%0 Book %A National Research Council %T Proceedings of a Workshop on Deterring Cyberattacks: Informing Strategies and Developing Options for U.S. Policy %@ 978-0-309-16035-3 %D 2010 %U https://nap.nationalacademies.org/catalog/12997/proceedings-of-a-workshop-on-deterring-cyberattacks-informing-strategies-and %> https://nap.nationalacademies.org/catalog/12997/proceedings-of-a-workshop-on-deterring-cyberattacks-informing-strategies-and %I The National Academies Press %C Washington, DC %G English %K Conflict and Security Issues %K Computers and Information Technology %P 400 %X In a world of increasing dependence on information technology, the prevention of cyberattacks on a nation's important computer and communications systems and networks is a problem that looms large. Given the demonstrated limitations of passive cybersecurity defense measures, it is natural to consider the possibility that deterrence might play a useful role in preventing cyberattacks against the United States and its vital interests. At the request of the Office of the Director of National Intelligence, the National Research Council undertook a two-phase project aimed to foster a broad, multidisciplinary examination of strategies for deterring cyberattacks on the United States and of the possible utility of these strategies for the U.S. government. The first phase produced a letter report providing basic information needed to understand the nature of the problem and to articulate important questions that can drive research regarding ways of more effectively preventing, discouraging, and inhibiting hostile activity against important U.S. information systems and networks. The second phase of the project entailed selecting appropriate experts to write papers on questions raised in the letter report. A number of experts, identified by the committee, were commissioned to write these papers under contract with the National Academy of Sciences. Commissioned papers were discussed at a public workshop held June 10-11, 2010, in Washington, D.C., and authors revised their papers after the workshop. Although the authors were selected and the papers reviewed and discussed by the committee, the individually authored papers do not reflect consensus views of the committee, and the reader should view these papers as offering points of departure that can stimulate further work on the topics discussed. The papers presented in this volume are published essentially as received from the authors, with some proofreading corrections made as limited time allowed. %0 Book %A National Research Council %E Kent, Stephen T. %E Millett, Lynette I. %T Who Goes There?: Authentication Through the Lens of Privacy %@ 978-0-309-08896-1 %D 2003 %U https://nap.nationalacademies.org/catalog/10656/who-goes-there-authentication-through-the-lens-of-privacy %> https://nap.nationalacademies.org/catalog/10656/who-goes-there-authentication-through-the-lens-of-privacy %I The National Academies Press %C Washington, DC %G English %K Computers and Information Technology %P 232 %X Who Goes There?: Authentication Through the Lens of Privacy explores authentication technologies (passwords, PKI, biometrics, etc.) and their implications for the privacy of the individuals being authenticated. As authentication becomes ever more ubiquitous, understanding its interplay with privacy is vital. The report examines numerous concepts, including authentication, authorization, identification, privacy, and security. It provides a framework to guide thinking about these issues when deciding whether and how to use authentication in a particular context. The book explains how privacy is affected by system design decisions. It also describes government’s unique role in authentication and what this means for how government can use authentication with minimal invasions of privacy. In addition, Who Goes There? outlines usability and security considerations and provides a primer on privacy law and policy. %0 Book %A National Research Council %E Owens, William A. %E Dam, Kenneth W. %E Lin, Herbert S. %T Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities %@ 978-0-309-13850-5 %D 2009 %U https://nap.nationalacademies.org/catalog/12651/technology-policy-law-and-ethics-regarding-us-acquisition-and-use-of-cyberattack-capabilities %> https://nap.nationalacademies.org/catalog/12651/technology-policy-law-and-ethics-regarding-us-acquisition-and-use-of-cyberattack-capabilities %I The National Academies Press %C Washington, DC %G English %K Conflict and Security Issues %K Computers and Information Technology %P 390 %X The United States is increasingly dependent on information and information technology for both civilian and military purposes, as are many other nations. Although there is a substantial literature on the potential impact of a cyberattack on the societal infrastructure of the United States, little has been written about the use of cyberattack as an instrument of U.S. policy. Cyberattacks--actions intended to damage adversary computer systems or networks--can be used for a variety of military purposes. But they also have application to certain missions of the intelligence community, such as covert action. They may be useful for certain domestic law enforcement purposes, and some analysts believe that they might be useful for certain private sector entities who are themselves under cyberattack. This report considers all of these applications from an integrated perspective that ties together technology, policy, legal, and ethical issues. Focusing on the use of cyberattack as an instrument of U.S. national policy, Technology, Policy, Law and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities explores important characteristics of cyberattack. It describes the current international and domestic legal structure as it might apply to cyberattack, and considers analogies to other domains of conflict to develop relevant insights. Of special interest to the military, intelligence, law enforcement, and homeland security communities, this report is also an essential point of departure for nongovernmental researchers interested in this rarely discussed topic. %0 Book %A National Research Council %T Critical Code: Software Producibility for Defense %@ 978-0-309-15948-7 %D 2010 %U https://nap.nationalacademies.org/catalog/12979/critical-code-software-producibility-for-defense %> https://nap.nationalacademies.org/catalog/12979/critical-code-software-producibility-for-defense %I The National Academies Press %C Washington, DC %G English %K Computers and Information Technology %K Conflict and Security Issues %P 160 %X Critical Code contemplates Department of Defense (DoD) needs and priorities for software research and suggests a research agenda and related actions. Building on two prior books—Summary of a Workshop on Software Intensive Systems and Uncertainty at Scale and Preliminary Observations on DoD Software Research Needs and Priorities—the present volume assesses the nature of the national investment in software research and, in particular, considers ways to revitalize the knowledge base needed to design, produce, and employ software-intensive systems for tomorrow's defense needs. Critical Code discusses four sets of questions: To what extent is software capability significant for the DoD? Is it becoming more or less significant and strategic in systems development? Will the advances in software producibility needed by the DoD emerge unaided from industry at a pace sufficient to meet evolving defense requirements? What are the opportunities for the DoD to make more effective use of emerging technology to improve software capability and software producibility? In which technology areas should the DoD invest in research to advance defense software capability and producibility? %0 Book %A National Research Council %T Improving State Voter Registration Databases: Final Report %@ 978-0-309-14621-0 %D 2010 %U https://nap.nationalacademies.org/catalog/12788/improving-state-voter-registration-databases-final-report %> https://nap.nationalacademies.org/catalog/12788/improving-state-voter-registration-databases-final-report %I The National Academies Press %C Washington, DC %G English %K Policy for Science and Technology %K Industry and Labor %K Behavioral and Social Sciences %P 128 %X Improving State Voter Registration Databases outlines several actions that are needed to help make voter registration databases capable of sharing information within state agencies and across state lines. These include short-term changes to improve education, dissemination of information, and administrative processes, and long-term changes to make improvements in data collection and entry, matching procedures, and ensure privacy and security.