2.1: Trustworthiness
Making the Digital World More Trustworthy Other Information:
The necessity for trust and confidence spans far more than the interconnected networks, systems, and software of the Internet
and the information residing in those systems. It encompasses the networked computing systems that are deeply integrated within
complex life- and safety-critical physical structures such as power grids, buildings, airplanes and spacecraft, ground transportation,
and medical devices; and it includes stand-alone computing systems that also perform critical tasks on which human life, safety,
and security depend. Where we are now: Over the past decade, we have become increasingly aware as a society of the vulnerabilities
associated with our IT systems and infrastructure. The reality is that many of these technologies were invented and engineered
before the security implications of pervasive societal reliance on IT systems and networks came to the fore. In the national
security, aviation, and space exploration arenas, Federal research has long pursued technical means of assuring that networks
and systems can continue to function in adverse environments and amid internal faults and failures; but to date, system redundancy
remains the principal failsafe. Since 9/11, Federal agencies, in partnership with private-sector stakeholders, have also focused
on research to harden against cyber attack the process-control systems of critical U.S. infrastructures that rely on Internet
connectivity. In broad terms, however, efforts to increase IT reliability, safety, and security continue to target add-on
fixes for existing technologies rather than new concepts, designs, architectures, and security standards that would incorporate
those attributes from the ground up. Research needs: Evolutionary system hardening and software patching will continue to
be necessary in dealing with the legacy systems of prior decades still in service. Only foundational basic research, however,
can produce the advances needed to make possible inherently more stable, reliable, safe, secure, self-diagnosing, self-healing
– and thus far more cost-effective – systems, software, and devices for the dynamic environments of a fully digital world.
A fundamental science of security must be developed as an essential component of high-quality IT design and engineering across
all technologies and application domains. The science of security must also infuse curricula and training activities at every
educational level. Multiple dimensions of the security challenge are described below.
Indicator(s):
|
