tion and network security. Ultimately, the strengthening of the nation’s IT infrastructure can improve our ability to prevent, detect, respond to, and recover from terrorist attacks on the nation.11
The shape of a strategic research and development agenda is described below. However, it should be noted that this agenda has broad applicability to efforts against terrorism, against information warfare, and against cybercrime. While the scope and complexity of issues with respect to each of these areas may well vary (e.g., an agenda focused on cybercrime may place more emphasis on forensics useful in prosecution), the committee believes that there is enough overlap in the research problems and approaches to make it unwise to articulate a separate R&D agenda for each area.
Developing a significantly less vulnerable information infrastructure is an important long-term goal for the country. This long-term goal must focus on the creation of new technologies and paradigms for enhancing security and reducing the impact of security breaches. In the meantime, the IT vulnerabilities of the first-responder network should receive priority attention. Efforts should focus on hardening first responders’ communications capability, as well as those portions of their computing systems devoted to coordination and control of an emergency response.
Existing technology can be used to achieve many of the improvements needed in telecommunications and computing. Unfortunately, the expertise to achieve a more secure system often does not reside within the host organizations—this may be the case, for example, in local and state government. These realities lead, then, to three short-term recommendations:
Short-Term Recommendation 5.1: Develop a program to increase the security of emergency-response agencies’ communications systems against attack, based on the use of existing technologies (perhaps slightly enhanced).
Some possible options include a separate emergency-response communications network that is deployed in the immediate aftermath of a disaster, and the use of the public network to support virtual private networks, with priority given to traffic from emergency responders. Given the fact that emergency-response agencies are largely state and local, no federal agency has the responsibility and authority to carry out this recommendation. Thus it would likely have to rely on incentives (probably financial) to persuade state and local responders to participate.