2.2: Cyber Security
Securing Life in Cyberspace Other Information:
Securing Life in Cyberspace -- As the President's May 2009 "Cyberspace Policy Review" notes, the Internet's global fabric
of nearinstantaneous interconnectivity is at once transformative and fragile—beset by the unintended consequences of its multi-decade
growth and survival in increasingly dangerous times. Where we are now -- the vast sea of information that flows over the Internet
and is stored in Internetconnected systems mostly is not secure, nor are the networks and systems themselves. The basic openness
and anonymity built into the Internet's trust-based legacy architecture -- combined with a seemingly endless assortment of
hardware and software vulnerabilities in computing systems -- are exploited around the clock by hackers, criminals, and U.S.
adversaries. According to some experts, the networks of zombie attack computers called "botnets" today constitute the largest
supercomputer in the world. The lack of end-to-end security in cyberspace costs organizations in all sectors many billions
of dollars annually; it also threatens major U.S. Government objectives, such as improving the health care system with the
aid of health IT and stimulating economic innovation. Further, the interconnections of the Internet with critical infrastructures
and systems (e.g., financial) provide vectors for potentially devastating cyber attacks. Currently, attackers have the upper
hand; defenders rely for the most part on a never-ending cycle of patching networks and systems, but this defends only against
previously identified threats, not the constantly emerging new ones. The Federal government has initiated high-priority efforts
to improve coordination of cybersecurity R&D across Federal agencies, with the goals of better securing government information
and networks and expanding collaboration with the private sector to address cybersecurity objectives. Because much of the
digital infrastructure lies in the private sector, however, developing R&D partnerships and technology deployment strategies
acceptable across sectors outside the Government presents complex challenges. Research needs -- the goal of cybersecurity
R&D must be to provide end-to-end security in networked environments. The immense dynamism and complexity of global networking
make this goal a grand challenge for which there will be no single solution. Advances of many kinds are needed, in the policy
and educational arenas as well as in diverse technologies. In addition to more inherently secure components, new methods for
proactive approaches to improving cybersecurity must be pursued, such as dynamic security; stronger global-scale identity
management; better situational awareness; new means of attack attribution and combating malware, botnets, and insider threats;
enterpriselevel security metrics for assessing the relative effectiveness of policies and techniques; cybersecurity education;
and easy-to-use security techniques. One conceptual approach being advanced by the Federal cybersecurity community specifically
focuses on ways to eliminate the cyber attacker's advantage over the defender -- for example, by employing dynamic virtualization
to make attack targets much harder to pinpoint or by creating "tailored trustworthy spaces" on the Internet that provide elevated
levels of security and privacy.
Indicator(s):
|
