As the military threats to our national security subsided in the post cold war era, we have discovered new threats involving non-military competition, changing national boundaries and a dwindling importance of physical distance resulting from transportation and information technologies. A threat of increasing importance to critical national security related institutions and infrastructures is emerging through new "high tech" portals and throughfares to our national sanctuary from a new dimension called the "infosphere." As we've exploited the power of information through exotic modern information technologies, we've discovered that our increasing dependence upon them introduces equally powerful potential vulnerabilities to our national sanctuary.

Who is responsible for protecting critical national security related systems from such coordinated attacks? Certainly a straightforward question that one would expect to be followed by an equally direct answer; however, simple answers are not possible. Generally, it is the owner and operator of the system, but that owner or operator may not recognize responsibilities not clearly defined or which had not been planned for when the system was designed. In some cases, enforcement of security responsibilities may require "modernized" national policies and statutes to ensure the appropriate security is provided. With the declining state of the economy, system owners, operators and sponsors are often forced to cut corners. Especially where the threat and implications are not well understood, investments in communications and computer security components may be avoided or deferred. "Where is the value added"? Further exploration of the threats and vulnerabilities and their impacts to segments of our government and society may be necessary for an adequate answer to that question to motivate additional investments in system security against what are often considered esoteric vague notions of "techno geeks." The threat to non-military systems and its implication to national security is just becoming understood and is a very complex technical subject that few if any completely understand.

As computers assume responsibility for ever increasing numbers of our most critical national infrastructures by interconnecting their distributed information systems in this dawning "information age," we must re-assess the security necessary and/or available to ensure the continued security, availability, reliability and integrity of those systems and infrastructure supporting them..

The National Security Telecommunications Advisory Committee (NSTAC) is one prominent national forum which has acknowledged in recent years the certain threat to infrastructures supporting national services and brought attention to degraded services to be the likely result from attacks from diverse regions of the growing international "infosphere." Among those most vulnerable are infrastructure supporting national telecommunications services, including the public switched networks, their network management software and the physical security of critical telecommunications support facilities, as well as the subscriber systems themselves. Others recognized as vulnerable include the transportation infrastructure with systems performing functions such as air traffic control, airline scheduling and railway management systems; they include the finance infrastructure interconnecting important government, banking and security/commodity exchanges and their users; they include the energy infrastructure with systems providing electrical power and fuel to our homes and industries (including nuclear power/fuel facilities); and finally they include systems supporting national and regional emergencies involving weather, medical assistance, terrorism and continuity of government entities. These services are critical to our national survival, freedom and independence and they must be protected, whatever the cost.

Therefore, undeniably, assured information services have become multifaceted, multidimensional and interrelated components of our national security structure. We must increase our awareness of these critical components of our national security and provide essential defense mechanisms. We must be ever vigilant and proactive in our awareness and exercise of the precautions available to us and make the necessary investments in research, development and system integration to ensure the necessary protection is provided in the future. To wait for a coordinated attack or crisis, with our freedom, national security and independence at stake, would be unforgivable.

The critical nature of assured information service has been more widely acknowledged relative to our military systems. Though the visible information security threat in Operation Desert Storm and other military operations of this decade has been relatively low, it has become apparent that our nation and its national security operating forces are increasingly dependent upon vulnerable satellite communications systems of many types, (including a variety of commercial systems). We've also seen the mushrooming proliferation of computers or automated information systems among our those forces, causing them to become much more dependent upon timely, tailored information (only available from richly connected automated systems). Thus, to ensure the availability, reliability, privacy and integrity of that information, we must revitalize and expand upon even our military information security capabilities and information assurance programs.

Another important realization emerging from our nation's military operations of this decade has been the need for information security products/tools which can provide secure interoperability among international information systems. Therefore the list of requirements for improved information assurance capabilities must prominently include the selective sharing of information security technologies. This is certainly problematic when the nation may be an ally in a military operation but an intense competitor in other domains, such as political, economic, technological or energy. The challenge is made even more difficult by the nature of modern "network-centric" information systems which must be interconnected to common networks to achieve the efficiencies for which they were designed.

As information technology capabilities expand and become more sophisticated and complex, those who understand them can apply them in many ways, including the exploitation of our dependence upon them for critical functions essential to our national security and well-being. Thus, the threat to the information, services supplying it, their supporting infrastructure and the infrastructures supporting that infrastructure becomes particularly intricate and complex, with many facets and dimensions.

