processing elements (e.g., host to host, site to site, element to element); prevent intrusion into the network between nodes (e.g., making “man-in-the-middle” attacks much more difficult); and provide strong authentication (e.g., through the use of public-key-based authentication systems that use encryption and random challenge to strengthen the authentication process or to bind other elements of the authentication such as biometrics to the identity of a user).

  • Minimal exposure to the Internet, which is inherently insecure. Firewalls are a minimal level of protection, but they are often bypassed for convenience. (Balancing ease of use and security is an important research area discussed elsewhere in this chapter.) Truly vital systems may require an “air gap” that separates them from public networks. Likewise, communication links that must remain secure and available should use a private network. (From a security perspective, an alternative to a private network may be the use of a connection on a public network that is appropriately secured through encryption. However, depending on the precise characteristics of the private network in question, it may—or may not—provide higher availability.)

  • Strong authentication technology for authenticating users. Security tokens based on encryption (such as smart cards) are available for this purpose, and all entrants from a public data network (such as a network-access provider or insecure dial-in) should use them. Furthermore, for highly critical systems, physical security must also be assured.

  • Robust configuration control to ensure that only approved software can run on the system and that all the security-relevant knobs and switches are correctly set.

Such measures are likely to affect ease of use and convenience, as well as cost. These are prices that must be paid, however, because hardening critical systems will greatly reduce vulnerability to a cyberattack.

might initially appear. Intruders are often indistinguishable from valid users and frequently take great care to hide their entry and make their behavior look innocuous. Detecting a denial-of-service attack is equally challenging. For example, consider an attack that is launched against the major Internet news services to coincide with a physical bomb attack. It would be nearly impossible to distinguish legitimate users, who would simply be looking for information, from attackers inundating the Web site to try to prevent access to that information, possibly increasing panic and misinformation.

Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×

To date, a number of approaches have offered some promise. One of them calls for authentication so that intruders and bogus traffic can more easily be distinguished. Developing such methods that are both fast and scalable (i.e., effective and fast even when they involve authentication of large numbers of parties) remains the major challenge in this area, however. (One technique that may be worth further development, at least in the context of authenticating traffic to and from heavily used Web sites, is easy-to-use subscription models.18)

A second approach involves self-monitoring both of users and traffic to detect either anomalous users or unusual traffic patterns that might indicate an active attack. Of course, such monitoring requires good characterizations of what “normal” behavior is and knowledge of what various kinds of behavior mean in the context of specific applications. Today, the major deficiency in this approach is the occurrence of too many false positives. That is, the behavior of legitimate users is sufficiently diverse that infrequent but legitimate behaviors are often mischaracterized as anomalous (and hence hostile).

A third approach uses traps (sometimes referred to as “honeypots”)—apparently interesting files crafted to attract the attention of an intruder so that he or she might spend extra time examining it. That extra time can then be used to provide warning of hostile intent, and might help in forensic investigation while the hostile party is connected to the system. More effective honeypots, and the development of forensic tools for use in a honeypot environment, may be fruitful areas of research.

Finally, it is especially important for detection methods to function efficiently in large systems, characterized by thousands (or hundreds of thousands) of simultaneous users and a correspondingly large quantity of communicated data. It will be necessary to monitor these extraordinary volumes without seriously degrading network performance.

Recommendation 5.4: Detection and Identification Research

  • Develop fast and scalable methods for high-confidence authentication.

  • Explore approaches that could self-monitor traffic and users to detect either anomalous users or unusual traffic patterns.

  • Develop intruder-detection methods that scale to function efficiently in large systems.

18  

A subscription model calls for a user to register for service in some authenticated way, so that a site can distinguish that user from a random bad user. Because denial-of-service attacks depend on a flood of bogus requests for service, the availability of a database of registered users makes it easy to discard service requests from those that are not registered—and those are likely to account for the vast majority of bogus requests.

Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×
Containment

Today’s systems and networks often fail catastrophically. That is, a successful attack on one part of a system can result in an entire system or network being compromised. (An example is that the failure of a perimeter defense surrounding otherwise unprotected systems can result in an intruder gaining full and complete access to all of those systems.) More desirable is a system that degrades gracefully—a successful attack on one part of a system results only in that part of the system being compromised, and the remainder of the system continues to function almost normally.19

The principle of graceful degradation under attack is well accepted, but system and network design for graceful degradation is not well understood. Nor are tools available to help design systems and networks in such a manner.

In addition, the building blocks of today’s systems are generally commercial off-the-shelf components.20 Despite the security limitations of such components, economics force systems to be built this way. However, it is not known today how to integrate them safely, how to contain faults, and how to disaggregate them when necessary. While this lack of understanding applies to systems ranging from accounting and payroll systems to telephone switching systems, SCADA systems are a particularly important case.

Architectural containment as a system-design principle calls for the ability to maintain critical functionality (such as engine control on a ship) despite failures in other parts of the system.21 Such an approach could be one of the most effective long-term methods for hardening IT targets that oversee critical operations.

For the most part, current technologies employ a bimodal approach: either no computer control, which is inefficient in modern large-scale systems, or complete computer control, with the inherent vulnerabilities that this implies.22 Containment essentially navigates between the two extremes; its essential element is the ability to “lock down” a system under attack—perhaps suspend normal operation temporarily, while the system finds and disables potential intruders, and resume normal system operation afterward—with less disruption than shutting down and rebooting might cause.

Research is thus necessary in several areas: understanding how to fuse a simple, highly secure, basic control system used primarily for crisis operations

19  

CSTB (1999c), pp. 144-152.

20  

CSTB (1999b).

21  

Note that an essential aspect of designing for containment is the ability to define and prioritize what functions count as essential. For systems used by multiple constituencies, the existence of this ability cannot be taken for granted.

22  

As an example, consider that a shipwide networking failure on the USS Yorktown left the ship without the ability to run its engines.

Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×

with a sophisticated, highly effective, computer control system used for normal operations; “decontamination” of a system while it is being used (see below); and resuming operations without the need for going offline. One “grand challenge” might be the development of a system that could be made more secure at the touch of a button; the cost would be in losing some nonessential functionality while the system simultaneously decontaminated itself or shut out attackers. Another serious problem for which few general solutions are known is the distributed denial-of-service attack.

Recommendation 5.5: Containment Research

  • Develop the tools and design methodologies for systems and networks that support graceful degradation in response to an attack.

  • Develop mechanisms to contain attackers and limit damage rather than completely shutting down the system once an intrusion is detected.

  • Explore how to fuse a simple, basic control system used during crisis mode with a sophisticated control system used during normal operations.

Recovery

Once an intruder has been detected, confined, and neutralized, the goal should be to bring the system to full operation as soon as possible. This is the task of the recovery process. Like containment, recovery has major applications for reliability, although the presence of a determined adversary makes the problem considerably harder. Recovery includes preparations not only to help ensure that the system is recoverable but also to enable active reconstitution of a good system state.

Backup is an essential prerequisite for reconstitution. Although the basic concepts of system backup are well understood, there are major challenges to performing and maintaining backups in real time so that as little system state as possible is lost. However, normal backup methods have been developed under the assumption of benign and uncorrelated failure, as opposed to a determined attacker who is trying to destroy information. Further, backups of large systems take a long time, and if the systems are in use during the backup, the system state can change appreciably during that time. Thus, research is needed on ways to preserve information about system state during backup.

