Trust in Cyberspace
Committee on Information Systems Trustworthiness, National Research Council (1999) 352 pages   6 x 9

F

Some Related Trustworthiness Studies

    









Computers at Risk: Safe Computing in the Information Age

Computers at Risk: Safe Computing in the Information Age (CSTB, 1991) focused on security—getting more and better computer and communications security into use, thereby raising the floor for all, rather than concentrating on special needs related to handling classified government information. The report responded to prevailing conditions of limited awareness by the public, system developers, system operators, and policymakers. To help set and raise expectations about system security, the study recommended the following:

• Development and promulgation of a comprehensive set of generally accepted security system principles (GSSP);

• Creation of a repository of data about incidents;

• Education in practice, ethics, and engineering of secure systems; and

• Establishment of a new institution to implement these recommendations.

The report also analyzed and suggested remedies for the failure of the marketplace to substantially increase the supply of security technology; export control criteria and procedures were named as one of many contributing factors. Observing that university-based research in computer

286 Appendix f

    











security was at a "dangerously low level," the report mentioned broad areas where research should be pursued.

Report of the Defense Science Board Task Force on Information Warfare Defense (IW-D)

Produced by a Defense Science Board task force, Report of the Defense Science Board Task Force on Information Warfare Defense (IW-D) (Defense Science Board, 1996) focused on defending against cyber-threats and information warfare. The task force documented an increasing military dependence on networked information infrastructures, analyzed vulnerabilities of the current networked information infrastructure, discussed actual attacks on that infrastructure, and formulated a list of threats (Box F.1) that has been discussed broadly within the Department of Defense (DOD) and elsewhere. The task force concluded:

. . . there is a need for extraordinary action to deal with the present and emerging challenges of defending against possible information warfare attacks on facilities, information, information systems, and networks of the United States which [sic] would seriously affect the ability of the Department of Defense to carry out its assigned missions and functions.

Some of the task force recommendations answered organizational questions: Where might various functions in support of IW-D be placed

BOX F.1

Taxonomy of Threats

• Hackers driven by technical challenge

• Disgruntled employees or customers seeking revenge

• Crooks interested in personal financial gain or stealing services

• Organized crime operations interested in financial gain or covering criminal activity

• Organized terrorist groups or nation-states trying to influence U.S. policy by isolated attacks

• Foreign espionage agents seeking to exploit information for economic, political, or military purposes

• Tactical countermeasures intended to disrupt specific U.S. military weapons or command systems

• Multifaceted tactical information warfare applied in a broad, orchestrated manner to disrupt a major U.S. military mission

• Large organized groups or major nation-states intent on overthrowing the United States

SOURCE: Defense Science Board (1996).

appendix f 287

    











and how might they be staffed and managed within the DOD? How might senior-level government and industry leaders be made aware of vulnerabilities and their implications? What legislation is needed? How can current infrastructure dependencies and vulnerabilities be determined? How can information about ongoing threats and attacks be characterized and disseminated?

The other recommendations concerned both short- and longer-term technical means for repelling attacks. The task force urged greater use of existing security technology, certain controversial encryption technology,1 and the construction of a minimum essential information infrastructure (MEII). It also suggested a research program for furthering the development of the following:

• System architectures that degrade gracefully and are resilient to failures or attacks directed at single components;

• Methods for modeling, monitoring, and managing large-scale distributed systems; and

• Tools and techniques for automated detection and analysis of localized or coordinated large-scale attacks, and tools and methods for predicting anticipated performance of survivable distributed systems.

The task force noted the low levels of activity concerning computer security and survivable systems at universities.

Critical Foundations: Protecting America's Infrastructures

The President's Commission on Critical Infrastructure Protection, whose members were drawn from the private and public sector, studied infrastructures that are critical to the security, public welfare, and economic strength of the United States: information and communications (e.g., telecommunications), physical distribution (e.g., rail, air, and mass transport), energy (e.g., electric power generation and distribution), banking and finance, and vital human services (e.g., water supply, fire fighting, and rescue). In its report, Critical Foundations: Protecting America's Infrastructures (PCCIP, 1997), the commission concluded that all these infrastructures were increasingly vulnerable to physical and cyber-threats. And although the threat of cyber-attacks today appears to be small, the

1Specifically, the task force recommended the deployment of the Multilevel Information Systems Security Initiative (MISSI) and escrowed encryption. Those topics are discussed in Chapters 4 and 6 of the present report.

288 Appendix f

    











prospect for such attacks in the future was found to be significant.2 Along with the increasing threat, the commission noted an absence of any national focus for infrastructure protection. Formation of a public-private partnership was urged. Private-sector involvement was advocated because infrastructure owners and operators, having the expertise and incentive, are best positioned to protect against and detect infrastructure attacks. Federal government involvement is needed to facilitate collection and dissemination of information about tools, threats, and intent. The federal government also is ideally situated for detection of coordinated attacks, for overseeing defense-in-depth and defenses across infrastructures, and for reducing the possibility that disturbances or attacks could propagate within and across critical infrastructures.

