Toward a Safer and More Secure Cyberspace: Difference between revisions
Line 47: | Line 47: | ||
# ''Blocking and limiting the impact of compromise''. This category includes secure information systems and networks that resist technical compromise; convenient and ubiquitous encryption that can prevent unauthorized parties from obtaining sensitive or confidential data; containment, backup, mitigation, and recovery; and system lockdowns under attack. One illustrative example of research in this category is secure design, development, and testing. Research is needed that will facilitate the design of systems that are “secure by design.” Research is also needed for security evaluation, for good implementation practices and tools that reduce the likelihood of program flaws (bugs) and make it easier for developers to implement secure systems, and for improved testing and evaluation for functionality that has not been included in the specification of a system’s requirements and that may result in security vulnerabilities. | # ''Blocking and limiting the impact of compromise''. This category includes secure information systems and networks that resist technical compromise; convenient and ubiquitous encryption that can prevent unauthorized parties from obtaining sensitive or confidential data; containment, backup, mitigation, and recovery; and system lockdowns under attack. One illustrative example of research in this category is secure design, development, and testing. Research is needed that will facilitate the design of systems that are “secure by design.” Research is also needed for security evaluation, for good implementation practices and tools that reduce the likelihood of program flaws (bugs) and make it easier for developers to implement secure systems, and for improved testing and evaluation for functionality that has not been included in the specification of a system’s requirements and that may result in security vulnerabilities. | ||
# ''Enabling accountability.'' This category includes matters such as remote authentication, access control and policy management, auditing and traceability, maintenance of provenance, secure associations between system components, intrusion detection, and so on. In general, the objective is to hold anyone or anything that has access to a system component—a computing device, a sensor, an actuator, a network—accountable for the results of such access. One illustrative example of research in this category is attribution. Anonymous attackers cannot be held responsible for their actions and do not suffer any consequences for the harmful actions that they may initiate. But many computer operations are inherently anonymous, which means that associating actors with actions must be done explicitly. Attribution technology enables such associations to be easily ascertained, captured, and preserved. At the same time, attribution mechanisms do not solve the important problem of the unwittingly compromised or duped user, although these mechanisms may be necessary in conducting forensic investigations that lead to such a user. | # ''Enabling accountability.'' This category includes matters such as remote authentication, access control and policy management, auditing and traceability, maintenance of provenance, secure associations between system components, intrusion detection, and so on. In general, the objective is to hold anyone or anything that has access to a system component—a computing device, a sensor, an actuator, a network—accountable for the results of such access. One illustrative example of research in this category is attribution. Anonymous attackers cannot be held responsible for their actions and do not suffer any consequences for the harmful actions that they may initiate. But many computer operations are inherently anonymous, which means that associating actors with actions must be done explicitly. Attribution technology enables such associations to be easily ascertained, captured, and preserved. At the same time, attribution mechanisms do not solve the important problem of the unwittingly compromised or duped user, although these mechanisms may be necessary in conducting forensic investigations that lead to such a user. | ||
# ''Promoting deployment.'' This category is focused on ensuring that the technologies and procedures in Categories 1 and 2 are actually used to promote and enhance security. Category 3 | # ''Promoting deployment.'' This category is focused on ensuring that the technologies and procedures in Categories 1 and 2 are actually used to promote and enhance security. Category 3 includes technologies that facilitate ease of use by both end users and system implementers, incentives that promote the use of security technologies in the relevant contexts, and the removal of barriers that impede the use of security technologies. One illustrative example of research in this category is usable security. Security functionality is often turned off, disabled, bypassed, and not deployed because it is too complex for individuals and enterprise organizations to manage effectively or to use conveniently. Thus, an effort to develop more usable security mechanisms and approaches would have substantial payoff. Usable security has social and organizational dimensions as well as technological and psychological ones. | ||
includes technologies that facilitate ease of use by both end users and system implementers, incentives that promote the use of security technologies in the relevant contexts, and the removal of barriers that impede the use of security technologies. One illustrative example of research in this category is usable security. Security functionality is often turned off, disabled, bypassed, and not deployed because it is too complex for individuals and enterprise organizations to manage effectively or to use conveniently. Thus, an effort to develop more usable security mechanisms and approaches would have substantial payoff. Usable security has social and organizational dimensions as well as technological and psychological ones. | |||
