Cybersecurity Today and Tomorrow Pay Now or Pay Later (2002) / Chapter Skim
Currently Skimming:
2 Excerpts from Earlier CSTB Reports
2 Excerpts from Earlier CSTB Reports
Pages 17-38
The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.
From page 17... ...
Readers are encouraged to read all of these reports, which can be found online at |
From page 18... ...
They control power delivery, communications, aviation, and financial services. They are used to store vital information, from medical records to business plans to criminal records.
|
From page 19... ...
, of information values, protection responsibilities, and organizational commitment. One can implement that policy by taking specific actions guided by management control principles and utilizing specific security standards, procedures, and mechanisms.
|
From page 20... ...
New means of attack are devised (e.g., computerized signal processing to separate "live" clicks from recorded ones) , and the result is a more sophisticated threat.
|
From page 21... ...
The existence of a successful attack can be demonstrated by an experiment, but the adequacy of a set of countermeasures cannot. Security specialists must resort to analysis, yet mathematical proofs in the face of constantly changing systems are impossible.
|
From page 22... ...
This situation feeds a market for inappropriate or incomplete security solutions, such as antiviral software that is effective only against certain viruses but may be believed to provide broader protection, or password identification systems that are easily subverted in ordinary use.... Enhancing security requires changes in attitudes and behavior that are difficult because most people consider computer security to be abstract and concerned more with hypothetical rather than likely events.
|
From page 23... ...
Technical measures may prevent people from doing unauthorized things but cannot prevent them from doing things that their job functions entitle them to do. Thus, to prevent violations of trust rather than just repair the damage that results, one must depend primarily on human awareness of what other human beings in an organization are doing.
|
From page 24... ...
This distinction is both superficial and misleading. National security activities, such as military operations, rely heavily on the integrity of data in such contexts as intelligence reports, targeting information, and command and control systems, as well as in more mundane applications such as payroll systems.
|
From page 25... ...
For example, near-simultaneous penetration attempts on hundreds of military information systems might reasonably be considered an indication of an orchestrated attack. Mobilization of a foreign nation's key personnel known to have responsibility for information attacks might be another indicator.
|
From page 26... ...
The second time scale is days after the attack is understood; such knowledge allows operators throughout the entire system of systems to implement fixes and patches that they may not yet have fixed, and to request fixes that are needed but not yet developed.... Function 3.
|
From page 27... ...
, an organization could prudently adopt additional security measures that during times of non-attack might not be in effect because of their negative impact on operations. Tailoring in advance a range of information systems security actions to be taken under different threat conditions would help an organization plan its response to any given attack.
|
From page 28... ...
The principle underlying response planning should be that of "graceful degradation"; that is, the system or network should lose functionality gradually, as a function of the severity of the attack compared to its ability to defend against it. This principle stands in contrast to a different principle that might call for the maintenance of all functionality until the attack simply overwhelms the defense and the system or network collapses.
|
From page 29... ...
Providing information systems security for a network or system that has not had security features built into it is enormously problematic. Retrofits of security features into systems not designed for security invariably leave security holes, and Procedural fixes for inherent technical vulnerabilities only go so far.
|
From page 30... ...
It is reasonable to conduct organizational research into better processes and organizations that provide more effective support against information attacks and/or reduce the impediments to using or implementing good security practices. Function 11.
|
From page 31... ...
. .The security in today's fielded military systems is weak, and weaker than it need be, as illustrated by the following examples of behavior and practices that the committee observed or heard: · Individual nodes are running commercial software with many known security problems.
|
From page 32... ...
Soldiers in the field do not take the protection of their C4I systems nearly as seriously as they do other aspects of defense. For example, information attack red teams were a part of some exercises observed by the committee, but their efforts were usually highly constrained for fear that unconstrained efforts would bring the exercise to a complete halt.
|
From page 33... ...
may or may not affect transfer of information outside the area of disruption, depending on how the ISP has configured its communications. For example, caching practices intended to reduce network congestion problems helped to limit the scope of a Domain Name Service (DNS)
|
From page 34... ...
Even widespread or catastrophic failures may not harm some users, if they have intentionally or unconsciously provided redundant storage or backup facilities. The inability to accurately predict consequences seriously complicates the process of calculating risk and makes it tempting to assume "best case" behavior in response to failure.
|
From page 35... ...
Another example is an instance in which a hacker expends great effort to take over an innocuous machine, not because it contains interesting data but because it provides computing resources and network connectivity that can be used to mount attacks on highervalue targets. In the case of the work factor model, it is notoriously difficult to assess the capabilities of a potential adversary in a field as unstructured as that of discovering vulnerabilities, which involves seeing aspects of a system that were overlooked by its designers.
|
From page 36... ...
Virus detectors identify and eradicate attacks embedded in exchanged files, and firewalls hinder attacks by filtering messages between a trusted enclave of networked computers and its environment (from which attacks might originate)
|
From page 37... ...
(From p. 247~: Security research during the past few decades has been based on formal policy models that focus on protecting information from unauthorized access by specifying which users should have access to data or other system objects.
|
From page 38... ...
There is, therefore, some tension between homogeneity and trustworthiness. Powerful forces make technological homogeneity compelling .
|
Key Terms
This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More
information on Chapter Skim is available.