Broad public awareness regarding the nature and extent of cyber-threats is a necessary part of any defense that hinges on private-sector participation. Programs were recommended to elevate public awareness of infrastructure threats, vulnerabilities, and interdependencies. The commission also recommended considering legislation that would enable federal and private-sector responses to infrastructure vulnerabilities and attacks. The government was also counseled by the commission to serve as a role model for the private sector in the use of standards and best practices, taking precautions that are proportionate to the threat and the value of what is being protected. Substantially increased support for research was recommended by the commission; the present level of funding3 was deemed insufficient for future needs (Davis, 1997). Federal support is crucial—for sound business reasons, the private sector is not likely to invest significant resources in longer-term research that could fuel needed advances. The research and development vision articulated by the commission starts with $500 million for fiscal year 1999 and climbs to $1 billion in 2004 for government-sponsored basic research; and the vision has the private sector using that basic research to create new technology for infrastructure protection.

The commission suggests a range of research topics. Those concerning networked computer systems and cyber-threats include the following:

• Information assurance: The effective protection of the communications infrastructure and the information created, stored, processed, and transmitted on it.

2The report notes that attackers' tools are becoming more advanced and more accessible, so less skill is needed to launch ever more sophisticated attacks. Moreover, the increasing interconnectivity and complexity of critical infrastructures increase their vulnerability.

3Government funding was estimated at $150 million per year and industrial funding at $1 billion to $1.5 billion per year.

appendix f 289

    











• Monitoring and threat detection: Reliable automated monitoring and detection systems, timely and effective information collection technologies, and efficient data reduction and analysis tools for identifying and characterizing localized or coordinated large-scale attacks against infrastructure.

• Vulnerability assessment and systems analysis: Methods and tools to identify critical nodes within infrastructures, to examine infrastructure interdependencies, and to help understand the behavior of complex systems.

• Risk management and decision support: Methods and tools to help decision makers prioritize the use of finite resources to reduce risk.

• Protection and mitigation: System control and containment and isolation technologies to protect systems against the spectrum of threats.

• Contingency planning, incident response, and recovery: Methods and tools for planning for, responding to, and recovering from incidents such as natural disasters and physical and cyber-based attacks that affect local or national infrastructures.

Cryptography's Role in Securing
the Information Society

A number of mechanisms for enhancing information system trustworthiness depend on the use of cryptography. Cryptography, however, is a double-edged sword. It can help legitimate businesses and law-abiding citizens keep information confidential, but it can help organized crime and terrorists keep information confidential. Conflict between the protection of confidential information for legitimate businesses and law-abiding citizens and the need for law enforcement and intelligence agencies to obtain information has fueled a U.S. policy debate concerning both import/export restrictions and domestic deployment of cryptography.

The issues are subtle. They were explored during an 18-month study by the National Research Council's Computer Science and Telecommunications Board (CSTB)—the so-called CRISIS report (an acronym of the report's full title) edited by Dam and Lin (CSTB, 1996)—that was completed just as the present NIS trustworthiness study was getting under way. Bringing together a wide range of perspectives on the subject, the CRISIS report concluded that the then-current U.S. cryptography policy4 was not adequate to support the information security requirements of an information society. Although acknowledging that increased use of cryptography placed an increased burden on law enforcement and intelli

4The report was released in May 1996.

290 Appendix f

    











gence activities, the CRISIS report asserted that the interests of the nation overall would be best served by a policy that fosters a judicious transition toward broad use of cryptography.

CRISIS does not make recommendations for further research, so it is unlike the other studies just surveyed. What CRISIS does say is directly relevant to the present study in two ways. First, the existence of CRISIS helped delimit the scope of the present study. With CRISIS in hand, the present study was freed to concentrate on other aspects of information systems trustworthiness. Second, CRISIS provides a foundation for the present study's discussions about cryptography policy and its implications regarding widespread deployment of cryptography. As discussed in Chapters 2, 4, and 6 of the present study, the broad availability of cryptography can affect how NIS trustworthiness problems are solved.

References

Computer Science and Telecommunications Board (CSTB), National Research Council. 1991. Computers at Risk: Safe Computing in the Information Age. Washington, DC: National Academy Press.

Computer Science and Telecommunications Board (CSTB), National Research Council. 1996. Cryptography's Role in Securing the Information Society, Kenneth W. Dam and Herbert S. Lin, eds. Washington, DC: National Academy Press.

Davis, John C. 1997. (Draft) Research and Development Recommendations for Protecting and Assuring Critical National Infrastructures. Washington, DC: President's Commission on Critical Infrastructure Protection, December 7.

Defense Science Board. 1996. Report of the Defense Science Board Task Force on Information Warfare Defense (IW-D). Washington, DC: Office of the Under Secretary of Defense for Acquisition and Technology, November 21.

President's Commission on Critical Infrastructure Protection (PCCIP). 1997. Critical Foundations: Protecting America's Infrastructures. Washington, DC: PCCIP, October.