Stronger Research Efforts Needed To Bolster Security, Reliability Of Networked Information Systems

September 29, 1998

WASHINGTON -- Making networked information systems that control the nation's vital services as secure and reliable as they need to be is beyond current capabilities, according to a new report from a National Research Council committee. The federal government should take the lead in supporting research needed to create new approaches that will prevent environmental disruptions, attacks, and operational errors from causing entire networks to collapse.

"It is especially hard to design and build a trustworthy computing system because you never know what attacks will be launched against it or what manifestations failures may take," said committee chair Fred B. Schneider, professor, department of computer science, Cornell University, Ithaca, N.Y. "There are few incentives for the private sector to conduct the research necessary to build systems that are more trustworthy. Federal funders of research must work toward developing the science base and engineering expertise necessary for constructing these reliable and secure systems."

The world increasingly depends on networked computers to control communications, transportation, energy distribution, and financial services. Although products currently on the market address some vulnerabilities, the committee said, more sophisticated software and hardware are necessary in order to significantly reduce the risks of major system outages.

The report proposes a research agenda for building networked systems that are more robust, reducing software design problems, and developing mechanisms to protect against new types of attacks from unauthorized users, criminals, or terrorists.

NETWORK SECURITY

The recent attack by computer hackers on the New York Times Web site is one more example of just how vulnerable today's computing systems are. Beyond mischief caused by hackers, other threats exist: human error, power outages, natural disasters, and construction accidents. Because systems are interconnected, the failure of one -- such as the telephone system -- could compromise the ability of others to perform correctly. The committee found that the public telephone network is becoming increasingly vulnerable and that the Internet is not yet secure enough to support systems on which critical services depend.

Much of the existing security technology for operating systems can be traced to research efforts in the 1970s and 1980s that focused on central, mainframe computers used in processing classified documents or confidential business records. Different mechanisms are now needed, the committee said, to protect against the new classes of attacks that become possible because of computer networks, the distribution of software using the Internet, and the significant use of commercial, off-the-shelf software.

The committee recommended a more pragmatic approach to security that incorporates add-on technologies, such as firewalls, and utilizes the concept of "defense in depth," which requires independent mechanisms to isolate failures so that they don't cascade from one area of the system to another. The committee also argued that greater use of encryption techniques was essential for securing the Internet. Acknowledging that government policies on encryption are inhibiting widespread deployment of encryption, the committee identified technical problems -- requiring research -- that also are serving as inhibitors.

NETWORK DESIGN

Research is needed to better understand how networked information systems operate, how their components work together, and how changes occur over time. Since a typical computer network is large and complex, few engineers are likely to understand the entire system. Many outages associated with large computer networks, like the telephone system and the Internet, can be traced to human error, the committee explained.

Better conceptual models of such systems will help operators grasp the structure of these networks and better understand the effects of actions they may take to fix problems. Approaches to designing secure networks built from commercially available software warrant attention. Improvements in testing techniques and other methods for determining errors also are likely to have considerable payoffs for enhancing assurance in networked systems.

SOFTWARE ENGINEERING

Building software that will function as intended is a central challenge for researchers. Large systems cannot be developed free of defects. The nation's dependence on these systems implies a need for more resources to assure progress in software engineering, the committee said. Most networked information systems use commercial, off-the-shelf software that was not necessarily designed for use in these settings. As a result, not only must the network developer design, build, and establish the trustworthiness of the system, but the job must be done with limited access to significant pieces of the system and virtually no knowledge of how those pieces were developed.

Because of these constraints, the committee said, research in new software development approaches and practices is key. Network size, physical separation of components executing different commands concurrently, and interactions within a system that is not uniform pose major challenges for network software developers.

The National Research Council is the principal operating arm of the National Academy of Sciences and the National Academy of Engineering. It is a private, non-profit institution that provides independent advice on science and technology issues under a congressional charter. The report was funded by the Defense Advanced Research Projects Agency and the National Security Agency.
-end-


National Academies of Sciences, Engineering, and Medicine

Related Engineering Articles from Brightsurf:

Re-engineering antibodies for COVID-19
Catholic University of America researcher uses 'in silico' analysis to fast-track passive immunity

Next frontier in bacterial engineering
A new technique overcomes a serious hurdle in the field of bacterial design and engineering.

COVID-19 and the role of tissue engineering
Tissue engineering has a unique set of tools and technologies for developing preventive strategies, diagnostics, and treatments that can play an important role during the ongoing COVID-19 pandemic.

Engineering the meniscus
Damage to the meniscus is common, but there remains an unmet need for improved restorative therapies that can overcome poor healing in the avascular regions.

Artificially engineering the intestine
Short bowel syndrome is a debilitating condition with few treatment options, and these treatments have limited efficacy.

Reverse engineering the fireworks of life
An interdisciplinary team of Princeton researchers has successfully reverse engineered the components and sequence of events that lead to microtubule branching.

New method for engineering metabolic pathways
Two approaches provide a faster way to create enzymes and analyze their reactions, leading to the design of more complex molecules.

Engineering for high-speed devices
A research team from the University of Delaware has developed cutting-edge technology for photonics devices that could enable faster communications between phones and computers.

Breakthrough in blood vessel engineering
Growing functional blood vessel networks is no easy task. Previously, other groups have made networks that span millimeters in size.

Next-gen batteries possible with new engineering approach
Dramatically longer-lasting, faster-charging and safer lithium metal batteries may be possible, according to Penn State research, recently published in Nature Energy.

Read More: Engineering News and Engineering Current Events
Brightsurf.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com.