Information Assurance: Trends in Vulnerabilities, Threats, and Technologies (en Inglés)
Reseña del libro "Information Assurance: Trends in Vulnerabilities, Threats, and Technologies (en Inglés)"
One of the missions of the Center for Technology and National Security Policy at National Defense University is to study the transformation of America's military and to explore the consequences of the information revolution. During the last two decades of the 20th century, through a series of internal and external studies and policy pronouncements, the Department of Defense dramatically shifted its view of the nature of future military operations and the associated equipment, doctrine, tactics, and organization that were required. The names varied ("Reconnaissance/Strike Warfare," "Revolution in Military Affairs," "Network Centric Warfare," "Transformation"), but the basic premise was the same: The explosive changes in information technology would transform the future of military operations. The benefits of this change have been well documented, but its potential vulnerabilities have been less commonly described-or addressed for corrective actions. These actions must begin with a recognition of the new relationship between traditional defense systems and modern information technologies. Traditional warfare systems are developed, ruggedized, hardened, secured, and tested to ensure the highest level of performance and availability. As military systems become more software intensive (in both computers and communications), greater time and cost increases occur because of increased system complexity and the lack of vigorous software processes, especially when compared with more mature, hardware intensive engineering and development processes. For the most part, military systems are proprietary and communicate securely with little effect on performance. Current military weapons and combat platform system acquisitions have very high costs and extremely long lead times. This high expense and long preparation is attributed, in part, to the complexity of new system designs and to the rigidity of design processes that are needed to meet mission-critical battlefield requirements of high reliability, ease of maintenance, and built-in safety systems. The acquisition process itself introduces costs and delays because it must meet legal and regulatory demands designed to ensure openness and fiscal responsibility. These methods have produced formidable systems; American superiority in high-tech weapons development is acknowledged worldwide. In contrast to military systems, commercial information systems can be developed, marketed, and upgraded within a 2-year life cycle. The introduction and adoption by industry of new technologies such as wireless, voice over Internet protocol (VOIP), and radio frequency identification devices (RFID) are rapid, with little design concern for security and privacy. Introduction of this technology in the commercial market is based on user acceptability, legal consequences, and bottom-line cost analysis, not on considerations of safety, potential loss of life, or national security policy. In spite of these potential problems with commercial systems, their advantages-rapid deployment of state-of-the-art technology (consequently, higher performance) and far lower cost (because of much higher volume)-make them extremely attractive. Thus, over the past decade, Defense Acquisition Reform has been focused on developing processes to achieve both the high-performance and low-cost benefits that come from using commercial technology while still assuming the necessary mission objectives of high reliability, rugged environmental capability, and (particularly) security. This volume examines threats and vulnerabilities in the following four areas: physical attacks on critical information nodes; electromagnetic attacks against ground, airborne, or space-based; information assets; cyber attacks against information systems; attacks and system failures made possible by the increased level of complexity inherent in the multiplicity of advanced systems.
