Research
and Development (R&D) Exchange Workshop Break Out Session You will need Adobe Acrobat Reader to view .pdf files. Human Factors Break Out Session (download the PDF version) Background The efficacy of any technology is directly dependent upon the ability of humans to configure, implement, and manage it as it was designed. Various factors—user awareness, organization policies and procedures, legal issues, and business pressures, among others—all shape how trust is instilled in systems. Poor user awareness or inadequate policies, for example, can manifest two problems. First, users unfamiliar with key technologies designed to engineer trust into networked information systems can inadvertently expose those systems to risk through poor configuration, implementation, or management. Second, insiders authorized to use systems they later employ for illicit purposes remain a vexing problem in terms of building trustworthy systems. Without strong protections (such as background checks, access controls, and multi-layered defenses), insiders may be able to exploit what might be technically considered a “trustworthy system.” Recent publications focused on insider activities, including the U.S. Secret Service and CERT® Coordination Center’s Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector, acknowledge that many reported incidents are technically unsophisticated, and thus require organizations to concentrate on their overall business processes rather than focusing narrowly on technical solutions. Additionally, as today’s virtual organizations expand to include networked associates (such as vendors, trading partners, and customers), the definition of “insider” evolves to encompass a far greater number of users necessitating increased focus on information security policies. The Insider Threat Study discusses the importance of strengthening business practices and organization policies by creating a culture of security. The study recommends that all users (from individuals responsible for data entry to system administrators to senior management) are aware of the value of security and are endowed with responsibility for responding to and reporting on suspicious behavior. In today’s environment there are limited guarantees that the integrity of software assets for national security and emergency preparedness (NS/EP) communications have not been compromised, suggesting the need for increased non-intrusive surveillance techniques to defend against malicious interference from insiders. 2003 RDX Workshop Results At the RDX Workshop at the Georgia Tech Information Security Center at the Georgia Institute of Technology in March 2003, participants emphasized the fact that human factors pervade all aspects of trustworthiness in NS/EP telecommunications and information systems. Even the best technical solution can prove vulnerable to intentional (e.g., external attack, insider threat) or unintentional acts (e.g., defective software, inadequate system configuration, non-compliance with security policies). Participants identified seven broad areas shaping the operating environment focused on efforts to minimize the risk of inadvertent failures and malicious acts: education, training, and awareness; policy development, dissemination, and enforcement; human processing and decision-making; anomaly detection; insider threats; cultural shifts; and supply source identification. As a result of the discussion, participants developed the following list of research priorities. Human Factors Research Priorities
Physical Security Session (download the PDF version) Background Recognized as the “backbone” for all other critical infrastructures, the telecommunications sector is heavily relied upon by the United States Government, other critical infrastructures, and the general public. Consequently, threats against key telecommunications facilities could adversely affect not only the day-to-day operations of the many residential and commercial customers who rely on the networks but also the national security and emergency preparedness (NS/EP) services that run across the network. Although industry and Government have made progress in protecting the infrastructure, vulnerabilities still remain with regard to physical security at critical telecommunications facilities. Trusted systems may be compromised via damage to and/or infiltrations of the facilities in which critical telecommunications systems are housed. Significant concern arises around the structural elements of the facility as well as the trusted physical access granted to individuals requiring entrance to sites where telecommunications assets are concentrated. The physical design of a facility may leave the key elements of the telecommunications infrastructure vulnerable to a variety of environmental and human factors. The southeastern United States is struggling to recover from an arduous hurricane season and the telecommunications infrastructure and those that rely on it are still learning critical lessons from the September 11 terrorist attacks. With the threat of both natural and man-made disasters ever looming, the telecommunications industry has sought new ways to build physical protection technologies into its networks and facilities and to identify which technologies – both new and old – provide the right combination to create a more secure environment. In addition to the physical protections built into the structure and design of a facility, a second physical security concern relates to procedures for granting trusted access. While many facilities currently address, to some degree, the concern that unauthorized persons with malicious intent could gain access to the facility, the fear also exists that legitimate personnel with authorized access to critical facilities can have malicious intent for a variety of reasons. This type of threat is both difficult to detect and defend against. Employees, contractors, maintenance and supply workers require access to facilities housing sensitive or critical elements of the infrastructure on a regular basis. However, many facilities cannot guarantee that those granted access are trusted individuals, though they are often given unsupervised access. Protection efforts must also consider emergency incident response situations, such as earthquake-related disaster areas and access to national special security events (NSSE), such as national political conventions and Presidential inaugurations. Communications are critical to the successful execution of both situations and telecommunications personnel will be utilized in various stages of such events. The identification of fluid methods of involvement for personnel from the telecommunications sector (and other critical infrastructures) in the continued heightened security alert state, including access to those emergency and special security events and the networks they rely on, are critical issues for industry and Government to resolve to ensure the continued trustworthiness of the network. While industry and Government have made significant progress in their efforts to identify mitigation strategies related to both design and access related vulnerabilities, communications technologies continue to permeate the reaches of the U.S. infrastructure, pushing the issue of physical security at telecommunications facilities into new territory. Though physical security efforts have traditionally focused on the physical protection efforts related to the facilities where infrastructure components are housed, the issue has branched into the arena of logical access to critical information and networks as well. As more of the communications infrastructure becomes networked, and a greater portion of critical assets are stored in cyberspace. Consequently, those addressing the issue of physical security at telecommunications facilities are faced with the additional concern of protecting and restricting “cyber” access to their critical networks. 