messages, fetching large numbers of Web pages). Protecting against such attacks is often difficult because they represent normal system usage carried to the extreme. Physical security of system resources and firewall protection for intranet access are both important steps, although the firewall itself is subject to service and resource overload attacks. Beyond that, system staff awareness and vigilance are essential, including the ability to identify the nature of a problem and trace the source to seek remedy. It is essential to keep up with community reports of vulnerabilities and solutions through agencies such as the CERT Coordination Center at Carnegie Mellon University.13

Encryption

Encryption technologies are the basis for many of the technological tools available to help secure computer-based information. Such technologies have received much attention in the popular press recently in terms of protecting Internet commerce, in terms of protecting the infrastructure of the Internet itself, and in terms of arguments for and against continued export control on products employing strong encryption tools.14 Encryption can serve a number of uses in health care settings, including the following:

  • Being the basis of strong user and computer authentication and access control;
  • Protecting stored information or on-line communications against snooping or eavesdropping;
  • Validating information content against unauthorized and undetected modification; and
  • Validating the origin and content of physician orders, or other critical transactions and documenting the fact that they took place through the use of digital signatures.

Two points should be noted about cryptographic technology. The

13  

The CERT Coordination Center is the organization that grew from the computer emergency response team formed by the Defense Advanced Research Projects Agency in November 1988 in response to the needs indentified during the Internet worm incident. The CERT charter is to work with the Internet community to facilitate its response to computer security events involving Internet hosts, to take proactive steps to raise the community's awareness of computer security issues, and to conduct research targeted at improving the security of existing systems (see www.cert.org).

14  

Computer Science and Telecommunications Board, National Research Council. 1996. Cryptography's Role in Securing the Information Society. National Academy Press, Washington, D.C.



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement