WASHINGTON -- Making networked information systems that control the nation's vital services as secure and reliable as they need to be is beyond current capabilities, according to a new report from a National Research Council committee. The federal government should take the lead in supporting research needed to create new approaches that will prevent environmental disruptions, attacks, and operational errors from causing entire networks to collapse.
"It is especially hard to design and build a trustworthy computing system because you never know what attacks will be launched against it or what manifestations failures may take," said committee chair Fred B. Schneider, professor, department of computer science, Cornell University, Ithaca, N.Y. "There are few incentives for the private sector to conduct the research necessary to build systems that are more trustworthy. Federal funders of research must work toward developing the science base and engineering expertise necessary for constructing these reliable and secure systems."
The world increasingly depends on networked computers to control communications, transportation, energy distribution, and financial services. Although products currently on the market address some vulnerabilities, the committee said, more sophisticated software and hardware are necessary in order to significantly reduce the risks of major system outages.
The report proposes a research agenda for building networked systems that are more robust, reducing software design problems, and developing mechanisms to protect against new types of attacks from unauthorized users, criminals, or terrorists.
NETWORK SECURITY
The recent attack by computer hackers on the New York Times Web site is one more example of just how vulnerable today's computing systems are. Beyond mischief caused by hackers, other threats exist: human error, power outages, natural disasters, and construction accidents. Because systems are interconnected, the failure of one -- such as the telephone system -- could compromise the ability of others to perform correctly. The committee found that the public telephone network is becoming increasingly vulnerable and that the Internet is not yet secure enough to support systems on which critical services depend.
Much of the existing security technology for operating systems can be traced to research efforts in the 1970s and 1980s that focused on central, mainframe computers used in processing classified documents or confidential business records. Different mechanisms are now needed, the committee said, to protect against the new classes of attacks that become possible because of computer networks, the distribution of software using the Internet, and the significant use of commercial, off-the-shelf software.
The committee recommended a more pragmatic approach to security that incorporates add-on technologies, such as firewalls, and utilizes the concept of "defense in depth," which requires independent mechanisms to isolate failures so that they don't cascade from one area of the system to another. The committee also argued that greater use of encryption techniques was essential for securing the Internet. Acknowledging that government policies on encryption are inhibiting widespread deployment of encryption, the committee identified technical problems -- requiring research -- that also are serving as inhibitors.
NETWORK DESIGN
Research is needed to better understand how networked information systems operate, how their components work together, and how changes occur over time. Since a typical computer network is large and complex, few engineers are likely to understand the entire system. Many outages associated with large computer networks, like the telephone system and the Internet, can be traced to human error, the committee explained.
Better conceptual models of such systems will help operators grasp the structure of these networks and better understand the effects of actions they may take to fix problems. Approaches to designing secure networks built from commercially available software warrant attention. Improvements in testing techniques and other methods for determining errors also are likely to have considerable payoffs for enhancing assurance in networked systems.
SOFTWARE ENGINEERING
Building software that will function as intended is a central challenge for researchers. Large systems cannot be developed free of defects. The nation's dependence on these systems implies a need for more resources to assure progress in software engineering, the committee said. Most networked information systems use commercial, off-the-shelf software that was not necessarily designed for use in these settings. As a result, not only must the network developer design, build, and establish the trustworthiness of the system, but the job must be done with limited access to significant pieces of the system and virtually no knowledge of how those pieces were developed.
Because of these constraints, the committee said, research in new software development approaches and practices is key. Network size, physical separation of components executing different commands concurrently, and interactions within a system that is not uniform pose major challenges for network software developers.
The National Research Council is the principal operating arm of the National Academy of Sciences and the National Academy of Engineering. It is a private, non-profit institution that provides independent advice on science and technology issues under a congressional charter. The report was funded by the Defense Advanced Research Projects Agency and the National Security Agency.