2003 RDX Workshop Results At the RDX Workshop at the Georgia Tech Information Security Center at the Georgia Institute of Technology in March 2003, participants agreed on the importance of several overarching themes to characterize the state of physical security. First, they stated there were not defined or Government-validated threat scenarios or adversary attack plans against which to build measures for protecting facilities. Second, they noted the difficulty for telecommunications companies to first determine what threats existed to the industry and then protect against all feasible attack techniques. Participants also noted a lack of widespread understanding and appreciation within the industry for the sophistication of threats they face on a day-to-day basis. Finally, participants emphasized the importance of considering physical security in the context of protecting human capital, in addition to the more obvious and visible threats to physical assets. In considering R&D issues related to physical security, participants identified physical access control, information control, architectural integrity, and education and awareness as key issues in the discussion. As a result of the discussion, participants developed the following list of research priorities they believe should be further examined through industry/Government/academic partnerships. Physical Security Research Priorities
Background In its seminal report Trust in Cyberspace, the National Research Council framed a set of issues related to the trustworthiness of the Nation’s telecommunications network. Specifically, the report focused on the correctness, security, reliability, safety, and survivability of the public switched network (PSN) and the Internet; the logical elements of computer networks; and the systems, devices, and applications employed by end users. To protect against the threat of malicious software and distributed denial of service attacks, an array of technologies such as firewalls, intrusion detection systems, and virtual private networks have been researched, developed, and fielded. The effectiveness of those technologies, however, is limited by several factors, including the inability to keep pace with attack profiles, interoperability issues between proprietary solutions, inconsistent patch implementation, and the increasing complexity of the telecommunications network as a result of convergence activities. Network trustworthiness may be defined as the expectation that systems on that network will do what they are supposed to do and not do what they are not supposed to do. As such, software plays an integral role in achieving trustworthiness, as it is the software that integrates and customizes general-purpose system components to accomplish any given task. Consequently, inadequate software security can have many far-reaching negative consequences that detract from the overall trustworthiness of information systems. Factors related to software that can affect the trustworthiness of systems include, but are not limited to: (1) complex source code that could contain millions of lines of code to be tested and evaluated in short time periods; (2) the connection of legacy systems to more current, diverse systems; (3) the movement toward using commercial off the shelf software, which in many cases causes developers to become dependent on third party vendors for the design and security of important components; (4) the inability to ensure that system administrators are updating system software patches in a timely manner; and (5) other influences, such as standards and/or regulations that compete with efforts to develop trusted systems. These security issues have considerable impact for national security and emergency preparedness (NS/EP) stakeholders and the technologies upon which they rely. Additionally, of increasing concern to the NS/EP community during recent years is the growing prevalence of spyware, which represents a significant challenge for industry and Government because of a number of associated security implications: loss of sensitive and/or proprietary information, loss of privacy, loss of bandwidth, loss of system integrity, and loss of resources. Many advances have been made in the arena of cyber and software security, including the creation of the National Cyber Security Division within the Department of Homeland Security’s Information Analysis and Infrastructure Protection Directorate to address the concerns related to the Nation’s cyber security posture and the National Security Agency’s recent proposal to create a government-funded research center devoted to improving the security of commercial software. However, new technological advancements and the increasing global access to the Internet only serve to increase the difficulty of ensuring network trustworthiness. As the nature of the network continues to change, so too will the discussions related to trustworthiness. 2003 RDX Workshop Results At the RDX Workshop at the Georgia Tech Information Security Center at the Georgia Institute of Technology in March 2003, participants determined that protecting NS/EP mission-critical systems and ensuring their reliability had become a responsibility not only of the U.S. Government but also that of the private sector, the primary owner and operator of critical infrastructure. Participants emphasized the Nation needed to expect and, in turn, develop strategies to eliminate more sophisticated threats likely to be unleashed in the future. They noted today’s security practitioners were responding to hackers defacing websites or stealing credit card numbers. In the future, however, highly organized terrorist organizations (and possibly hostile foreign countries) might launch more sophisticated, widespread, and debilitating attacks, exploiting vulnerabilities in the information infrastructure. Several participants noted how R&D investments in cyber security were minimal in the 1980s, and how the results of that neglect were visible today. They stated the increasing reliance on commercial off-the-shelf products had reduced overall cost, but also caused users to become dependent on third party vendors for the design and security of important components. Others stated the U.S. Government, reluctant to regulate the Internet to avoid stifling competition, had mainly delegated the responsibility to protect the Nation’s critical telecommunications infrastructure to the private sector. They noted, however, that market objectives and national security concerns were not always harmonious. They stated the primary motivation for a company was to increase profitability and market presence. Therefore, most participants agreed that reliance on pure market forces was unlikely to produce a business case conducive to spending valuable resources on security protections. The group also expressed an overall sense of frustration at the political and bureaucratic processes driving research in cyber security technologies, noting many of today’s security vulnerabilities were identified more than a decade ago, but little progress had been made in eliminating them. As a result of the discussion, participants recommended that the Office of Science and Technology Policy focus on R&D activities in two dimensions: (1) short-term research that could improve the trustworthiness of software and cyber systems in the near future and (2) long-term research that could embed the concept of trustworthy computing in the design of future systems. These priorities are summarized below:
Questions or comments concerning this site? Please contact the webmaster. Reviewed December 07, 2006 |