of-service attack.4 Second, some IT element may be physically destroyed (e.g., a critical data center or communications link blown up) or compromised (e.g., IT hardware surreptitiously modified in the distribution chain). Third, a trusted insider may be compromised (such a person, for instance, may provide passwords that permit outsiders to gain entry);5 such insiders may also be conduits for hostile software or hardware modifications. All of these modes are possible and, because of the highly public and accessible nature of our IT infrastructure and of our society in general, it is impossible to fully secure this infrastructure against them. Nor are they mutually exclusive, and in practice they can be combined to produce even more destructive effects.

4  

A “through-the-wires” attack is conducted entirely at a distance and requires no physical proximity to the target.

5  

Computer Science and Telecommunications Board, National Research Council. 1999. Trust in Cyberspace. National Academy Press, Washington, D.C.



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement