synergies: ISF should develop GSSP, develop flexible evaluation techniques to assess compliance with GSSP, conduct research related to GSSP and evaluation, develop and maintain an incident-tracking system, provide education and training services, broker and enhance communications between commercial and national security interests, and participate in international standardization and harmonization efforts for commercial security practice. In doing these things it would have to coordinate its activities with agencies and other organizations significantly involved in computer security. The ISF would need the highest level of governmental support; the strongest expression of such support would be a congressional charter.
Although the System Security Study Committee focused on computer and communications security, its recommendations would also support efforts to enhance other aspects of systems such as reliability and safety. It does not make sense to address these problems separately. Many of the methods and techniques that make systems more secure make them more trustworthy in general. The committee has framed several of its recommendations so as to recognize the more general objective of making systems more Strustworthy, and specifically to accommodate safety as well as security. The committee believes it is time to consider all of these issues together, to benefit from economies in developing multipurpose safeguards, and to minimize any trade-offs.
With this report, the committee underscores the need to launch now a process that will unfold over a period of years, and that, by limiting the incidence and impact of disruptions, will help society to make the most of computer and communications systems.