Making the Nation Safer The Role of Science and Technology in Countering Terrorism (2002) / Chapter Skim
Currently Skimming:
5. Information Technology
5. Information Technology
Pages 135-176
The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.
From page 135... ...
1 These realities make the computer and communications systems of the nation a critical infrastructure in and of themselves, as well as major components of other kinds of critical infrastructure, such as energy or transportation systems. The IT infrastructure can be conceptualized as four major elements: the Internet, the telecommunications infrastructure, embedded/real-time computing (e.g., avionics systems for aircraft control, SCADA systems controlling electrical energy distribution)
|
From page 136... ...
Nor are they mutually exclusive and in practice they can be combined to produce even more destructive effects. Most of the nation's civil communications and data network infrastructure offer soft IT targets, but they tend to be localized either geographically or in mode of communication, and if no physical damage is done tend to be recoverable in a relatively short time.
|
From page 137... ...
The Internet itself is a densely connected network of networks,5 which means that a large number of important nodes would have to be destroyed simultaneously to bring it down for an extended period of time. Destruction of some key Internet nodes would result in slowed traffic across the Internet, but the ease with which Internet communications can be rerouted would minimize the long-term damage.6 (In this regard, the 5see CSTB (2001b)
|
From page 138... ...
central to most of American society, the impact of even severe damage to the Internet is less than what might be possible through other modes of attack. The telecommunications infrastructure of the public switched network is likely to be less robust.
|
From page 139... ...
Such attacks would require a significant insider presence in technically responsible positions in key sectors of the economy over long periods of time. A second type of attack on embedded computing is illustrated by the notion of an attack on the systems controlling elements of the nation's critical infrastructure, e.g., the electric-power grid, the air-traffic-control system, the financial network, and water purification and delivery.
|
From page 140... ...
The real leverage of such an attack would likely be in amplifying the damage and costs associated with a physical attack on some other element of the critical infrastructure. Another disaster scenario that could rise to the level of catastrophic damage would be an attack on a local or regional power system that cascades to shut down electrical power, possibly with physical damage that could take weeks to repair, over a much wider area.
|
From page 141... ...
INFORMATION TECHNOLOGY 141 Disproportionate Impacts Some disaster scenarios result in significant loss or damage that is all out of proportion to the actual functionality or capability destroyed. In particular, localized damage that results in massive loss of confidence in some critical part of the infrastructure could have such a disproportionate impact.
|
From page 142... ...
Terrorist attacks can be sustained over time as well as occur in individual instances. If the effects of an attack sustained over time (perhaps over months or years)
|
From page 143... ...
Thus, they are likely to concentrate their efforts where the impact is largest for the smallest expenditure of resources. For example, terrorists who want to create immediate public fear and terror are more likely to use a physical attack (perhaps in conjunction with an attack using IT to amplify the resulting damage)
|
From page 144... ...
. Some possible options include a separate emergency-response communications network that is deployed in the immediate aftermath of a disaster, and the use of the public network to support virtual private networks, with priority given to traffic from emergency responders.
|
From page 145... ...
One option is to place the mechanism administratively in existing government or private organizations (e.g., the National Institute of Standards and Technology, the Office of Homeland Security, the Department of Defense, or the Computer Emergency Response Team of the Software Engineering Institute at Carnegie Mellon University) ; and a second option is to create a national body to coordinate the private sector and local, state, and federal authorities.l3 In the short term, a practical option for providing emergency operational support would be to exploit IT expertise in the private sector, much as the armed services draw on the private sector (National Guard and reserve forces)
|
From page 146... ...
i4 First, IT attacks can amplify the impact of physical attacks and lessen the effectiveness of emergency responses; reducing such vulnerabilities will require major advances in information and network security. Second, the increasing levels of damage caused by cybercrime and the tendency to rely on the Internet as the primary networking entity both suggest that the likelihood of severe damage through a cyberattack is increasing.
|
From page 147... ...
. Given the range of formats, the permanence and growing volume of information from each source, and the difficulty of accurately analyzing information from single sources, let alone multiple sources, information fusion offers researchers a challenge.
|
From page 148... ...