Unlike a restore operation used to recreate a clean system after a failure, reconstitution requires an additional step: decontamination, which is the process of distinguishing clean system state (unaffected by the intruder) from the portions of infected system state, and eliminating the causes of those differences. Because system users would prefer that as little good data as possible be discarded, this problem is quite difficult. Decontamination must also remove all active infections, as well as any dormant viruses. Once decontamination is performed,

Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×

attention can be turned to forensics in an attempt to identify the attacker23 and acquire evidence suitable for prosecution or retaliation. In the end, this ability is critical to long-term deterrence.

Given that penetration of computer and telecommunications networks is likely to continue despite our best efforts to build better perimeter security, more resilient and robust systems are necessary, with backup and recovery as essential elements.

New approaches to decontamination are also needed, especially when a system cannot be shut down for decontamination purposes. At present, much of the activity associated with a properly running system interferes with decontamination efforts (particularly with respect to identifying a source of contamination and eliminating it).

Recommendation 5.6: Recovery Research

  • Develop schemes for backing up large systems, in real time and under “hostile” conditions, that can capture the most up-to-date, but correct, snapshot of the system state.

  • Create new decontamination approaches for discarding as little good data as possible, and for removing active and potential infections, on a system that cannot be shut down for decontamination.

Cross-Cutting Issues in Information- and Network-Security Research

A number of issues cut across the basic taxonomy of detect and identify, contain, and recover described above.

Reducing Buggy Code. Progress in making systems more reliable will almost certainly make them more resistant to deliberate attack as well. But buggy code underlies many reliability problems, and no attempt to secure systems can succeed if it does not take this basic fact into account.24

Buggy software is largely a result of the fact that despite many years of serious and productive research in software engineering, the creation of software is still more craft than science-based engineering. Furthermore, the progress that has been made is only minimally relevant to the legacy software systems that remain in all infrastructure.

Software-system bugs can result from a variety of causes, ranging from low-level syntax errors (e.g., a mathematical expression uses a “plus” sign when it should use a “minus” sign) to fundamental design flaws (e.g., the system functions as it was designed to function, but it does so in an inappropriate place).

23  

CSTB (1999c), pp. 144-152.

24  

CSTB (1990, 1999b).

Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×

Buffer overflow—in which memory is overwritten—is a particularly common kind of bug that frequently causes system crashes and can be exploited by an adversary to gain control over a target system.

Dealing with buggy code is arguably the oldest unsolved problem in computer science, and there is no particular reason to think that it can be solved once and for all by any sort of crash project. Nevertheless, two areas of research seem to be particularly important in a security context:

  1. Security-oriented tools for system development. Tools can be designed to audit source code for certain classes of common flaws.25 Better programming languages may help as well. (For example, Java and similarly type-safe languages are more resistant to buffer overflows than are other languages.26) More tools that support security-oriented development would be useful.

  2. Trustworthy system upgrades and bug fixes. It often happens that a system bug is identified and a fix to repair it is developed. Obviously, repairing the bug may reduce system vulnerability, so system administrators and users should have some incentive to install the patch. However, with current technology, the installation of a fix or a system upgrade carries many risks—a nontrivial chance of causing other problems, a break in existing functionality, or possibly the creation of other security holes, even when the fix is confined to a module that can be reinstalled.27 The essential reason for this problem is that while fixes are tested, the number of operational configurations is much larger than the number of test configurations that are possible. Research is thus needed to find ways of testing bug fixes reliably and of developing programming interfaces to modularize programs that cannot be bypassed.

Misconfigured Systems. Because existing permission and policy mechanisms are hard to understand, use, and verify, many problems are caused by their improper administration.28 There is also a trade-off between granularity of access control and usability. For example, an entire group of people may be given access privileges when only one person in that group should have them. Or a local system administrator may install a modem on the system he or she administers with the intent of obtaining access from home, but this also provides intruders with an unauthorized access point. The ability to generate a crisp, clear description of actual security policies in place and to compare them with desired security

25  

Wagner, D.A. 2000. “Static Analysis and Computer Security: New Techniques for Software Assurance,” Ph.D. dissertation, University of California, Berkeley.

26  

Type-safe languages allow memory accesses only to specifically authorized locations. For example, programs written in type-safe languages cannot read or write to memory locations that are associated with other programs.

27  

Brooks, Frederick P. 1975. The Mythical Man-Month. Addison-Wesley, Boston, Mass.

28  

CSTB (1990, 1999b).

Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×

policies would be helpful. Thus, better system-administration tools for specifying security policies and checking system configurations quickly against prespecified configurations should be developed.

Auditing Functionality. Validation sets are used to ensure that a piece of hardware (e.g., a chip) has the functionality that its design calls for. However, these sets typically test for existing functionality—that is, can the hardware properly perform some specified function? They do not test for unauthorized functionality that might have been improperly inserted, perhaps by someone seeking to corrupt a production or distribution chain. Research is needed for developing tools to ensure that all of the called-for functionality is present and that no additional functionality is present as well.

Managing Trade-offs Between Functionality and Security. As a general rule, more secure systems are harder to use and have fewer features.29 Conversely, features—such as executable content and remote administration—can introduce unintended vulnerabilities even as they bring operational benefits. (For example, newer word processors allow the embedding of macros into word processing files, a fact that results in a new class of vulnerabilities for users of those programs as well as added convenience.) More research is required for performing essential trade-offs between a rich feature set and resistance to attack.

Transparent, or at least point-and-click, security would be more acceptable to users and hence would be employed more frequently. For example, there are many authentication mechanisms, both electronic and physical, but the most convenient one to use—passwords—has many serious, well-known disadvantages. Smart cards are more secure, but a user must have them available when needed. New authentication mechanisms that combine higher security with lower inconvenience are needed.

Security Metrics. Many quantitative aspects of security are not well understood. For example, if a given security measure is installed—and installed properly (something that cannot be assumed in general)—there is no way of knowing by how much system security has increased. Threat models are often characterized by actuarial data and probability distributions in which the adverse effects of vulnerabilities are prioritized on the basis of how likely it is that they will occur; but such models are of little use in countering deliberate terrorist attacks that seek to exploit nominally low-probability vulnerabilities. Notions such as calculating the return on a security investment—common in other areas in which security is an issue—are not well understood either, thus making quantitative risk manage-

29  

CSTB (1990), pp. 159-160.

Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×

ment a very difficult enterprise indeed.30 Research is needed for developing meaningful security metrics.

Intelligence Gathering. Given the rate at which information technology changes, it is likely that new types of attack will emerge rapidly. Because insight into the nature of possible attacks is likely to result in additional options for defense, it is highly desirable to keep abreast of new vulnerabilities and to understand the potential consequences if such vulnerabilities were to be exploited.

Field Studies of Security. Traditional criteria, as specified in the Orange Book,31 have not been successes. They do not capture current needs or models of computation.32 Worse yet, they have largely failed in the marketplace; very few customers actually bought Orange Book-rated systems, even when they were available. Understanding why previous attempts to build secure systems and networks have failed in the marketplace, or in defending against outside attack, would help to guide future research efforts. (Note that human and organizational factors are key elements of such analysis, as mentioned above.)

Recommendation 5.7: Crosscutting Issues in Information- and Network-Security Research

  • Develop tools that support security-oriented systems development.

  • Find new ways to test bug fixes reliably.

  • Develop better system-administration tools for specifying security policies and checking against prespecified system configurations.

  • Create new tools to detect added and unauthorized functionality.

  • Develop authentication mechanisms that provide greater security and are easier to use.

  • Create and employ metrics to determine the improvement to system security resulting from the installation of a security measure.

  • Monitor and track emerging types of attack and explore potential consequences of such attacks.

  • Understand why previous attempts to build secure systems have failed and recommend how new efforts should be structured to be more successful.

30  

Information on the economic impact of computer security is given in “The Economic Impact of Role-Based Access Control,” National Institute of Standards and Technology, March 2002. Available online at <http://www.nist.gov/director/prog-ofc/report02-1.pdf>.

31  

The “Orange Book” is the nickname for the Trusted Computer System Evaluation Criteria, which were intended to guide commercial system production generally and thereby improve the security of systems in use. Its principal failing was the omission of networking concerns, which arose during the lengthy period between the time it was first drafted and its final approval.

32  

CSTB (1999c), pp. 144-152, and CSTB (1990, 1999b).

Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×

IT and C3I for Emergency Response

Technologies for command, control, communications, and information (C3I) have major importance in the response phase of a disaster.

In general, the IT infrastructure must be robust in the face of damage.33 Although incident management has been well studied,34 the IT requirements for such management do not appear to have been thoroughly conceived—even though in a disaster it is essential that IT systems provide for the capability to deliver information, interagency communication and coordination, and communication with those affected both within and beyond the immediate disaster area. Equipment must be deployed immediately to provide for appropriate communication to those responding to the situation, among the multiple agencies in the private and public sectors that are affected, and to and between those directly affected by the incident.35

There are many options for helping to facilitate interoperable crisis communications among emergency-response agencies. For example, it is likely that some portion of the public networks will survive any disaster; emergency-response agencies could use it to facilitate interoperability if there are mechanisms for giving them first priority for such use. A second option is to allocate dedicated spectral bands for emergency responders and to require by law that they use those frequencies. A third option is to mandate frequency and waveform standards for emergency responders so that they are interoperable. A fourth option is to develop technology to facilitate interoperable communications among emergency responders. Of course, these options are not mutually exclusive.

In addition, numerous computational and database facilities must be established to provide complete and real-time information36 to diverse constituencies whose information and communication requirements, security needs, and authorizations all differ. These facilities must be established quickly, as minutes and even seconds matter in the urgent, early stages of an incident.37 Furthermore, tight security is essential, especially if the incident is the result of a terrorist attack, because an active adversary might try to subvert the communications or destroy data integrity.38 In addition, an atmosphere of crisis and emergency provides opportunities for hostile elements to overcome security measures that are normally operative under nonemergency circumstances; thus, another research area is how to build systems that permit security exceptions to be declared without introducing new vulnerabilities on a large scale.

33  

CSTB (1999a), p. 39.

34  

Christen et al. (2001).

35  

CSTB (1996), p. 14.

36  

CSTB (1999a), p. 29.

37  

CSTB (1999a), p. 83, and CSTB (1996), p. 12.

38  

CSTB (1996), p. 24.

Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×

Efforts to coordinate communications are complicated by the fact that emergency response to a large-scale incident has many dimensions, including direct on-the-ground action and response, management of the incident response team, operations, logistics, planning, and even administration and finance. Moreover, response teams are likely to include personnel from local, county, state, and federal levels.39

Research in a number of areas can advance the state of the art for emergency-response C3I systems, thereby improving their effectiveness for terrorist incidents. In addition, the development of better C3I systems for emergency response will have application to responding to natural disasters as well.

Ad Hoc Interoperability

Different emergency responders must be able to communicate with each other, but poor interoperability among responding agencies is a well-known problem—and one that is as much social and organizational as it is technical. The fundamental technical issue is that different agencies have different systems, different frequencies and waveforms, different protocols, different databases, and different equipment.40 At the same time, existing interoperability solutions are ad hoc and do not scale well.41 Moreover, the nature of agencies’ missions and the political climates in which they traditionally operate make it difficult for them to change their communication methods. Thus, it is unlikely that agencies will ever be strongly motivated to deploy interoperable IT systems.

Exercises may help identify and solve some social and organizational problems, but rivalries and political infighting about control and autonomy will probably remain. It is for this reason that the notion of uniform standards to which the communications protocols of different agencies will adhere is not likely to be an adequate solution to problems of interoperability. Indeed, such exercises are of particular value precisely because they help to reveal the rivalries and infighting whose resolution is important to real progress in this area.

The communication process somehow has to work within this reality of organizational resistance.42 In the ideal case, communication among the myriad agencies that respond to a crisis would be done smoothly through at least three different phases. In the first phase, the initial responding agencies immediately deploy their ad hoc communication structures, using their existing communication facilities and equipment. In the second phase, the agency-specific communication structure transitions to one that is systemwide. In the third phase, the

39  

CSTB (1999a), p. 7.

40  

CSTB (1999a), p. 26.

41  

CSTB (1999b)), p. 119.

42  

CSTB (1999a), p. 27.

Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×

multiple organizations establish full, efficient interoperability.43 At this point, all participants should be able to communicate with critical teams and get essential information in a timely and efficient manner. Critical central decisions should flow smoothly downward. Similarly, low-level urgent requests for communication, assistance, or information should flow upward to the appropriate agency and then back to the appropriate operatives.44 Interactions take place among responders and between responders and the public; people who have not worked closely with one another are suddenly brought together under demanding circumstances, yet they are expected to interact well.45

In most actual cases, however, these “phases” do not proceed so smoothly. Research is clearly needed on transitioning from the initial, unit-specific, ad hoc structure to an interoperable, systemwide structure and in a graceful manner, with zero or minimal disruption of function during that transfer.46 This complex problem requires study both by technologists and social scientists: The technologies must be easy enough to use so that they complement the users rather than distract them from their missions, and the technologies of different responders must complement each other as well (or at least not clash).47

Thus research is also needed for defining low-level communication protocols and developing generic technology that can facilitate interconnection and interoperation of diverse information resources.48 One example of research is the development of software-programmable waveforms that can (in principle) allow a single radio to interoperate with a variety of different wireless communications protocols.49 A second example is an architecture for communications, perhaps for selected mission areas, that translates agency-specific information into formats and semantics compatible with a global system.50

Emergency Management of Communications Capacity

In an emergency, extraordinary demands are placed on communications capacity. A disaster is likely to destroy some but not all of the communications infrastructure in a given area, leaving some residual capability. Meanwhile, the disaster provokes greater demands for communication from the general public. The result is often a denial-of-service condition for all, including emergency-

43  

CSTB (1996), p. 21.

44  

CSTB (1999a), pp. 25-26.

45  

CSTB (1999a), pp. 30, 32.

46  

CSTB (1999a), p. 26.

47  

CSTB (1999a), pp. 50, 84; and CSTB (1996), p. 33.

48  

CSTB (1999a), p. 85

49  

CSTB (1997).

50  

See CSTB (1999c) for a discussion of mission slices and working the semantic interoperability problem.

Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×

communications services. The absence of a telephone dial tone in a disaster area is common because of increased demands.51 Even under high-traffic but nonemergency situations, cell-phone networks are sometimes unable to handle the volume of users in a given cell because of statistical fluctuations. Nor is the Internet immune to such problems—congestion of shared Internet links, including both last-mile and aggregated feeder links, can cause lockouts to occur on facilities that are still operational in the disaster area.

Research is needed on using residual (and likely saturated) capacity more effectively, deploying additional (surge) capacity,52 and performing the trade-offs among different alternatives. One problem in this area is the management of traffic congestion and the development of priority overrides for emergency usage (and prevention of the abuse of such authority).53 A second problem is that optimization algorithms for communications traffic that are appropriate in normal times may have to be altered during emergencies. For example, the destruction of physical facilities such as repeaters and the massive presence of debris could result in an impaired environment for radio-frequency transmissions. The rapid deployment of processors optimized to find weak signals in a suddenly noisier environment could do much to facilitate emergency communications. DSL systems, for example, can reallocate huge bandwidth to a single phone line by coordinating it with all the phone lines nearby (one can sometimes get 10 times the bandwidth if this is done right). Under normal circumstances, the interests of the other users would defeat such a system (with cross talk), but in an emergency those interests could be reprioritized.

Research is also needed for self-adaptive networks that can reconfigure themselves in response to damage and changes in demand, and that can degrade gracefully.54 For example, in a congested environment, programmed fallback to less data-intensive applications (e.g., voice rather than video, text messaging rather than voice) may provide minimal communications facility. Even today, many cellular networks allow the passing of text messages. Also, public and private elements of communications infrastructure could both be tapped to provide connectivity in a crisis,55 as happened in New York City on September 11.

51  

CSTB (1996), p. 17.

52  

CSTB (1999a), p. 83.

53  

CSTB (1999a), p. 39. In addition, the White House’s National Communications System office has moved to implement a wireless priority service that facilitates emergency recovery operations for the government and local emergency-service providers. This service will be implemented in phases, with an immediate solution available in early 2002 in selected metropolitan areas and a nationwide solution (yet to be developed) scheduled for late 2003. Further work after 2003 will concentrate on the development and implementation of third-generation technologies that enable high-speed wireless data services. See Convergence Working Group, Report on the Impact of Network Convergence on NS/EP Telecommunications: Findings and Recommendations, February 2002.

54  

CSTB (1999a), p. 39.

55  

CSTB (1999a), p. 39.

Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×
Security of Rapidly Deployed Ad Hoc Networks

The management of communications networks poses unique problems in a crowded, emergency disaster zone. Security must be established rapidly from the outset, as the terrorists might try to mix among the first responders.56 It is also necessary to determine a means for temporarily suspending people’s access to facilities, communications, and data without impeding the ability of those with legitimate need to use them. Yet this suspension process has to be done rapidly, given that minutes and seconds matter in severe emergencies.

Research is therefore needed on the special security needs of wireless networks that are deployed rapidly and in an ad hoc manner. (For example, ad hoc networks are not likely to have a single system administrator that can take responsibility for allocating user IDs.)

Information-Management and Decision-Support Tools

In a chaotic disaster area, a large volume of voice and data traffic will be transmitted and received on handheld radios, phones, digital devices, and portable computers. Nevertheless, useful information is likely to be scarce and of limited value. Thus, research is needed on “decision-support” tools that assist the crisis manager in making the most of this incomplete information.57

Communications with the Public During an Emergency

In a crisis, channels to provide information to the public will clearly be needed. Radio, television, and often the Web provide such information today, but it is usually generic and not necessarily helpful to people in specific areas or with specific needs. Research is needed to identify appropriate mechanisms—new technologies such as “call by location” and zoned alert broadcasts—for tailoring information to specific locations or individuals.58 To be effective in interacting with individual users, ubiquitous and low-cost access is required.59 In addition, such systems should be highly robust against spoofing (entry by an intruder masquerading as a trusted host) so that only authorized parties can use them to send out information.

For example, the current cell-phone system does not directly support these functions, but it might be possible to modify and exploit it to provide “reverse 911” service,60 i.e., a one-way channel to those affected that provides a continual

56  

CSTB (1996), p. 24.

57  

CSTB (1996), p. 104.

58  

CSTB (1999a), p. 35.

59  

CSTB (1999a), p. 40.

60  

CSTB (1999a), p. 35.

Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×

flow of relevant information and guidance. Such mechanisms would probably have to be locally self-sufficient. That is, the disaster might spare the local cell site—or a temporary cell site could be deployed along with wireless alternatives61—but access to central services might not be possible.

Finally, providing information to those located outside the immediate emergency area gives important psychological comfort and helps to mitigate the disaster’s consequences. (For example, in the immediate aftermath of the September 11 attacks, “I’m alive” bulletin boards sprang up spontaneously.) Research is needed for establishing more effective means of achieving this objective—especially in updating the status of affected people—while compromising the local communications infrastructure to a minimal degree.

Emergency Sensor Deployment

During an emergency, responders need information about physical on-the-ground conditions that is sufficiently fine-grained and accurate to be useful. It is virtually inevitable that no preexisting sensor network will be in place to provide adequate information, so the deployment of sensors in response to a disaster is likely to be necessary. Depending on the nature of the emergency, sensor capacity would be needed to identify and track the spread of nuclear, chemical, or biological contaminants, characterize and track vehicular traffic, locate survivors (e.g., through heat emanations, sounds, or smells), and find pathways through debris and rubble. Developing robust sensors for these capabilities is one major challenge; developing architectural concepts for how to deploy them and integrate the resulting information is another.

Precise Location Identification

In a severe crisis, determining the location both of physical structures and of people is a major problem because of debris, airborne contaminants such as smoke and dust, and perhaps simply a lack of illumination. Therefore, technological solutions, such as embedded location sensors, are probably essential. Distributed sensor networks, either already in place or deployed in response to an incident, can be valuable information sources.62

While technologies like the Global Positioning System could also play a major role, airborne contaminants and equipment damage might render them ineffective. The information needs of the responders and those affected will thus

61  

CSTB (1996), p. 18.

62  

CSTB (1996), pp. 24, 25; CSTB (2001a).

Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×

require rapid access to accurate databases—of blueprints and building diagrams, for example.63

Research is needed to develop digital floor plans and maps of other physical infrastructure.64 The resulting data could be stored in geographic information systems (GIS), which would allow responders to focus on the high-probability locations of missing people (such as lunchrooms) and avoid dangerous searches of low-probability locations (such as storage areas).65 Research is needed in wearable computers for search-and-rescue operations66 so that responders could update the GIS in real time as they discover victims and encounter infrastructural damage. Another research area is in “map ants”67—distributed, self-organizing robots deployed in a disaster area to sense movement or body heat, for instance. It may also be possible to develop technology to generate the data for accurate maps of a debris-strewn disaster location.

Finally, keeping track of emergency responders’ positions within a disaster area is an essential element of managing emergency response. Technology (similar to E-911 for cell phones) to monitor the progress of these individuals automatically is not yet available on a broad scale.

Mapping the Physical Infrastructure of IT

As noted above, the telecommunications infrastructure is for the most part densely connected; hence physical attack is unlikely to disrupt it extensively for long periods of time. However, the physical infrastructure of telecommunications (and the Internet) does not appear to be well understood (that is, immediate knowledge of where various circuits are located is unavailable), and there may well exist critical nodes whose destruction would have a disproportionate impact. (On the other hand, knowing where these critical nodes are is difficult for both network operators and terrorists.) Thus an important priority is to develop tools to facilitate the physical mapping of network topology, and to begin that mapping now with the tools that are currently available. This is particularly important for converged networks over which both voice and data are carried.

63  

Hightower, J., and G. Boriello. 2001. “Location Systems for Ubiquitous Computing,” IEEE Computer, Vol. 33, No. 8, August.

64  

As one example, consider that a firm that installs fiber-optic cables in a city’s sewers is capable of mapping those sewers as well using a sewer-crawling robot that lays cable and tracks its position.

65  

CSTB (1996), p. 14.

66  

CSTB (1999a), p. 38.

67  

A study in progress by the Computer Science and Telecommunications Board, Intersections Between Geospatial Information and Information Technology, discusses these self-organizing robots.

Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×
Characterizing the Functionality of Regional Networks for Emergency Responders

To develop mechanisms for coordinating emergency-response activities, it is necessary to understand what the various communications and computer networks of emergency responders in a given region are supposed to do. For example, managers from different agencies often speak different “languages” in describing their needs, capabilities, and operational priorities; a common conceptual framework for these purposes would be enormously helpful for coordination of planning activities, yet one is not yet available.68 Sharing of information among the various providers of critical infrastructure and emergency-response agencies, even about common tasks and processes, has been a rather uncommon activity in the past.

Recommendation 5.8: IT and C3I Research

  • Understand how to transition gracefully and with minimal disruption from a unit-specific communication system to a systemwide structure.

  • Define new communication protocols and develop generic technology to facilitate interconnection and interoperation of diverse information sources.

  • Develop approaches for communication systems to handle surge capacity and function in a saturated state.

  • Develop methods to provide more capacity for emergency communication and coordination.

  • Create self-adaptive networks that can reconfigure themselves as a function of damage and changes in demand and that can degrade gracefully.

  • Understand the special security needs of rapidly deployed wireless networks.

  • Develop decision-support tools to assist the crisis manager in making decisions based on incomplete information.

  • Explore mechanisms to provide information tailored to specific individuals or locations through location-based services.

  • Establish more effective means of communicating the status of affected people to those outside the disaster area.

  • Develop robust sensors and underlying architectural concepts to track and locate survivors as well as to identify and track the spread of contaminants.

68  

Christen, Hank, et al., “An Overview of Incident Management,” Perspectives on Preparedness, No. 4, September 2001, available online at <http://ksgnotes1.harvard.edu/BCSIA/Library.nsf/pubs/PO4>.

Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×
  • Create digital floor plans and maps of other physical infrastructure, and use wearable computers and “map ants” to generate maps that can be updated.

  • Develop tools to map network topology, especially of converged networks that handle voice and data traffic.

  • Begin to characterize the functionality of regional networks for emergency responders.

Information Fusion

Promising to play a central role in the future prevention, detection, and remediation of terrorist acts, “information fusion” is defined as the use of computer technology to acquire data from many sources, integrate these data into usable and accessible forms, and interpret them. Such processed data can be particularly valuable for decision makers in law enforcement, the intelligence community, emergency-response units, and other organizations combating terrorism. Not surprisingly, an inherent problem of information fusion is data interoper-ability—the difficulty of merging data from multiple databases, multiple sources, and multiple media.

  • Prevention. Security checkpoints have become more important and more tedious than ever at airports, public buildings, sporting venues, and national borders. But the efficiency and effectiveness of checkpoints could be significantly improved by creating information-fusion tools to support the checkpoint operator in real time. For example, future airport-security stations could integrate data received from multiple airports to provide a more global view of each passenger’s luggage and activities on connecting flights. The stations could use data-mining methods to learn which luggage items most warrant hand-inspection, and they could capture data from a variety of biometric sensors to verify the identities of individuals and search for known suspects.

  • Detection. Intelligence agencies are routinely involved in information fusion as they attempt to track suspected terrorists and their activities, but one of their primary problems is managing the flood of data. There are well-known examples in which planned terrorist activity went undetected despite the fact that relevant evidence was available to spot it—the evidence was just one needle in a huge haystack. Future intelligence and law-enforcement activities could therefore benefit enormously from advances in automatic interpretation of text, image, video, sensor, and other kinds of unstructured data. This would enable the computer to sort efficiently through the massive quantities of data to bring the relevant evidence (likely combined from various sources) to the attention of the analyst.

  • Response. Early response to biological attacks could be supported by collecting and analyzing real-time data, such as admissions to hospital emer-

Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×

gency rooms and veterinary offices or purchases of nonprescription drugs in grocery stores, and integrating it with background information about the affected patient’s residence and job address. Prototype systems are already under development, including one that monitors real-time admissions to 17 emergency departments near Pittsburgh, to generate profiles of ER visits, and discern patterns of activity. If anomalous patterns emerge that may signify an outbreak of some new pathogen, system administrators can quickly alert health officials.

Many other opportunities exist for such computer-aided “evidence-based decision making.” For example, the monitoring of activity on computer networks might flag potential attempts to break through a firewall; or sensor networks attached to public buildings might flag patterns of activity within the building that suggest suspicious behavior. In these kinds of cases, because the data is voluminous and derives from a variety of sources, an unaided decision maker might have difficulty detecting subtle patterns.

As a general proposition, the development of tools that provide human analysts with assistance in doing their jobs has a higher payoff (at least in the short to medium term) than tools that perform most or all of the analyst’s job. This places a greater emphasis on approaches that use technology to quickly sift large volumes of data to flag potentially interesting data items for human attention (as opposed to approaches that rely on computers to make high-level inferences themselves in the absence of human involvement and judgment).

A final dimension of information fusion is nontechnical. That is, disparate institutional missions may well dictate against a sharing of information at all. Underlying successful information fusion efforts is a desire to share information—and it is impossible to fuse information belonging to two agencies if those two agencies do not communicate with each other. Establishing the desire to communicate among all levels at which relevant information could be shared may have a larger impact than the fusion that might occur due to advances in technology.

Data Mining

“Data mining” is the automatic machine-learning of general patterns from a large volume of specific cases. For example, given a set of known fraudulent and nonfraudulent credit-card transactions, the computer system may learn general patterns that can be used to flag future cases of possible fraud. Data mining has grown quickly in importance in the commercial world over the past decade, as a result of the increasing volume of machine-readable data, advances in statistical machine-learning algorithms for automatically analyzing these data, and improved networking that makes it feasible to integrate data from disparate sources. Decision-tree learning, neural-network learning, Bayesian-network learning, and logistic-regression-and-support vector machines are among the most widely used

Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×

statistical machine-learning algorithms. Dozens of companies now offer commercial implementations, which are integrated into database and data-warehousing facilities.

