CERT
 
Publications Catalog Historical Documents CERT Contact Information Meet CERT Employment Opportunities
 

Note: This is an historic document. We are no longer maintaining the content, but it may have value for research purposes. Pages linked to from the document may no longer be available.

Report to the President's Commission on Critical Infrastructure Protection

James Ellis, David Fisher, Thomas Longstaff, Linda Pesante, and Richard Pethia
January 1997

Executive Summary

Abstract

Body of Report

  1. Introduction
  2. Key Factors in the Current State of Internet Security
  3. Assessment of Internet Vulnerabilities
  4. The Cascade Effect of a Sustained Attack on the Internet
  5. Implications for Public Policy
  6. Conclusion

The current state of Internet security is cause for concern. Vulnerabilities associated with the Internet put users at risk. Security measures that were appropriate for mainframe computers and small, well-defined networks inside an organization are not effective for the Internet, a complex, dynamic world of interconnected networks with no clear boundaries and no central control. Security issues are not well understood and are rarely given high priority by software developers, vendors, network managers, or consumers.

To compound the problem, the Internet was not originally designed to be secure, and attackers prey on the ongoing lack of security because attacks are so easy and the risk of getting caught is slim. As long as we continue to rank security lower than price, performance, and other features, the growing dependence of the United States on the Internet makes our country vulnerable.

This vulnerability will increase in the future because of the growing ties between the Internet and the critical infrastructures identified in Executive Order 13010. Today, a sustained attack on the Internet can have a serious impact on other critical infrastructures in the United States. In the future, because the ties between critical infrastructures and the Internet will become stronger and more intricate, the impact of an Internet attack could be devastating.

It is essential to take steps now to ensure that the U.S. can resist Internet attacks and that the Internet can continue to perform critical functions in the face of an attack. Although no single approach can ensure Internet security and survivability, a combination of approaches can reduce the risks associated with our ever-increasing dependence on the Internet and the possibility of a sustained attack on it. In this report, we offer recommendations on the role the government can play in reducing risks to the Internet and our other critical infrastructures. These recommendations are summarized below and discussed in detail in Section 5.2.


1. Reporting and Monitoring Threats and Vulnerabilities

a. Designate a single, independent, trusted organization to collect and analyze cybersecurity incident data, and report on quantity, trends, and character of the incidents.

b. Support the establishment of mechanisms for sanitizing and disseminating data on security problems, data that helps the networked community understand the scope and cost of the overall problem.

c. Share threat information available to the government with the private sector to help them accurately gauge the threat they face, especially the international threat.

d. Support the growth and use of global detection mechanisms by using incident response teams to identify new threats and vulnerabilities.

e. Encourage Internet service providers to develop security incident response and other security improvement services for their customers.


2. Education and Security Mechanisms for "Safe Computing"

a. Support the development of educational materials and programs about cyberspace for all users, both children and adults. In particular, support programs that provide early training in security practices and behavior when using the Internet.

b. Invest in awareness campaigns that stress the need for security training for system administrators, network managers, and chief information officers.

c. Facilitate the development and deployment of security mechanisms for information in cyberspace, mechanisms that allow each party to a transaction (or perhaps parents on behalf of their children or companies on behalf of their employees) to decide what precautions and limitations they want.


3. Research and Development

a. Fund research and development in the areas of security and survivability for unbounded systems' architectures with distributed control.

b. Encourage the development of comprehensive toolkits that support network administrators' efforts to operate secure systems; acquisition and operations organizations should drive the market.

c. Support the development of techniques for comprehensive, continuous risk identification and mitigation programs.


4. Use of Standards

a. Establish and encourage acceptance of software security standards as a short-term method to jump-start the process of improving security in Internet products.

b. Create a U.S. government policy that government-purchased computer equipment and software must meet a specified set of security standards; include in this policy a requirement for a security alert service that notifies the customer of vulnerabilities and repairs.


5. Laws and Law Enforcement

a. Support our "cybercops." Allocate appropriate funding to law enforcement agencies to support the training, physical resources, and staff necessary to handle the cybercrimes reported.

b. Ensure that national policy reflects the need of law enforcement to coordinate internationally to solve crimes in cyberspace. Support law enforcement in forming international hot pursuit agreements.

c. Ensure public policy facilitates the widespread use of encryption to protect information and users of cyberspace.

Prepared for presentation on the web July 1997

Copyright 1997 Carnegie Mellon University