148 TABLE 5.1 A Taxonomy of Priorities MAKING THE NATION SAFER Time Scale for R&D for Significant Progress Category Criticality Difficulty and Deployment Improved Information and High Difficult 5-9 years Network Security Detection and identification High Difficult 5-9 years Architecture and design for High Difficult 5-9 years containment Large-system backup and High Difficult 5-9 years decontamination Less buggy code High Very difficult 5-9 years Automated tools for system High Difficult 1-4 years configuration Auditing functionality Low Difficult 10+ years Trade-offs between usability Medium Difficult 5-9 years and security Security metrics Medium Difficult 1-4 years Intelligence gathering Medium Difficult 1-4 years Field studies of security High Easy 1-4 years C3I for Emergency Response High Difficult 1-4 years Ad hoc interoperability High Easy 1-4 years Emergency deployment of High Easy 1-4 years communications capacity Security of rapidly deployed Medium Difficult 5-9 years ad hoc networks Information management and Medium Difficult 5-9 years decision support tools Communications with the High Difficult 1-4 years public during emergency Emergency sensor deployment High Easy 1-4 years Precise location identification Medium Difficult 5-9 years Mapping the physical High Easy 1-4 years infrastructure of IT Characterizing the functionality High Difficult 1-4 years of regional networks for emergency responders Information Fusion High Difficult 1-4 years Data mining High Difficult 1-4 years Data integration High Difficult 1-4 years
|
From page 149... ...
INFORMATION TECHNOLOGY TABLE 5.1 Continued 149 Time Scale for R&D for Significant Progress Category Criticality Difficulty and Deployment Language technologies High Difficult 1-4 years Image and video processing High Difficult 5-9 years Evidence combination Medium Difficult 1-4 years Privacy and Confidentiality High Difficult 1-4 years Planning for the Future Medium Difficult 10+ years likely. Software flaws, lax procedures for creating and guarding passwords, compromised insiders, and nonsecure entry points all lead to the conclusion that watertight perimeters cannot be assumed.
|
From page 150... ...
Detecting a denial-of-service attack is equally challenging. For example, consider an attack that is launched against the major Internet news services to coincide with a physical bomb attack.
|
From page 151... ...
lion. Recommendation 5.4: Detection and Identification Research · Develop fast and scalable methods for high-confidence authentica· Explore approaches that could self-monitor traffic and users to detect either anomalous users or unusual traffic patterns.
|
From page 152... ...
For the most part, current technologies employ a bimodal approach: either no computer control, which is inefficient in modern large-scale systems, or complete computer control, with the inherent vulnerabilities that this implies.22 Containment essentially navigates between the two extremes; its essential element is the ability to "lock down" a system under attack perhaps suspend normal operation temporarily, while the system finds and disables potential intruders, and resume normal system operation afterward with less disruption than shutting down and rebooting might cause. Research is thus necessary in several areas: understanding how to fuse a simple, highly secure, basic control system used primarily for crisis operations 19CSTB (1999c)
|
From page 153... ...
· Explore how to fuse a simple, basic control system used during crisis mode with a sophisticated control system used during normal operations. Recovery Once an intruder has been detected, confined, and neutralized, the goal should be to bring the system to full operation as soon as possible.
|
From page 154... ...
Given that penetration of computer and telecommunications networks is likely to continue despite our best efforts to build better perimeter security, more resilient and robust systems are necessary, with backup and recovery as essential elements. New approaches to decontamination are also needed, especially when a system cannot be shut down for decontamination purposes.
|
From page 155... ...
The ability to generate a crisp, clear description of actual security policies in place and to compare them with desired security 25Wagner, D.A.
|
From page 156... ...
Threat models are often characterized by actuarial data and probability distributions in which the adverse effects of vulnerabilities are prioritized on the basis of how likely it is that they will occur; but such models are of little use in countering deliberate terrorist attacks that seek to exploit nominally low-probability vulnerabilities. Notions such as calculating the return on a security investment common in other areas in which security is an issue are not well understood either, thus making quantitative risk manage29CSTB (1990)
|
From page 157... ...
· Find new ways to test bug fixes reliably. · Develop better system-administration tools for specifying security policies and checking against prespecified system configurations.
|
From page 158... ...
For example, it is likely that some portion of the public networks will survive any disaster; emergency-response agencies could use it to facilitate interoperability if there are mechanisms for giving them first priority for such use. A second option is to allocate dedicated spectral bands for emergency responders and to require by law that they use those frequencies.
|
From page 159... ...
In addition, the development of better C3I systems for emergency response will have application to responding to natural disasters as well. Ad Hoc Interoperability Different emergency responders must be able to communicate with each other, but poor interoperability among responding agencies is a well-known problem and one that is as much social and organizational as it is technical.
|
From page 160... ...
.47 Thus research is also needed for defining low-level communication protocols and developing generic technology that can facilitate interconnection and interoperation of diverse information resources.48 One example of research is the development of software-programmable waveforms that can (in principle) allow a single radio to interoperate with a variety of different wireless communications protocols.49 A second example is an architecture for communications, perhaps for selected mission areas, that translates agency-specific information into formats and semantics compatible with a global system.50 Emergency Management of Communications Capacity In an emergency, extraordinary demands are placed on communications capacity.
|
From page 161... ...
For example, the destruction of physical facilities such as repeaters and the massive presence of debris could result in an impaired environment for radio-frequency transmissions. The rapid deployment of processors optimized to find weak signals in a suddenly noisier environment could do much to facilitate emergency communications.
|
From page 162... ...
(For example, ad hoc networks are not likely to have a single system administrator that can take responsibility for allocating user IDs.) Information-Management and Decision-Support Tools In a chaotic disaster area, a large volume of voice and data traffic will be transmitted and received on handheld radios, phones, digital devices, and portable computers.
|
From page 163... ...
Developing robust sensors for these capabilities is one major challenge; developing architectural concepts for how to deploy them and integrate the resulting information is another. Precise Location Identification In a severe crisis, determining the location both of physical structures and of people is a major problem because of debris, airborne contaminants such as smoke and dust, and perhaps simply a lack of illumination.
|
From page 164... ...
Finally, keeping track of emergency responders' positions within a disaster area is an essential element of managing emergency response. Technology (similar to E-911 for cell phones)
|
From page 165... ...
Sharing of information among the venous providers of critical infrastructure and emergency-response agencies, even about common tasks and processes, has been a rather uncommon activity in the past. Recommendation 5.X: IT and C3I Research · Understand how to transition gracefully and with minimal disruption from a unit-specific communication system to a systemwide structure.
|
From page 166... ...
Such processed data can be particularly valuable for decision makers in law enforcement, the intelligence community, emergency-response units, and other organizations combating terrorism. Not surprisingly, an inherent problem of information fusion is data interoper-ability the difficulty of merging data from multiple databases, multiple sources, and multiple media.
|
From page 167... ...
That is, disparate institutional missions may well dictate against a sharing of information at all. Underlying successful information fusion efforts is a desire to share information and it is impossible to fuse information belonging to two agencies if those two agencies do not communicate with each other.
|
From page 168... ...
Another research area is better mixedinitiative methods that allow the user to visualize the data and direct the data analysis. Data Integration New research is needed to normalize and combine data collected from multiple sources, such as the combination of different sets of time-series data (e.g., with different sampling rates, clocks, and time zones)
|
From page 169... ...
This is a good example of information fusion in which multiple representations of content are combined to reduce the effect of errors coming from any given source. The major limitation of present language and image technologies is that their accuracy and performance, despite significant progress, need to be considerably improved.
|
From page 170... ...
Recommendation 5.9: Information Fusion Research . Develop more effective machine-learning algorithms for data mining, including learning using different data types (text, image, audio, video)
|
From page 171... ...
Indeed, some trends, such as deregulation, system monocultures, and the dominance of a smaller number of products, are pushing the nation's critical infrastructure providers to reduce excess capacity, even though this is what provides much of the redundancy so important to reduced vulnerability. For these reasons, researchers and practitioners must be vigilant to changes in network technology, usage and reliance on IT, and potentially decreasing diversity.
|
From page 172... ...
Information technologies for emergency response have not received a great deal of attention, though efforts in other contexts (e.g., military operations) are intimately related to progress in this area.69 The time scale on which the fruits of efforts in these areas will become available ranges from short to long.
|
From page 173... ...
· IT for emergency response is essential because of the unfortunate reality that the probability of catastrophic terrorism cannot be reduced to zero; the ability to respond quickly and effectively to a catastrophic situation will always be needed. Information fusion is important in today's counterterrorism efforts, where the essential problem is how to identify potential threats amidst enormous amounts of possibly relevant information; sophisticated techniques for filtering and processing this information are needed.
|
From page 174... ...
· Pay attention to the human resources needed to sustain the counterterrorism information technology research agenda. This need is especially apparent in the fields of information and network security and emergency communications.
|
From page 175... ...
1999a. Information Technology Research for Crisis Management, National Academy Press, Washington, D.C.
|
From page 176... ...
2001. "Boehlert Gives Cyber Security Address at ITAA Forum," press release, December 12.
|
Key Terms
This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More
information on Chapter Skim is available.