@BOOK{NAP author = "National Research Council", title = "Proceedings of a Workshop on Deterring Cyberattacks: Informing Strategies and Developing Options for U.S. Policy", isbn = "978-0-309-16035-3", abstract = "In a world of increasing dependence on information technology, the prevention of cyberattacks on a nation's important computer and communications systems and networks is a problem that looms large. Given the demonstrated limitations of passive cybersecurity defense measures, it is natural to consider the possibility that deterrence might play a useful role in preventing cyberattacks against the United States and its vital interests. At the request of the Office of the Director of National Intelligence, the National Research Council undertook a two-phase project aimed to foster a broad, multidisciplinary examination of strategies for deterring cyberattacks on the United States and of the possible utility of these strategies for the U.S. government. \n\nThe first phase produced a letter report providing basic information needed to understand the nature of the problem and to articulate important questions that can drive research regarding ways of more effectively preventing, discouraging, and inhibiting hostile activity against important U.S. information systems and networks. \n\nThe second phase of the project entailed selecting appropriate experts to write papers on questions raised in the letter report. A number of experts, identified by the committee, were commissioned to write these papers under contract with the National Academy of Sciences. Commissioned papers were discussed at a public workshop held June 10-11, 2010, in Washington, D.C., and authors revised their papers after the workshop. \n\nAlthough the authors were selected and the papers reviewed and discussed by the committee, the individually authored papers do not reflect consensus views of the committee, and the reader should view these papers as offering points of departure that can stimulate further work on the topics discussed. The papers presented in this volume are published essentially as received from the authors, with some proofreading corrections made as limited time allowed.", url = "https://nap.nationalacademies.org/catalog/12997/proceedings-of-a-workshop-on-deterring-cyberattacks-informing-strategies-and", year = 2010, publisher = "The National Academies Press", address = "Washington, DC" } @BOOK{NAP author = "National Research Council", editor = "Stephen T. Kent and Lynette I. Millett", title = "Who Goes There?: Authentication Through the Lens of Privacy", isbn = "978-0-309-08896-1", abstract = "Who Goes There?: Authentication Through the Lens of Privacy explores authentication\ntechnologies (passwords, PKI, biometrics, etc.) and their implications for the privacy\nof the individuals being authenticated. As authentication becomes ever more ubiquitous,\nunderstanding its interplay with privacy is vital. The report examines numerous\nconcepts, including authentication, authorization, identification, privacy, and security.\nIt provides a framework to guide thinking about these issues when deciding whether\nand how to use authentication in a particular context. The book explains how privacy\nis affected by system design decisions. It also describes government\u2019s unique role\nin authentication and what this means for how government can use authentication\nwith minimal invasions of privacy. In addition, Who Goes There? outlines usability and\nsecurity considerations and provides a primer on privacy law and policy.", url = "https://nap.nationalacademies.org/catalog/10656/who-goes-there-authentication-through-the-lens-of-privacy", year = 2003, publisher = "The National Academies Press", address = "Washington, DC" } @BOOK{NAP author = "National Research Council", editor = "William A. Owens and Kenneth W. Dam and Herbert S. Lin", title = "Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities", isbn = "978-0-309-13850-5", abstract = "The United States is increasingly dependent on information and information technology for both civilian and military purposes, as are many other nations. Although there is a substantial literature on the potential impact of a cyberattack on the societal infrastructure of the United States, little has been written about the use of cyberattack as an instrument of U.S. policy. \n\nCyberattacks--actions intended to damage adversary computer systems or networks--can be used for a variety of military purposes. But they also have application to certain missions of the intelligence community, such as covert action. They may be useful for certain domestic law enforcement purposes, and some analysts believe that they might be useful for certain private sector entities who are themselves under cyberattack. This report considers all of these applications from an integrated perspective that ties together technology, policy, legal, and ethical issues.\n\nFocusing on the use of cyberattack as an instrument of U.S. national policy, Technology, Policy, Law and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities explores important characteristics of cyberattack. It describes the current international and domestic legal structure as it might apply to cyberattack, and considers analogies to other domains of conflict to develop relevant insights. Of special interest to the military, intelligence, law enforcement, and homeland security communities, this report is also an essential point of departure for nongovernmental researchers interested in this rarely discussed topic.", url = "https://nap.nationalacademies.org/catalog/12651/technology-policy-law-and-ethics-regarding-us-acquisition-and-use-of-cyberattack-capabilities", year = 2009, publisher = "The National Academies Press", address = "Washington, DC" } @BOOK{NAP author = "National Research Council", title = "Critical Code: Software Producibility for Defense", isbn = "978-0-309-15948-7", abstract = "Critical Code contemplates Department of Defense (DoD) needs and priorities for software research and suggests a research agenda and related actions. Building on two prior books\u2014Summary of a Workshop on Software Intensive Systems and Uncertainty at Scale and Preliminary Observations on DoD Software Research Needs and Priorities\u2014the present volume assesses the nature of the national investment in software research and, in particular, considers ways to revitalize the knowledge base needed to design, produce, and employ software-intensive systems for tomorrow's defense needs. \nCritical Code discusses four sets of questions:\n\n To what extent is software capability significant for the DoD? Is it becoming more or less significant and strategic in systems development?\n Will the advances in software producibility needed by the DoD emerge unaided from industry at a pace sufficient to meet evolving defense requirements?\n What are the opportunities for the DoD to make more effective use of emerging technology to improve software capability and software producibility?\n In which technology areas should the DoD invest in research to advance defense software capability and producibility?\n", url = "https://nap.nationalacademies.org/catalog/12979/critical-code-software-producibility-for-defense", year = 2010, publisher = "The National Academies Press", address = "Washington, DC" } @BOOK{NAP author = "National Research Council", title = "Improving State Voter Registration Databases: Final Report", isbn = "978-0-309-14621-0", abstract = "Improving State Voter Registration Databases outlines several actions that are needed to help make voter registration databases capable of sharing information within state agencies and across state lines. These include short-term changes to improve education, dissemination of information, and administrative processes, and long-term changes to make improvements in data collection and entry, matching procedures, and ensure privacy and security.", url = "https://nap.nationalacademies.org/catalog/12788/improving-state-voter-registration-databases-final-report", year = 2010, publisher = "The National Academies Press", address = "Washington, DC" }