# ''Deterring would-be attackers and penalizing attackers.'' This category includes legal and policy measures that could be employed to penalize or impose consequences on cyberattackers, and technologies that support such measures. In principle, this category could also include technical measures to retaliate against a cyberattacker. One illustrative example of research in this category would facilitate the prosecution of cybercriminals across international borders. Many cybercrime perpetrators are outside of U.S. jurisdiction, | # ''Deterring would-be attackers and penalizing attackers.'' This category includes legal and policy measures that could be employed to penalize or impose consequences on cyberattackers, and technologies that support such measures. In principle, this category could also include technical measures to retaliate against a cyberattacker. One illustrative example of research in this category would facilitate the prosecution of cybercriminals across international borders. Many cybercrime perpetrators are outside of U.S. jurisdiction, | ||
and the applicable laws may not criminalize the particulars of the crime perpetrated. Even if they do, logistical difficulties in identifying a perpetrator across national boundaries may render him or her practically immune to prosecution. Research is needed to further harmonize laws across many national boundaries to enable international prosecutions and to reduce the logistical difficulties involved in such activities. | and the applicable laws may not criminalize the particulars of the crime perpetrated. Even if they do, logistical difficulties in identifying a perpetrator across national boundaries may render him or her practically immune to prosecution. Research is needed to further harmonize laws across many national boundaries to enable international prosecutions and to reduce the logistical difficulties involved in such activities. |
Revision as of 15:06, 9 July 2010
Full Title of Reference
Toward a Safer and More Secure Cyberspace
Full Citation
Nat'l Research Council, Toward a Safer and More Secure Cyberspace (2007). Web
Categorization
Overview: Independent Reports
Key Words
Synopsis
This report was prepared by the Committee on Improving Cybersecurity Research, established by the National Research Council of the National Academies in response to a congressional request and with the financial support of NSF, DARPA, NIST, DHS, the National Academy of Engineering, and F. Thomas and Bonnie Berger Leighton. The basic premise underlying the committee’s task is that research can produce a better understanding of why cyberspace is as vulnerable as it is and that it can lead to new technologies and policies and their effective implementation to make things better.
Given the growing importance of cyberspace to nearly all aspects of national life, a secure cyberspace is vitally important to the nation, but cyberspace is far from secure today. The United States faces the real risk that adversaries will exploit vulnerabilities in the nation's critical information systems, thereby causing considerable suffering and damage. Online e-commerce business, government agency files, and identity records are all potential security targets. "Toward a Safer and More Secure Cyberspace" examines these Internet security vulnerabilities and offers a strategy for future research aimed at countering cyber attacks. It also explores the nature of online threats and some of the reasons why past research for improving cybersecurity has had less impact than anticipated, and considers the human resource base needed to advance the cybersecurity research agenda. The target audience of this work is Internet security professionals, information technologists, policy makers, data stewards, e-commerce providers, consumer protection advocates, and others interested in digital security and safety.
The committee addressed the question: What would a safer and more secure cyberspace look like? In response, the has formulated a Cyberspace Bill of Rights (CBoR). It consists of 10 basic provisions that the committee believes users should have as reasonable expectations for their online safety and security. The CBoR articulated in this report is distinctly user-centric, enabling individuals to draw for themselves the contrast between that vision and their own personal cyberspace experiences.
The first three provisions relate to properties of holistic systems, including availability, recoverability, and control of systems:
- I. Availability of system and network resources to legitimate users.
- II. Easy and convenient recovery from successful attacks.
- III. Control over and knowledge of one’s own computing environment.
The next three provisions relate to the traditional security properties of confidentiality, authentication (and its extension, provenance), and authorization:
- IV. Confidentiality of stored information and information exchange.
- V. Authentication and provenance.
- VI. The technological capability to exercise fine-grained control over the flow of information in and through
The next three provisions relate to crosscutting properties of systems:
- VII. Security in using computing directly or indirectly in important applications, including financial, health care, and electoral transactions and real-time remote control of devices that interact with physical processes.
- VIII. The ability to access any source of information (e.g., e-mail, Web page, file) safely.