Together, many of the critical functions exploiting modern information technology operate to increase or leverage national productivity or to be force multipliers for the military. In fact, information technology and its denial has truly become a weapon. That was made apparent as early as Operation Desert Storm (through the use of strategic deception for example). Thus, essential information, information services and supporting information infrastructure must be protected as are other critical national resources. All are resources that work modularly to protect a flexible information architecture to adaptively and efficiently support our national security.

Of particular concern are some of the following factors involved in the international proliferation of automated information system technologies. One is the diverse array of threats partly resulting from the expanding demand for universal connectivity and global information sharing by interconnecting and integrating systems and networks. Related to this is the growing reliance upon a central infrastructure or consolidation of system/network support facilities and services. Increasingly, integrated open systems rather than independent dedicated systems are being installed. In addition, many of these integrated systems involve portable or mobile access capabilities, increasing their vulnerabilities. For example, cellular telephones, mobile satellite networks and wireless computer networks in office and apartment buildings increase the opportunities of potential eavesdroppers and attackers. Since many of these are digital networks, new digital security devices to support wireless digital system interfaces are urgently needed. Further, similar devices or tools are needed for the growing multimedia integrated public networks.

Similar needs exist among military systems. For example for the radio telephone and data systems requiring low probability of detection or intercept or anti-jam capabilities. Included in such requirements are those for over the air cryptographic keying/rekeying and communications and transmission security features integrated in the radios themselves. These capabilities must include selectable operation in a variety of modes and over more than one radio band by its operator (sometimes remotely).

Future Concerns

In addition, the increasing dependence upon commercial off the shelf products, leased commercial services and related short development cycles, rapid upgrades, turnovers and short-term obsolescence of systems reduce opportunities to develop or provide adequate security measures during their life cycle. Besides, it is difficult to detect unwanted elements in the software and firmware embedded in those systems.

Adding to concerns are the expanding requirements for and intent to provide multiple security levels of information in single systems, with the increased system security complexity and vulnerability to increasingly sophisticated threats to such systems. Related to this vulnerability are the growing numbers of high speed and "distributed" systems. In distributed systems, diverse subscriber communities share information storage, processing, dissemination and management servers sharing a common network or concatenated set of networks. A distributed data base management system is an example of such a system. In the future, we may apply knowledge-based artificial intelligence technologies with multi-security level data base management systems and high speed signaling capabilities to support distributed high speed parallel processing. However, such capabilities are not yet available, requiring more restrictive solutions in the near term.

Futher, the paucity of information security products, tools and services is a problem generally. Though the number of commercial products and services is increasing at an impressive rate, a shortage of tools to integrate and/or evaluate/accredit systems using those products, tools and services hampers their effective application. Also, the small number of qualified information security technology developers, integrators and evaluators/accreditors is of equal concern. In addition, there is an urgent need for an organized cadre of information security professionals with the knowledge and skills to perform system development, integration, certification and accreditation. In addition, education, training and professional certification institutions are needed to support those professionals as well as the users of the systems they provide.

Technical Perspectives

Information security systems are highly technical and complex, involving a variety of components. levels and layers. For example, physical security components are as important as software components and procedural factors. These include types of locks, seals, coatings. linings. barriers and shielding of equipment, facilities and material. Other information security system components include cryptographic units, algorithms and keys, transmission signal masking, and control of compromising emanations or emissions. However, also critical to assured information services are procedural security regarding operational activities or objectives, personnel and administrative security, and institutional life cycle support of security related components of information systems and networks.

Information security services may be organized or integrated to support a variety of protection levels through a "defense in depth" strategy. For example combinations of security services may be applied to maintain the integrity of the information or authenticating those accessing the information and (through encryption) ensuring its privacy while transiting circuits and networks. Another level of protection is to limit an adversary's detection and interception opportunities from communications systems used for its access or exchange by spreading the signal over a wide bandwidth or evasive hopping among radio frequencies.

Logical layers of protection can be provided modularly to achieve in operating system or application program software or through access mechanisms and procedures. Additional security layers can be provided in connections to subsystems, networks or coding/encryption of transmission to achieve "defense in depth." Through mixing and matching a variety of tools, products or procedures, system integrators can increase security to the appropriate level or depth. However, this becomes increasingly challenging in the "network-centric" systems managed by diverse communities or domains with diverse policies, rules and procedures.

