and terror are more likely to use a physical attack than an attack that targets IT exclusively.

WHAT CAN BE DONE NOW: SHORT-TERM RECOMMENDATIONS

The committee makes two short-term recommendations with respect to the nation’s communications and information systems.

Short-Term Recommendation 1: The nation should develop a program that focuses on the communications and computing needs of emergency responders. Such a program would have two essential components:

  • Ensuring that authoritative, current-knowledge expertise and support regarding IT are available to emergency-response agencies prior to and during emergencies, including terrorist attacks.

  • Upgrading the capabilities of the command, control, communications, and intelligence (C3I) systems of emergency-response agencies through the use of existing technologies. Such upgrades might include transitioning from analog to digital systems and deploying a separate emergency-response communications network in the aftermath of a disaster.

Short-Term Recommendation 2: The nation should promote the use of best practices in information and network security in all relevant public agencies and private organizations.

  • For IT users on the operational level: Ensure that adequate information-security tools are available. Conduct frequent, unannounced red-team penetration testing of deployed systems. Promptly fix problems and vulnerabilities that are known. Mandate the use of strong authentication mechanisms. Use defense-in-depth in addition to perimeter defense.

  • For IT vendors: Develop tools to monitor systems automatically for consistency with defined secure configurations. Provide well-engineered schemes for user authentication based on hardware tokens. Conduct more rigorous testing of software and systems for security flaws.

  • For the federal government: Position critical federal information systems as models for good security practices. Remedy the failure of the market to account adequately for information security so that appropriate market pro-security mechanisms develop.



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement