Issue No.06 - November/December (2004 vol.8)
Published by the IEEE Computer Society
Mike Reiter , Carnegie Mellon University
Pankaj Rohatgi , IBM T.J. Watson Research Center
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MIC.2004.62
"Homeland security" is a major concern for governments worldwide, which must protect their populations and the critical infrastructures that support them. Information technology plays an important role in many homeland security initiatives. On one hand, it can help mitigate risk and enable effective responses to disasters of natural or human origin. Yet, its suitability for this role is plagued by questions ranging from dependability concerns to the risks that some technologies, such as surveillance, profiling and data aggregation, pose to privacy and civil liberties. On the other hand, information technology is itself an infrastructure to be protected. This includes not only the Internet and financial infrastructure but also the complex systems that control critical infrastructure such as energy, transportation, and manufacturing.
Homeland security is a major concern for governments worldwide, which must protect their populations and the critical infrastructures that support them. Information technology plays an important role in such initiatives. On one hand, it can help mitigate risk and enable effective responses to disasters of natural or human origin. Yet, its suitability for this role is plagued by questions ranging from dependability to the risks that technologies such as surveillance, profiling, and data aggregation pose to privacy and civil liberties.
IT itself is also an infrastructure to be protected, including not only the Internet and financial infrastructure but also the complex systems that control energy, transportation, and other critical systems. While the latter have traditionally been proprietary and closed, the trend toward using standard computer and networking technologies and open communication networks leaves them increasingly vulnerable to catastrophic attacks and failures.
IT plays a major role in preventing, detecting, and providing early warning of attacks. It can also increase critical infrastructures' resilience through mechanisms for fault-tolerance, response, and recovery.
Good border and transportation security, coupled with tightly controlled access to critical infrastructure, are important steps toward attack prevention. Tamper-resistant, sensor-based technologies for detecting and tracking the movement of hazardous materials are key to preventing their misuse for terrorist acts, for example. Technologies for identification and authentication can help prevent unauthorized entry and access. However, preventing attacks on those IT components within the critical infrastructure requires more traditional information and computer security techniques. Another preventive technique involves the use of surveillance, data aggregation, and data mining to detect patterns of activities that presage attacks.
Because attacks and disasters occur despite preventive measures, critical infrastructure must be resilient against random or deliberately introduced faults. Techniques from the field of high-availability, distributed, fault-tolerant computing are vital in this regard. It's important to detect attacks early on, triggering well-planned, effective response-and-recovery strategies. This involves the use of sensors, sensor networks, and information-correlation techniques for early attack detection and the use of rapidly deployable emergencycommand-and-control infrastructure to coordinate response and recovery efforts and maintain essential services.
The articles in this issue explore the twin aspects of information technology's role in homeland security. In "Matchbox: Secure Data Sharing," Goldman and Valdez address the difficult challenge of sharing, mining, and aggregating sensitive information from multiple sources while preserving the secrecy, privacy, legal, and business constraints associated with that information. The main challenge here is to convince information owners — all who have an interest in protecting the information — that the data-aggregation system and process is designed in a manner that prevents abuse.
While many authors have designed expensive multiparty cryptographic protocols for specific instances of this problem, the Matchbox approach utilizes the programmable IBM 4758 crypto coprocessor, whose bootstrap code and physical security have been validated at FIPS 140-1, level 4. This coprocessor provides a secure environment within which information sharing can be strictly controlled according to rules specified by a digital contract among information owners. The coprocessor's active tamper-responding technology guarantees that sensitive information and cryptographic keys are safe even in hostile environments, and its remote-attestation capability provides assurance to concerned parties that they're communicating with the real device executing a software stack they trust.
In "Adaptive Cyberdefense for Survival and Intrusion Tolerance," Atighetchi et al. deal with the important problem of designing critical distributed infrastructure to be survivable and intrusion-tolerant. The core approach in this article involves enabling applications — using a toolkit developed for the DARPA Applications that Participate in their Own Defense (APOD) project plus aspect-oriented techniques and middleware — to respond to attacks based on application-specific defensive strategies. This strategy typically integrates a variety of defensive mechanisms and tactics such as replication, attack containment, firewalls, network-based intrusion-detection systems, and so on.
Challenges and Future Work
The link between IT and homeland security is relatively new, and the pros and cons of many technical proposals are yet undetermined. It remains unclear, for example, how effective information-aggregation and mining will be in practice. Will the technology be resilient enough to withstand attacks during critical times? Similarly, approaches to creating a resilient infrastructure without trusted, high-assurance components are yet unproven. This is a major concern as developers increasingly use standard commercial products for building critical infrastructure, but only a few IT components have been developed to meet high assurance standards.
Michael Reiter is a professor of Electrical & Computer Engineering and Computer Science at Carnegie Mellon University. His research interests include all areas of computer and communications security and distributed computing. Reiter received an MSc and a PhD in computer science from Cornell University. Contact him at firstname.lastname@example.org.
Pankaj Rohatgi is a research staff member in the Internet Security group at the IBM T.J. Watson Research Center. His research interests include applied cryptography, cryptographic engineering, system and network security, privacy, secure system and hardware design. Rohatgi received a PhD in computer science from Cornell University. Contact him at email@example.com.