Computers at Risk: Safe Computing in the Information Age, Executive Summary and Overview

Home , Information Age

Computers at Risk: Safe Computing in the Information Age http://www.nap.edu/catalog/1581.html EXECUTIVE SUMMARY 1 e h t be

ion. om r ibut f r t cannot r at not Executive Summary o f however, version ng,

i t paper book, at ive at rm o riginal horit ic f o e

h Computer systems are coming of age. As computer systems become more t he aut t

prevalent, sophisticated, embedded in physical processes, and interconnected, om r as ing-specif

t society becomes more vulnerable to poor system design, accidents that disable ion ed f systems, and attacks on computer systems. Without more responsible design peset

y and use, system disruptions will increase, with harmful consequences for

publicat society. They will also result in lost opportunities from the failure to put her t iles creat is

h computer and communications systems to their best use. t L f

M of Many factors support this assessment, including the proliferation of

and ot X computer systems into ever more applications, especially applications involving om yles, r

f networking; the changing nature of the technology base; the increase in st version computer system expertise within the population, which increases the potential

print for system abuse; the increasingly global environment for business and posed e h

heading research; and the global reach and interconnection of computer networks, which

recom multiply system vulnerabilities. Also relevant are new efforts in Europe to use t promote and even mandate more trustworthy computer systems; European breaks, ease l been countries are strengthening their involvement in this arena, while the United P States seems caught in a policy quagmire. Although recent and highly word has ed.

hs, publicized abuses of computer systems may seem exceptional today, each illustrates potential problems that may be undetected and that are expected to insert become more common and even more disruptive. The nature and the magnitude ally

line lengt of computer system problems are changing dramatically. original work

e The nation is on the threshold of achieving a powerful information h t infrastructure that promises many benefits. But without adequate safeguards, we risk intrusions into personal privacy (given the growing he original; ion of t at o ue t r have been accident y t a represent m are

l a errors

age breaks P is new digit h pographic y iles. T t

f e ile: ng i f t F D P peset and som is y h t

ined, a bout A ret original t

ion. om

r electronic storage of personal information) and potential disasters that can cause ibut f r t cannot economic and even human losses. For example, new vulnerabilities are r at not

o emerging as computers become more common as components of medical and f transportation equipment or more interconnected as components of domestic

however, and international financial systems. Many disasters may result from intentional version ng,

t attacks on systems, which can be prevented, detected, or recovered from paper book, at ive through better security. The nation needs computer technology that supports at rm o substantially increased safety, reliability, and, in particular, security. riginal horit ic f

o Security refers to protection against unwanted disclosure, modification, or e h destruction of data in a system and also to the safeguarding of systems t he aut t

om themselves. Security, safety, and reliability together are elements of system r as ing-specif t trustworthiness—which inspires the confidence that a system will do what it is ion ed f expected to do. peset y In many ways the problem of making computer and communications publicat

her t systems more secure is a technical problem. Unlike a file cabinet, a computer iles creat is h t

L f system can help to protect itself; there exists technology to build a variety of

M of

and ot safeguards into computer systems. As a result, software, hardware, and system X development presents opportunities for increasing security. Yet known om yles, r f techniques are not being used, and development of better techniques is lagging st version in the United States. From a technical perspective, making computer system print posed

e technology more secure and trustworthy involves assessing what is at risk, h heading articulating objectives and requirements for systems, researching and recom

use t developing technology to satisfy system requirements, and providing for independent evaluation of the key features (to assess functionality) and their breaks, ease l been

P strength (to provide assurance). All of these activities interact.

word

has Attaining increased security, in addition to being a technical matter is also ed.

hs, a management and social problem: what is built and sold depends on how

insert systems are designed, purchased, and used. In today's market, demand for

ally trustworthy systems is limited and is concentrated in the defense community line lengt and industries, such as banking, that have very high levels of need for security. original work e h

t That today's commercial systems provide only limited safeguards reflects limited awareness among developers, managers, and the general population of he original;

ion of the threats, vulnerabilities, and possible safeguards. Most consumers have no t at o real-world understanding of these concepts and cannot choose products wisely ue t r have been accident or make sound decisions about how to use them. Practical security specialists y t a and professional societies have emerged and have begun to affect security represent m are

l practice from inside organizations, but their impact is constrained by lack of a both management errors

