2.1: Trustworthiness
Making the Digital World More Trustworthy Other Information:
Making the Digital World More Trustworthy -- The necessity for trust and confidence spans far more than the interconnected
networks, systems, and software of the Internet and the information residing in those systems. It encompasses the networked
computing systems that are deeply integrated within complex life- and safety-critical physical structures such as power grids,
buildings, airplanes and spacecraft, ground transportation, and medical devices; and it includes stand-alone computing systems
that also perform critical tasks on which human life, safety, and security depend. Where we are now -- over the past decade,
we have become increasingly aware as a society of the vulnerabilities associated with our IT systems and infrastructure. The
reality is that many of these technologies were invented and engineered before the security implications of pervasive societal
reliance on IT systems and networks came to the fore. In the national security, aviation, and space exploration arenas, Federal
research has long pursued technical means of assuring that networks and systems can continue to function in adverse environments
and amid internal faults and failures; but to date, system redundancy remains the principal failsafe. Since 9/11, Federal
agencies, in partnership with private-sector stakeholders, have also focused on research to harden against cyber invasions
that attack the process-control systems of critical U.S. infrastructures that rely on Internet connectivity. In broad terms,
however, efforts to increase IT reliability, safety, and security continue to target add-on fixes for existing technologies
rather than new concepts, designs, architectures, and security standards that would incorporate those attributes from the
ground up. Research needs -- evolutionary system hardening and software patching will continue to be necessary in dealing
with the legacy systems of prior decades still in service. Only foundational basic research, however, can produce the advances
needed to make possible inherently more stable, reliable, safe, secure, self-diagnosing, self-healing -- and thus far more
cost-effective -- systems, software, and devices for the dynamic environments of a fully digital world. A fundamental science
of security must be developed as an essential component of high-quality IT design and engineering across all technologies
and application domains. The science of security must also infuse curricula and training activities at every educational level.
Multiple dimensions of the security challenge are described below.
Indicator(s):
|