A typical commercial application of data mining is fraud detection for credit cards, telephone calls, and insurance claims (by learning from historical data on transactions known to be fraudulent). Other applications are in assessing mortality risk for medical patients (by learning from historical patient data) and predicting which individuals are most likely to make certain purchases (by analyzing data on other individuals’ past purchasing). The majority of these commercial data-mining applications involve well-structured data.

Limitations of the current commercial technology include the inability to mine data that is a combination of text, image, video, and sensor information (that is, data in “nonstructured” formats) as well as the inability to incorporate the knowledge of human experts into the data-mining process. Despite the significant value of current machine-learning algorithms, there is also a need to develop more accurate learning algorithms for many classes of problems.

New research is needed to develop data-mining algorithms capable of learning from data in both structured and nonstructured formats. And whereas current commercial systems are very data-intensive, research is needed on methods for learning when data are scarce (e.g., there are only a few known examples of some kinds of terrorist activity) by incorporating knowledge of human experts along-side the statistical analysis of the data. Another research area is better mixed-initiative methods that allow the user to visualize the data and direct the data analysis.

Data Integration

New research is needed to normalize and combine data collected from multiple sources, such as the combination of different sets of time-series data (e.g., with different sampling rates, clocks, and time zones) or collected with different data schemas (e.g., one personnel database may use the variable “JobTitle” while another uses “EmployeeType”).

Language Technologies

The area of language technologies has developed a wide variety of tools to deal with very large volumes of text and speech. The most obvious commercial examples are the Web search engines and speech-recognition systems that incorporate technology developed with DARPA and NSF funding. Other important technologies include information extraction (e.g., extraction of the names of people, places, or organizations mentioned within a document), cross-lingual retrieval (e.g., does an Arabic e-mail message involve discussion of a chemical weapon?), machine translation, summarization, categorization, filtering (moni-

Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×

toring streams of data), and link detection (finding connections). Most of these approaches are based on statistical models of language and machine-learning algorithms.

A great deal of online information, in the form of text such as e-mail, news articles, memos, and pages on Web sites, is of potential importance for intelligence applications. Research is needed on methods for accurately extracting from text certain structured information such as descriptions of events—e.g., the date, type of event, actors, and roles. Research is needed to handle multiple languages, including automatic translation, cross-lingual information retrieval, and rapid acquisition of new languages. Other important areas of future research are link detection (related to the normalization problem mentioned above) and advanced question answering.

Image and Video Processing

The technologies for image and video processing tend to be domain-specific and often combine information from multiple modes. For example, several companies are beginning to offer image-recognition software for face recognition and automatic classification of medical and other types of images. Commercially available video indexing-and-retrieval software improves effectiveness by combining techniques of segmentation, face detection, face recognition, key-frame extraction, speech recognition, text-caption extraction, and closed-caption indexing. This is a good example of information fusion in which multiple representations of content are combined to reduce the effect of errors coming from any given source.

The major limitation of present language and image technologies is that their accuracy and performance, despite significant progress, need to be considerably improved. This is particularly true for counterterrorist systems where the data may be very noisy (that is, surrounded by irrelevant information) and sparse.

Work is needed on improved algorithms for image interpretation and speech recognition. Many of these research issues are specific to problems arising in a particular medium—e.g., recent progress on face recognition has come primarily from understanding how to extract relevant image features before applying machine learning methods, though this approach may not be applicable to machine learning in other contexts. However, new research is also needed on perception based on mixed media—e.g., speech recognition based on sound combined with lip motion.

Evidence Combination

Many of the techniques used to combine information from multiple sources, as in video indexing or metasearch engines, are ad hoc. Current research on principle-based methods for reasoning under uncertainty needs to be extended

Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×

and tested extensively in more demanding applications. This is a key technical problem, with widespread implications for many of the applications mentioned above—e.g., how to combine evidence from hospital admissions and from nonprescription drug purchases to detect a probable bioterrorist attack; how to combine evidence from face recognition and voice print to estimate the likely identity of a person; or how to combine evidence from multiple sensors in a building to detect anomalous activity.

Recommendation 5.9: Information Fusion Research

  • Develop more effective machine-learning algorithms for data mining, including learning using different data types (text, image, audio, video).

  • Develop methods for systems to learn when data are scarce.

  • Create better mixed-initiative methods that allow the user to visualize the data and direct the data analysis.

  • Explore new methods to normalize and combine data from multiple sources.

  • Create methods to extract structured information from text.

  • Build approaches to handle multiple languages.

  • Improve algorithms for image interpretation, speech recognition, and interpretation of other sensors (including perception based on mixed media).

  • Extend, and test extensively in more demanding applications, the principle-based methods for reasoning under uncertainty.

PRIVACY AND CONFIDENTIALITY

As pressure mounts for the government to collect and process more information, it becomes increasingly important to address the question of how to minimize the negative impacts on privacy and data confidentiality.

Research is needed to provide policy makers with accurate information about the impact on confidentiality of different kinds of data disclosure. Research is also needed on new data-mining algorithms that discover general trends in data without requiring full disclosure of the individual data records. One example is data-mining algorithms that work by posing statistical queries to each of a set of databases, rather than gathering every data record into a centralized repository. Another is zero-knowledge data mining, in which general trends in data can be uncovered without requiring full disclosure of individual data records. (However, note that for many applications such as badges and access tokens, personal information of the sort mentioned is not necessary; the only requirements are that the token be recognizable as valid and that it has been issued to the person presenting it. It doesn’t even have to have an individual’s name on it.)

A related issue is the fact that a sufficient aggregation of nonpersonally identified information can often be used to identify a person uniquely. For

Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×

example, identifying someone as a man of Chinese extraction with a doctorate in physics who enjoys swing dancing, has an adopted 7-year-old daughter, and lives in upper-northwest Washington, D.C., is likely sufficient to specify a unique individual. Thus, the mere fact that information is disconnected from personal identifiers is no assurance that an individual cannot be identified if data are aggregated.

PLANNING FOR THE FUTURE

Planning for the future is also a critical dimension of any research agenda, though the resources devoted to it need not be large. New system architectures and technologies, such as switched optical networks, mobile code, and open-source or multinational code development, will have different vulnerabilities and hence require different defense strategies. Similarly, new device types such as digital appliances, wireless headphones, and network-capable cell phones pose new challenges. Even today, it is hard to interconnect systems with different security models or security semantics; and unless we deal with this problem, it will become increasingly difficult in the future.

Furthermore, the characteristics of deployed technology that protect the nation against catastrophic IT-only attacks today (e.g., redundancy, system heterogeneity, and a reliance on networks other than the Internet for critical business functions) may not obtain in the future. Indeed, some trends, such as deregulation, system monocultures, and the dominance of a smaller number of products, are pushing the nation’s critical infrastructure providers to reduce excess capacity, even though this is what provides much of the redundancy so important to reduced vulnerability.

For these reasons, researchers and practitioners must be vigilant to changes in network technology, usage and reliance on IT, and potentially decreasing diversity. In addition, research focused on the future is likely to have a slant that differs from those of the other research efforts described in this chapter. While the latter efforts might be characterized as building on existing bodies of knowledge (and are in that sense incremental), future-oriented research would have a more radical orientation: It would try to develop alternative paradigms for secure and reliable operation that would not necessarily be straightforward evolutions from the Internet and information technology of today.