As noted above, many tools and products and services complying with generally accepted security criteria have begun to emerge and are useable today. Information system vendors are working with their customers in both the public and private sector to configure their systems to provide modlar and adaptable security services, based on the user's need for individual applications. Some products include public cryptographic key infrastructure services, trusted operating systems, secure data base management systems, secure compartmented mode workstations, cryptographic authenticators, end-end encryption and trusted inter-computer security systems, multiple security level local and wide area networks and trusted guards and gateways which can be used to interconnect or separate networks and subscriber systems. At the dawning of the 21^st Century, these systems will mature further and others will be added to provide the capability for adaptive multi-level secure systems in the coming decade. What remains is for decisionmakers to obligate the necessary resources to apply them appropriately to the systems for which they have responsibility.

Future Directions

Hopefully through unified information security architectures, such as those emerging through the Department of Defense Information Assurance Program, unified efforts for future information security and assured information services can be accomplished speedily. Interoperability of products and tools are and will be placed at the top of the list of specifications for such solutions. They will be standardized and work to enable interoperability and operational efficiency among diverse communities of users across the national security enterprise, using products of equally diverse system vendors. To this end, expanded standard security components among the Defense Information System Network, Defense Information Infrastructure Common Operating Environment, Defense Message System and Shared Data Environment will be needed.

To adequately address such requirements will necessitate an enterprise-wide orientation. Enterprise-level systems security engineering is necessary, using a variety of technologies, products, tools and methods. And innovative life-cycle, evolutionary, modular, pre-planned product improvement acquisition strategies must be followed. Planners and managers must think systematically about information security and improving existing systems in increments. Security should not be added as an afterthought. If done in this manner, it will be both less effective and more expensive. Where possible, designs, and hardware and software tools and products should be developed which can be reused for a variety of functions. Adaptable, flexible and reusable products, tools and services are essential. In most cases, this should include standard integrated and embedded security components supporting all facets and dimensions of the information system security challenge. Such embedded and integrated solutions should include adequate system level protection such as to be physically protected from tampering and capable of being discarded without threat of harm to critical information of the user or other systems or users.

In the coming decade, these urgently needed capabilities can be made available provided adequate investments are made to develop and field them. The capability to ensure the security of automated information systems and maintain their integrity while reducing their vulnerabilities is possible through the application of technologies now becoming available. They include high speed digital signal processors, integrated optics, programmable cryptographic units, secure software and firmware development environments and controlled development methodologies.

However, merely obtaining the technologies is not enough. Operators, and managers must be properly trained to use them. Education and training must also emphasize the growing threats from dishonest companies, amateur hackers, terrorists, drug traffickers, economic and information warfare specialists of our adversaries and international competitors. They must be made aware of the potential results of the denial and surreptitious modification or seizing of critical information affecting our national security and independence.

Finally, we must continually monitor and assess the operation of critical information systems to ensure that protective measures, including training are effective. We must assign the necessary resources and attention to monitoring the security of that information and its supporting infrastructure. To do this, we need monitoring technology and talent. We need a new breed of professionals. A new cadre of information security professionals to assess threats, integrate systems, evaluate their capabilities and monitor their performance from a "network-centric" perspective. They will also need evaluation and assessment tools, now in short supply. But perhaps even more important, they will need new institutional tools that include modernized information assurance policies and procedures, new occupational classification categories, education and training institutions, threat assessment and evaluation professional certification procedures and authorities.

Conclusion

In light of declining budgets, information systems and/or automated decision support systems being bought in coming months will likely be those we must use for early decades of the 21^st Century. Thus, new innovative acquisition strategies must be applied to ensure essential security features are available in those systems. These are consistent with the management principles of the Cohen-Clinger Act and include at a minimum modular, objective performance measures, evolutionary and pre-planned product improvement elements, embedded/integrated/reprogrammable components, built in test equipment and other self-diagnostics (including security conditions). Acquisition decisions must be based on reengineered functional processes, good life-cycle management principles and must include education and training, evaluation, certification and accreditation capabilities to optimize the security of the system.

But, as emphasized above, decisionmakers, facing declining budgets, will encounter competing requirements seeking scarce resources and many arguments against investing in security. Some will involve cost while others will include access, interoperability, competition, system efficiency, freedom of information, and technology transfer restrictions; however, the focus must remain on the availability, reliability, integrity and security of critical information and its relationship to national security, relative to known potential threats from sources such as those discussed above.

In this regard. the best possible information on that threat must be made available to resource managers and senior executives, and where possible to the public. This awareness is absolutely essential to ensure support for the necessary resources to provide requisite security. Other-wise the currently frequent disregard will continue for preventive security measures which are available but considered cumbersome or too expensive. Our adversaries will benefit from such apathy, indifference and lack of appreciation of the threat and our vulnerability to it.