age breaks P is new digit h pographic y iles. T t

f e ile: ng i f t F D P peset and som is y h t

ined, a bout A ret original t

ion. om r ibut f r t cannot r at not 1 o f

however, Overview and Recommendations version ng,

i t paper book, at ive at rm o riginal horit ic f o e

h We are at risk. Increasingly, America depends on computers. They control t he aut t

power delivery, communications, aviation, and financial services. They are used om r as ing-specif

t to store vital information, from medical records to business plans to criminal ion ed f records. Although we trust them, they are vulnerable—to the effects of poor peset

y design and insufficient quality control, to accident, and perhaps most

publicat alarmingly, to deliberate attack. The modern thief can steal more with a her t iles creat is

h computer than with a gun. Tomorrow's terrorist may be able to do more damage t L f

M of with a keyboard than with a bomb.

and ot X To date, we have been remarkably lucky. Yes, there has been theft of om yles, r

f money and information, although how much has been stolen is impossible to st version know.1 Yes, lives have been lost because of computer errors. Yes, computer

print failures have disrupted communication and financial systems. But, as far as we posed e h

heading can tell, there has been no successful systematic attempt to subvert any of our

recom critical computing systems. Unfortunately, there is reason to believe that our use t luck will soon run out. Thus far we have relied on the absence of malicious breaks, ease l been people who are both capable and motivated. We can no longer do so. We must P instead attempt to build computer systems that are secure and trustworthy. word has ed.

hs, In this report, the committee considers the degree to which a computer system and the information it holds can be protected and preserved. This insert requirement, which is referred to here as computer security, is a broad concept; ally

line lengt security can be compromised by bad system design, imperfect implementation, original work

e weak administration of procedures, or through accidents, which can facilitate h t attacks. Of course, if we are to trust our systems, they must survive accidents as he original; ion of t at o ue t r have been accident y t a represent m are

l a errors

age breaks P is new digit h pographic y iles. T t

f e ile: ng i f t F D P peset and som is y h t

ined, a bout A ret original t

ion. om

r well as attack. Security supports overall trustworthiness, and vice versa. ibut f r t cannot r at not o

f COMPUTER SYSTEM SECURITY CONCERNS

however, Security is a concern of organizations with assets that are controlled by version ng,

t computer systems. By accessing or altering data, an attacker can steal tangible paper book, at ive assets or lead an organization to take actions it would not otherwise take. By at rm o merely examining data, an attacker can gain a competitive advantage, without riginal horit ic f

o the owner of the data being any the wiser. e h Computer security is also a concern of individuals, including many who t he aut t

om neither use nor possess computer systems (Box 1.1). If data can be accessed r as ing-specif t improperly, or if systems lack adequate safeguards, harm may come not only to ion ed f the owner of the data, but also to those to whom the data refers. The volume and peset y nature of computerized data-bases mean that most of us run the risk of having publicat

her t our privacy violated in serious ways. This is particularly worrisome, since those iles creat is h

t in a position to protect our privacy may have little incentive to do so (Turn, L f

M of

and ot 1990). X The threats to U.S. computer systems are international, and sometimes also om yles, r f political. The international nature of military and intelligence threats has always st version been recognized and addressed by the U.S. government. But a broader print posed

e international threat to U.S. information resources is emerging with the h heading proliferation of international computer networking—involving systems for recom

use t researchers, companies, and other organizations and individuals—and a shift from conventional military conflict to economic competition.2 The breaks, ease l been

P concentration of information and economic activity in computer systems makes

word

has those systems an attractive target to hostile entities. This prospect raises ed.

hs, questions about the intersection of economic and national security interests and

insert the design of appropriate security strategies for the public and private sectors.

ally Finally, politically motivated attacks may also target a new class of system that line lengt is neither commercial nor military: computerized voting systems.3 original work e h

t Outside of the government, attention to computer and communications security has been episodic and fragmented. It has grown by spurts in response to he original;

ion of highly publicized events, such as the politically motivated attacks on computer t at o centers in the 1960s and 1970s and the more recent rash of computer viruses

ue t 4 r have been accident and penetrations of networked computer systems. Commercial organizations y t a have typically concentrated on abuses by individuals authorized to use their represent m are

l systems, which typically have a security level that prevents only the most a straightforward of attacks. errors

age breaks P is new digit h pographic y iles. T t

f e ile: ng i f t F D P peset and som is y h t

ined, a bout A ret original t