For example, one such pursuit might be the design of appropriate network infrastructure for deployment in 2020 that would be much more secure than the Internet of today. Another might be an IT infrastructure whose security relied on engineered system diversity—in which deployed systems were sufficiently similar to be interoperable yet sufficiently diverse to essentially be resistant to large-scale attacks.

Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×

IMPLEMENTATION

The IT research areas of highest national priority for counterterrorism are information and network security, emergency response, and information fusion. Within each of these areas, a reasonably broad agenda is appropriate, as none of them can be characterized by the presence of a single impediment whose removal would allow everything else to fall into place. Advances in these areas may prevent some attacks on the IT infrastructure from succeeding. In the event an attack does occur, whether against the IT infrastructure alone or against some physical part of the nation, IT may help to rapidly and accurately identify its nature, reduce its effectiveness, aid in responding to it, and enable a quicker and fuller recovery. Indeed, even if the IT infrastructure is not deliberately attacked, significant damage to it may be a consequence of an attack directed elsewhere, and in any event any significant attack will result in extraordinary demands for emergency communications being placed on it. A stronger IT infrastructure would be beneficial in any case.

A point that deserves emphasis is the broad utility of the research agenda described above. Progress in these areas has applications not only for counterterrorism efforts but also for a wide range of other important national endeavors such as responding to natural disasters and decreasing cybercrime.

Most of these research areas are not new. Efforts have long been under way in information and network security and information fusion, though additional research is needed because the resulting technologies are not sufficiently robust or effective, they degrade performance or functionality too severely, or they are too hard to use or too expensive to deploy. Information technologies for emergency response have not received a great deal of attention, though efforts in other contexts (e.g., military operations) are intimately related to progress in this area.69

The time scale on which the fruits of efforts in these areas will become available ranges from short to long. That is, each of these areas has technologies that can be beneficially deployed on a relatively short time scale (e.g., in a few years). Each area also has other prospects for research and deployment on a much longer time scale (e.g., a decade or more) that will require the development of entirely new technologies and capabilities.

What drives the designation of these research areas as high priority?

  • Information and network security is critical because of the potentially

69  

Military communications and civilian emergency-response communications have similarities and differences. Military forces and civilian agencies share the need to deploy emergency capacity rapidly, to interoperate, and to operate in a chaotic environment. While military communications must typically work in a jamming environment or one in which there is a low probability of intercept, these conditions do not obtain for civilian emergency-response communications. Also, military forces often must communicate in territory without a preexisting friendly infrastructure, while civilian agencies can potentially take advantage of such an infrastructure.

Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×

amplifying effect of attacks on IT when combined with attacks on the physical infrastructure, given the nation’s increasing dependence (though much of it is avoidable) on information technology.

  • IT for emergency response is essential because of the unfortunate reality that the probability of catastrophic terrorism cannot be reduced to zero; the ability to respond quickly and effectively to a catastrophic situation will always be needed.

  • Information fusion is important in today’s counterterrorism efforts, where the essential problem is how to identify potential threats amidst enormous amounts of possibly relevant information; sophisticated techniques for filtering and processing this information are needed.

Unlike some other sectors of national importance, the IT sector is one over which the federal government has little leverage. IT sales to the government are a small fraction of the IT sector’s overall revenue, and IT vendors have little incentive to include security features at the behest of government alone. Moreover, there is essentially no history of government regulation of IT products and services, in contrast, say, to the traditional oversight of the electric-power industry. Indeed, we can expect that attempts at such regulation will be fought vigorously, or may fail, because of the likely inability of a regulatory process to keep pace with rapid changes in technology.

Under these circumstances, it seems most desirable to engage the private sector constructively and to emphasize market solutions. For example, IT vendors probably will respond if the private sector demands more security in IT products; if so, security may become a competitive advantage for various IT vendors, much as additional functionality and faster performance are today. At the same time, government may have a role in changing market dynamics in such a way that the private sector does pay more attention to security-related issues.

A second critical dimension of influencing security-related change is the federal government’s nonregulatory role, particularly in its undertaking of research and development of the sorts described above.70 Such R&D might improve security and interoperability, for example, and reduce the costs of implementing such features—thereby making it less painful for vendors to adopt them.

It is not clear which government agency, or agencies, would best be suited to support the above agenda. However, the more important policy issue at present is that the organization of that federal research infrastructure have the attributes itemized below. It would:

70  

Another potentially important aspect of the government’s nonregulatory role, outside the scope of this report, is the leadership role it could play itself with respect to information and network security. For more discussion, see CSTB (2002a).

Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×
  • Engage and support multidisciplinary, problem-oriented research that is useful both to civilian and military users.

  • Have a research program driven by a deep understanding of vulnerabilities. This will likely require access to classified information, even though most of the research will be unclassified.

  • Support a substantial effort in research areas with a long time horizon for payoff. Historically, such investigations have been housed most often in academia, which can conduct research with fewer bottom-line-driven pressures for immediate delivery. This is not to say that private industry has no role. Indeed, because the involvement of industry is critical for deployment, and also is likely to be essential for developing prototypes and mounting field demonstrations, support of both academia and industry (perhaps even jointly) in developmental efforts is highly appropriate.

  • Provide support extending for time scales that are long enough to make meaningful progress on hard problems (perhaps 5-year project durations) and in sufficient amounts that reasonably realistic operating environments for the technology could be constructed (perhaps $2 million to $5 million per year per site for system-oriented research programs).

  • Invest some small fraction of its budget on thinking “outside the box” in consideration (and possible creation) of alternative futures.

  • Be more tolerant of research directions that appear not to promise immediate applicability. Research programs, especially in IT, are often—even generally—more “messy” than research managers would like. The desire to terminate unproductive lines of inquiry is understandable, and sometimes entirely necessary, in a constrained budget environment. On the other hand, it is frequently very hard to distinguish between (A) a line of inquiry that will never be productive and (B) one that may take some time and determined effort to be productive. While an intellectually robust research program must be expected to go down some blind alleys occasionally, the current political environment punishes such blind alleys as being of Type A, with little apparent regard for the possibility that they might be Type B.

  • Be overseen by a board or other entity with sufficient stature to attract top talent, provide useful feedback, and be an effective sounding board for that talent.

  • Pay attention to the human resources needed to sustain the counterterrorism information technology research agenda. This need is especially apparent in the fields of information and network security and emergency communications. Only a very small fraction of the nation’s graduating doctoral students in information technology specialize in either of these fields, only a very few professors conduct research in these areas, and only a very few universities support research programs in these fields.

One additional attribute of this R&D infrastructure would be desirable,

Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×

though it is not clear how it might be achieved.71 The success of the nation’s R&D enterprise in information technology (as well as in other fields) rests in no small part on the ability of researchers to learn from each other in a relatively free and open intellectual environment. Constraining the openness of that environment (e.g., by requiring that research be classified or forbidding certain research from being undertaken) would have obvious negative consequences for researchers and the creation of new knowledge. On the other hand, keeping a counterterrorist agenda in mind, the free and open dissemination of information has potential costs as well, because terrorists may obtain information that they can use against us. Historically, these competing interests have been balanced—with more of one in exchange for less of the other. But the committee believes (or at least hopes) that there are other ways of reconciling the undeniable tension, and calls for some thought to be given to a solution to this dilemma that does not demand such a trade-off. If such a solution can be found, it should be a design characteristic of the R&D infrastructure.

