other words, all threats have been considered equally likely, even if the cost of producing an attack might be prohibitive. If a threat is considered "possible," it must be addressed by the protection model.
Protection models have not been without their problems, as well. Historically, most attempts at building secure computer systems and networks have followed the "castle" model: build high, thick walls with a few well-understood gates. This paradigm is reflected in the terminology used in information security: firewall, bastion host, realm, password, domain, and Trojan horse.
This mind-set limits the ideas that can be discussed and thus the tools that will be developed. Furthermore, approaches focused on prevention are limited to the scope of the modeled threats and typically are strictly reactive to demonstrated examples of these threats. But, to date, no sufficient threat models have been developed. This approach is the epitome of passive defense, which is not a viable strategy in the long term as advances in offensive technologies will always overwhelm a static defense. To go beyond this focus on prevention to encompass investigation and prosecution, we need to consider alternate modes of thought about information security.
A deterrent is anything that deters a person from performing some undesirable action. It can be as simple and direct as a padlock, or as indirect as strict punishments if a person is caught and convicted.
Traditional, technical, computer and network security has focused on building better "locks," stronger "doors," and so on. Until recently, crimes committed via computer or network were almost impossible to prosecute. The laws were silent on many issues, the courts (including juries) were uneducated concerning computers and networks in general, and law enforcement for such white-collar crimes was seen as less critical than that for violent crime.
With more awareness of the Internet, the spread of home computers, and increasing reliance on computing resources for day-to-day business, there has been a popular push for more legal deterrents (laws) and for better education for judges, attorneys, and law-enforcement personnel. As a result of increased media attention to the Internet and more computers in homes, schools, and business, it is now no longer impossible to get a jury capable of understanding the cases.
Law-enforcement resources will always be at a premium, and crimes against property will always (rightfully) be of less importance than violent crime. As a result, computer and network crimes will always be competing for resources against violent crimes and other, more easily prosecutable ones. In other words, only the largest, most flagrant computer crimes will ever be considered in a courtroom.
Over the next 5 to 7 years, the Internet will most likely become the de facto national information infrastructure (NII). Talk of hundreds of channels of TV, videophones, and so on will continue; but it is access to people and data on demand that has driven and will continue to drive the growth of the Internet. The Internet is here, and it works. New technologies such as integrated services digital network (ISDN) and asynchronous transfer mode (ATM), higher-speed links, and new protocols such as "IPng" (Internet ProtocolNext Generation) will become part of the Internet infrastructure, but it is unlikely that a separate, parallel network of networks will be constructed.
The problems of making the Internet a safe computing environment will require significant research and development in the areas discussed above: threat and protection models, deterrents, and law-enforcement resources.