- IX. Awareness of what security is actually being delivered by a system or component.
The last provision relates to justice:
- X. Justice for security problems caused by another party.
However, providing these "rights" to users will be difficult. Even even assuming that everything known about cybersecurity technologies and practices today was immediately put into practice, the resulting cybersecurity posture — though it would be stronger and more resilient than it is now — would still be inadequate against today’s threat, let alone tomorrow’s. Research is needed both to develop new knowledge and to make such knowledge more usable and transferable to the field. Furthermore, cybersecurity will be a continuing issue: threats evolve (both on their own and as defenses against them are discovered), and new vulnerabilities often emerge as innovation changes underlying system architectures, implementation, or basic assumptions.
Our research agenda to make progress toward the vision embedded in the Cybersecurity Bill of Rights has six broad areas of focus:
- Blocking and limiting the impact of compromise. This category includes secure information systems and networks that resist technical compromise; convenient and ubiquitous encryption that can prevent unauthorized parties from obtaining sensitive or confidential data; containment, backup, mitigation, and recovery; and system lockdowns under attack. One illustrative example of research in this category is secure design, development, and testing. Research is needed that will facilitate the design of systems that are “secure by design.” Research is also needed for security evaluation, for good implementation practices and tools that reduce the likelihood of program flaws (bugs) and make it easier for developers to implement secure systems, and for improved testing and evaluation for functionality that has not been included in the specification of a system’s requirements and that may result in security vulnerabilities.
- Enabling accountability. This category includes matters such as remote authentication, access control and policy management, auditing and traceability, maintenance of provenance, secure associations between system components, intrusion detection, and so on. In general, the objective is to hold anyone or anything that has access to a system component—a computing device, a sensor, an actuator, a network—accountable for the results of such access. One illustrative example of research in this category is attribution. Anonymous attackers cannot be held responsible for their actions and do not suffer any consequences for the harmful actions that they may initiate. But many computer operations are inherently anonymous, which means that associating actors with actions must be done explicitly. Attribution technology enables such associations to be easily ascertained, captured, and preserved. At the same time, attribution mechanisms do not solve the important problem of the unwittingly compromised or duped user, although these mechanisms may be necessary in conducting forensic investigations that lead to such a user.
- Promoting deployment. This category is focused on ensuring that the technologies and procedures in Categories 1 and 2 are actually used to promote and enhance security. Category 3 includes technologies that facilitate ease of use by both end users and system implementers, incentives that promote the use of security technologies in the relevant contexts, and the removal of barriers that impede the use of security technologies. One illustrative example of research in this category is usable security. Security functionality is often turned off, disabled, bypassed, and not deployed because it is too complex for individuals and enterprise organizations to manage effectively or to use conveniently. Thus, an effort to develop more usable security mechanisms and approaches would have substantial payoff. Usable security has social and organizational dimensions as well as technological and psychological ones.
- Deterring would-be attackers and penalizing attackers. This category includes legal and policy measures that could be employed to penalize or impose consequences on cyberattackers, and technologies that support such measures. In principle, this category could also include technical measures to retaliate against a cyberattacker. One illustrative example of research in this category would facilitate the prosecution of cybercriminals across international borders. Many cybercrime perpetrators are outside of U.S. jurisdiction,
and the applicable laws may not criminalize the particulars of the crime perpetrated. Even if they do, logistical difficulties in identifying a perpetrator across national boundaries may render him or her practically immune to prosecution. Research is needed to further harmonize laws across many national boundaries to enable international prosecutions and to reduce the logistical difficulties involved in such activities.
- Illustrative crosscutting problem-focused research areas. This category focuses elements of research in Categories 1 through 4 onto specific important problems in cybersecurity. These include security for legacy systems, the role of secrecy in cyberdefense, coping with the insider threat, and security for new computing environments and in application domains.
- Speculative research. This category focuses on admittedly speculative approaches to cybersecurity that are unorthodox, “out-of-the-box,” and also that arguably have some potential for revolutionary and nonincremental gains in cybersecurity. The areas described in this report are merely illustrative of such ideas—of primary importance is the idea that speculative ideas are worth some investment in any broad research portfolio.
Additional Notes and Highlights
Expertise Required: None