Finally, successfully addressing the privacy and confidentiality issues that arise in counterterrorism efforts will be critical for the deployment of many information technologies. These issues are serious enough to merit their own research efforts, though not at the scale and intensity that the other areas might warrant.

REFERENCES

Brooks, Frederick P. 1975. The Mythical Man-Month. Addison-Wesley, Boston, Mass.


Christen, Hank, et al. 2001. “An Overview of Incident Management,” Perspectives on Preparedness, No. 4, September. Available online at <http:ksgnotes1.harvard.edu/BCSIA/Library.nsf/pubs/POP4>.

Computer Science and Telecommunications Board, National Research Council. 1990. Computers at Risk: Safe Computing in the Information Age, National Academy Press, Washington, D.C.

Computer Science and Telecommunications Board, National Research Council. 1996. Computing and Communications in the Extreme: Research for Crisis Management and Other Applications, National Academy Press, Washington, D.C.

Computer Science and Telecommunications Board, National Research Council. 1997. The Evolution of Untethered Communications, National Academy Press, Washington, D.C.

Computer Science and Telecommunications Board, National Research Council. 1999a. Information Technology Research for Crisis Management, National Academy Press, Washington, D.C.

Computer Science and Telecommunications Board, National Research Council. 1999b. Trust in Cyberspace, National Academy Press, Washington, D.C.

Computer Science and Telecommunications Board, National Research Council. 1999c. Realizing the Potential of C4I: Fundamental Challenges, National Academy Press, Washington, D.C.

71  

A Computer Science and Telecommunications Board study in progress on improving cybersecurity research in the United States will address this question.

Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×

Computer Science and Telecommunications Board, National Research Council. 2001a. Embedded, Everywhere: A Research Agenda for Networked Systems of Embedded Computers, National Academy Press, Washington, D.C.

Computer Science and Telecommunications Board, National Research Council. 2001b. The Internet’s Coming of Age, National Academy Press, Washington, D.C.

Computer Science and Telecommunications Board, National Research Council. 2002a. Cybersecurity Today and Tomorrow: Pay Now or Pay Later, National Academy Press, Washington, D.C.

Computer Science and Telecommunications Board, National Research Council. 2002b. IDs—Not That Easy: Questions About Nationwide Identity Systems, National Academy Press, Washington, D.C.

Computer Science and Telecommunications Board, National Research Council. 2002. Intersections Between Geospatial Information and Information Technology, National Academy Press, Washington, D.C., in preparation.

Convergence Working Group. 2002. Report on the Impact of Network Convergence on NS/EP Telecommunications: Findings and Recommendations, February.


Disabatino, Jennifer. 2001. “Court Order Shuts Down Dept. of Interior Web Sites,” Computerworld, December 17.


Hightower, J., and G. Boriello. 2001. “Location Systems for Ubiquitous Computing,” IEEE Computer, Vol. 33, No. 8, August.


National Institute of Standards and Technology. 2002. “The Economic Impact of Role-Based Access Controls,” March.


U.S. House of Representatives, Committee on Science. 2001. “Boehlert Gives Cyber Security Address at ITAA Forum,” press release, December 12.

Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×
Page 135
Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×
Page 136
Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×
Page 137
Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×
Page 138
Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×
Page 139
Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×
Page 140
Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×
Page 141
Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×
Page 142
Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×
Page 143
Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×
Page 144
Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×
Page 145
Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×
Page 146
Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×
Page 147
Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×
Page 148
Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×
Page 149
Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×
Page 150
Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×
Page 151
Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×
Page 152
Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×
Page 153
Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×
Page 154
Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×
Page 155
Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×
Page 156
Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×
Page 157
Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×
Page 158
Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×
Page 159
Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×
Page 160
Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×
Page 161
Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×
Page 162
Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×
Page 163
Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×
Page 164
Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×
Page 165
Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×
Page 166
Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×
Page 167
Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×
Page 168
Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×
Page 169
Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×
Page 170
Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×
Page 171
Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×
Page 172
Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×
Page 173
Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×
Page 174
Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×
Page 175
Suggested Citation:"5. Information Technology." National Research Council. 2002. Making the Nation Safer: The Role of Science and Technology in Countering Terrorism. Washington, DC: The National Academies Press. doi: 10.17226/10415.
×
Page 176
Next: 6. Energy Systems »
Making the Nation Safer: The Role of Science and Technology in Countering Terrorism Get This Book
×
Buy Paperback | $65.00 Buy Ebook | $54.99
MyNAP members save 10% online.
Login or Register to save!
Download Free PDF

Vulnerabilities abound in U.S. society. The openness and efficiency of our key infrastructures — transportation, information and telecommunications systems, health systems, the electric power grid, emergency response units, food and water supplies, and others — make them susceptible to terrorist attacks. Making the Nation Safer discusses technical approaches to mitigating these vulnerabilities.

A broad range of topics are covered in this book, including:

  • Nuclear and radiological threats, such as improvised nuclear devices and "dirty bombs;"
  • Bioterrorism, medical research, agricultural systems and public health;
  • Toxic chemicals and explosive materials;
  • Information technology, such as communications systems, data management, cyber attacks, and identification and authentication systems;
  • Energy systems, such as the electrical power grid and oil and natural gas systems;
  • Transportation systems;
  • Cities and fixed infrastructures, such as buildings, emergency operations centers, and tunnels;
  • The response of people to terrorism, such as how quality of life and morale of the population can be a target of terrorists and how people respond to terrorist attacks; and
  • Linked infrastructures, i.e. the vulnerabilities that result from the interdependencies of key systems.

In each of these areas, there are recommendations on how to immediately apply existing knowledge and technology to make the nation safer and on starting research and development programs that could produce innovations that will strengthen key systems and protect us against future threats. The book also discusses issues affecting the government's ability to carry out the necessary science and engineering programs and the important role of industry, universities, and states, counties, and cities in homeland security efforts.

A long term commitment to homeland security is necessary to make the nation safer, and this book lays out a roadmap of how science and engineering can assist in countering terrorism.

  1. ×

    Welcome to OpenBook!

    You're looking at OpenBook, NAP.edu's online reading room since 1999. Based on feedback from you, our users, we've made some improvements that make it easier than ever to read thousands of publications on our website.

    Do you want to take a quick tour of the OpenBook's features?

    No Thanks Take a Tour »
  2. ×

    Show this book's table of contents, where you can jump to any chapter by name.

    « Back Next »
  3. ×

    ...or use these buttons to go back to the previous chapter or skip to the next one.

    « Back Next »
  4. ×

    Jump up to the previous page or down to the next one. Also, you can type in a page number and press Enter to go directly to that page in the book.

    « Back Next »
  5. ×

    Switch between the Original Pages, where you can read the report as it appeared in print, and Text Pages for the web version, where you can highlight and search the text.

    « Back Next »
  6. ×

    To search the entire text of this book, type in your search term here and press Enter.

    « Back Next »
  7. ×

    Share a link to this book page on your preferred social network or via email.

    « Back Next »
  8. ×

    View our suggested citation for this chapter.

    « Back Next »
  9. ×

    Ready to take your reading offline? Click here to buy this book in print or download it as a free PDF, if available.

    « Back Next »
Stay Connected!