The following HTML text is provided to enhance online
readability. Many aspects of typography translate only awkwardly to HTML.
Please use the page image
as the authoritative form to ensure accuracy.
other words, all threats have been considered equally likely,
even if the cost of producing an attack might be prohibitive. If a
threat is considered "possible," it must be addressed by the
Protection models have not been without their problems, as well.
Historically, most attempts at building secure computer systems and
networks have followed the "castle" model: build high, thick walls
with a few well-understood gates. This paradigm is reflected in the
terminology used in information security: firewall, bastion host,
realm, password, domain, and Trojan horse.
This mind-set limits the ideas that can be discussed and thus
the tools that will be developed. Furthermore, approaches focused
on prevention are limited to the scope of the modeled threats and
typically are strictly reactive to demonstrated examples of these
threats. But, to date, no sufficient threat models have been
developed. This approach is the epitome of passive defense, which
is not a viable strategy in the long term as advances in offensive
technologies will always overwhelm a static defense. To go beyond
this focus on prevention to encompass investigation and
prosecution, we need to consider alternate modes of thought about
A deterrent is anything that deters a person from performing
some undesirable action. It can be as simple and direct as a
padlock, or as indirect as strict punishments if a person is caught
Traditional, technical, computer and network security has
focused on building better "locks," stronger "doors," and so on.
Until recently, crimes committed via computer or network were
almost impossible to prosecute. The laws were silent on many
issues, the courts (including juries) were uneducated concerning
computers and networks in general, and law enforcement for such
white-collar crimes was seen as less critical than that for violent
With more awareness of the Internet, the spread of home
computers, and increasing reliance on computing resources for
day-to-day business, there has been a popular push for more legal
deterrents (laws) and for better education for judges, attorneys,
and law-enforcement personnel. As a result of increased media
attention to the Internet and more computers in homes, schools, and
business, it is now no longer impossible to get a jury capable of
understanding the cases.
Law-enforcement resources will always be at a premium, and
crimes against property will always (rightfully) be of less
importance than violent crime. As a result, computer and network
crimes will always be competing for resources against violent
crimes and other, more easily prosecutable ones. In other words,
only the largest, most flagrant computer crimes will ever be
considered in a courtroom.
Analysis and Forecast
Over the next 5 to 7 years, the Internet will most likely become
the de facto national information infrastructure (NII). Talk of
hundreds of channels of TV, videophones, and so on will continue;
but it is access to people and data on demand that has driven and
will continue to drive the growth of the Internet. The Internet is
here, and it works. New technologies such as integrated services
digital network (ISDN) and asynchronous transfer mode (ATM),
higher-speed links, and new protocols such as "IPng" (Internet
ProtocolNext Generation) will become part of the Internet
infrastructure, but it is unlikely that a separate, parallel
network of networks will be constructed.
The problems of making the Internet a safe computing environment
will require significant research and development in the areas
discussed above: threat and protection models, deterrents, and