Cryptography's Role in Securing the Information Society (1996) / Chapter Skim
Currently Skimming:
Growing Vulnerability in the Information Age
Growing Vulnerability in the Information Age
Pages 19-50
The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.
From page 19... ...
These factors make clear the need for a broadly acceptable national cryptography policy that will help to secure vital national interests. 1.1 THE TECHNOLOGY CONTEXT OF THE INFORMATION AGE The information age is enabled by computing and communications technologies (collectively known as information technologies)
|
From page 20... ...
Since software is intangible, it can be deployed widely on a very short 1Citations to a variety of press accounts can be found in Computer Science and Telecommunications Board (CSTB) , National Research Council, Information Technology and Manufacturing: A Research Agenda, National Academy Press, Washington, D.C., 1993; CSTB, Information Technology in the Service Society: A Twenty-First Century Lever, 1993; CSTB, Realizing the Information Future: The Internet and Beyond, 1994; CSTB, Keeping the Computer and Communications Industry Competitive: Convergence of Computing, Communications, and Entertainment, 1995; and CSTB, The Unpredictable Certainty: Information Infrastructure Through 2000, 1996.
|
From page 21... ...
With software, physical replacement of a hardware component is unnecessary -- a new software program is simply loaded and executed. Examples include personal com puters (which do word processing or mathematical calculations, depending on what software the user chooses to run)
|
From page 22... ...
These practices have endured against a backdrop of relatively modest levels of commercial and individual risk; for example, the liability of a credit card owner for credit card fraud perpetrated by another party is limited by law to $50. Yet most computer and communications hardware and software systems are subject to a wide range of vulnerabilities, as described in Box 1.3.
|
From page 23... ...
A1; Saul Hansell, "A $10 Million Lesson in the Risks of Electronic Banking," New York Times, August 19, 1995, p.
|
From page 24... ...
By denying access to electronic services, an adversary could shut down company operations, especially time-critical ones. On a national scale, critical infrastructures controlled by electronic networks (e.g., the air traffic control system, the electrical power grid)
|
From page 25... ...
• New business opportunities for small entrepreneurs that could sell low-value products to the large numbers of potential customers that an electronic marketplace might reach. In general, visions of electronic commerce writ large attempt to leverage the competitive edge that information technologies can provide for commercial enter prises.
|
From page 26... ...
Today's air transportation system would not exist without rapid and reliable information flows regarding air traffic control, sales, marketing, maintenance, safety, and logistics planning. Retail ers and wholesalers depend on the rapid collection and analysis of sales data to plan purchasing and marketing activities, to offer more differentiated ser vices to customers, and to reduce operational costs.
|
From page 27... ...
National cryptography policy -- the focus of this report -- concerns how and to what extent government affects the development, deployment, and use of this important technology. To date, public discussion of national cryptography policy has focused on one particular application of cryptography, namely its use in protecting the confidentiality of information and communications.
|
From page 28... ...
Foreign direct investment in the United States has risen even faster over the same period -- at almost 19% annually -- and now also totals almost $500 billion. The expansion of international trade and investment has resulted in a much more integrated and interdependent world economy.
|
From page 29... ...
• If the public information and communications infrastructure continues to evolve with very weak security throughout, reflecting both deployed technology and user behavior, the benefits from cryptography for confidentiality will be significantly less than they might otherwise be. • The vulnerabilities implied by weak security overall affect the ability of specific mechanisms such as cryptography to protect not only confidentiality but also the integrity of information and systems and the availability of systems for use when sought by their users.
|
From page 30... ...
. To illustrate the broad panorama of stakeholder interests in which national cryptography policy is formulated, the next several sections examine different aspects of society from the standpoint of needs for information security.
|
From page 31... ...
. As the cost of computing drops, the cost of performing such 4From the National Counterintelligence Center, Annual Report to Congress on Foreign Economic Collection and Industrial Espionage, July 1995.
|
From page 32... ...
businesses. For example, two former directors of the French intelligence service have confirmed publicly that the French intelligence service collects economic intelligence information, including classified government information and information related to or associated with specific companies of in terest.1 Foreign intelligence agencies may break into facilities such as the foreign offices of a U.S.
|
From page 33... ...
, The Electronic Intrusion Threat to National Security and Emergency Preparedness Telecommunications: An Awareness Document, 2nd ed., NCS, Alexandria, Va., December 5, 1994, pp.
|
From page 34... ...
. The PSTN provides information transport services for geographically dispersed and national assets such as the banking system and financial markets,1 and the air traffic control system.2 Even the traditional military3 is highly dependent on the PSTN.
|
From page 35... ...
In May 1991, the severing of a fiber-optic cable led to the shutdown of four of the FAA's 20 major air traffic control centers with "massive operational impact."8 • The 1991 failure of a PSTN component in New York caused the loss of connec tivity between a major securities house and the Securities Industry Automation Cor poration, resulting in an inability to settle the day's trades over the network.9 Examples of small-scale activities by the computer "underground" against the PSTN demonstrate capabilities that, if coupled to an intent to wage serious informa tion warfare against the United States, pose a serious threat to the U.S. information infrastructure: • In 1990, several members of the Legion of Doom's Atlanta branch were charged with penetrating and disrupting telecommunications network elements.
|
From page 36... ...
6 Reliability and Vulnerability Working Group, Telecommunications Policy Committee, Information Infrastructure Task Force, Reliability and Vulnerability of the NII: Capability Assessments, from the National Communications System home page at http://164.117.147.223/nc-ia/html. 7 Both shared circuits and private networks are expected to grow dramatically in the next several years.
|
From page 37... ...
Garwin describes the use of "match registers" to efficiently implement queries against a database; see Frank Church et al., U.S. Congress, Senate Select Committee to Study Governmental Operations with Respect to Intelligence Activities, U.S.
|
From page 38... ...
International Trade Commission found that 8 of the world's top 10 applications software vendors, 7 of the world's top 10 systems software vendors, the top 5 systems integration firms, and 8 of the top 10 custom programming firms are U.S. firms; the top 9 global outsourcing firms have headquarters in the United States.
|
From page 39... ...
economic security" (National Counterintelligence Center, Annual Report to Congress on Foreign Economic Collection and Industrial Espionage, Washington, D.C., July 1995, p.
|
From page 40... ...
for observed levels of foreign sales and market shares. Chapter 4 addresses export controls in the context of cryptography and national cryptography policy.
|
From page 41... ...
Today's information security technology, for example, makes it possible to maintain or even raise the cost of collecting information about individuals. It also provides more mechanisms for government to help protect that information.
|
From page 42... ...
Given such considerations, individuals in an information age may wish to be able to: • Keep specific information private. Disclosure of information of a personal nature that could be embarrassing if known, whether or not such disclosure is legal, is regarded as an invasion of privacy by many people.
|
From page 43... ...
," New York Times, March 10, 1996, Business Section, p.
|
From page 44... ...
See also Final Report of the Senate Select Committee to Study Governmental Operations with Respect to Intelligence Activities, Book II, April 26, 1974, U.S. Government Printing Office, Washington, D.C., p.
|
From page 45... ...
An overwhelming majority of the audience indicated greater concern about the first possibility. For recent accounts that give the flavor of concerns about malfeasance by law enforcement officials, see Ronald Smothers, "Atlanta Holds Six Policemen in Crackdown," New York Times, September 7, 1995, p.
|
From page 46... ...
. The following areas relevant to law enforcement require high levels of information security: • Prevention of information theft from businesses and individuals, consistent with the transformation of economic and social activities outlined above.
|
From page 47... ...
Criminals have been known to impersonate law enforcement officials for nefarious purposes, and the information age presents additional opportunities. In the domain of national security, traditional missions involve protection against military threats originating from other nation-states and directed against the interests of the United States or its friends and allies.
|
From page 48... ...
civilian infrastructure -- including the banking system, the air traffic control system, and the electric power grid -- must be protected against the threats described above, as must the civilian information infrastructure that supports the conduct of sensitive government communications. Because civilian infrastructure provides a significant degree of functionality on which the military and defense sector depends, traditional national security interests are at stake as well, and concerns have grown about the implications of what has come to be known as information warfare (Box 1.9)
|
From page 49... ...
As an operational activity, information warfare clearly is related closely to, but yet is distinct from, intelligence functions that are largely analytical. IW is also relat ed to information security, since its techniques are pertinent both to prosecution of offensive IW and to protection for defensive IW.
|
From page 50... ...
Electronic commerce in particular is likely to become a fundamental underpinning of the information future. • Government has special needs for information security that arise from its role in society, including the protection of classified information and its responsibility for ensuring the integrity of information assets on which the entire nation depends.
|
Key Terms
This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More
information on Chapter Skim is available.