Ensuring Security in
Information Technology

By Shiu-Kai Chin

Alvin Toffler, in his book Powershift, writes, “Knowledge, violence, and wealth, and the relationships between them, define power and society.” The September 11 terrorist attacks on the United States stunningly illustrate how the nature of power and our society is affected by technology in general and information technology specifically. The World Trade Center and the Pentagon—the symbols and centers of America’s economic and military strength, respectively—were both rammed by Boeing jetliners—examples of America’s dominance in commercial aviation. All of this was visible on a stage seen by the entire world in real-time, thanks to television and video cameras with real-time viewer interaction made possible by cell phones, pagers, e-mail, and the Internet. In the immediate aftermath, we saw thousands dead, a plunging stock market, and a whole nation disrupted by shock, anger, sadness, and fear—a fear that, in an instant, the relative safety we had taken for granted was now irrevocably shattered. How could so few affect so many and so much? Would we, could we, ever feel safe again?
      Our technologically interconnected society supports the phenomenon that a few can significantly impact many. A 1965 finding known to computer gurus as Moore’s Law explains how increasing the number of transistors could double the power and speed of computer chips every 18 months. This is why last year’s Pentium processor is half price now and the newest models are twice as powerful. These advances make it feasible and economical for computers to be everywhere—from our desktops and pockets to our power plants and car brakes. Virtually anything can and is connected to everything else via computer and telecommunication networks. This is how a failure in a seemingly small and isolated component can cause failure across an entire system. Remember the 1965 blackout of New York City? That collapse of the Northeast power grid started with the failure of a single small electrical relay in Niagara Falls. The fact is our technological prowess has outstripped our ability to predict accurately what a complex system will do in all situations. Our interconnectedness and the complexity of our systems leave us vulnerable to unanticipated failures and to deliberate attacks. Systems now must be engineered with security in mind as well as safety and correctness.

      Recognizing the increased vulnerability of such critical infrastructures as telecommunications, power, banking, and emergency services, President Bill Clinton ordered the creation of the President’s Commission on Critical Infrastructure Protection in 1996. The commission’s purpose was to form a national strategy for protecting America’s critical infrastructure from physical and cyber-attacks (www.ciao.gov. One of the commission’s recommendations contained in its 1997 report, Critical Foundations—Protecting America’s Infrastructures, was increasing research in information assurance, or ways to assure the correctness, safety, availability, and security of information and information systems. Since the report was issued, the National Infrastructure Protection Center under the FBI has been created to deter, detect, assess, and respond to physical and cyber-attacks on our critical infrastructure (www.nipc.gov). The National Academy of Sciences conducted hearings on the trustworthiness of information systems and has published its findings in a book, Trust in Cyberspace (www.nap.edu/html/trust). New research programs in assurance are in place at such government agencies as the National Science Foundation and the Air Force Research Laboratory in Rome, New York.
      Several SU professors are directly involved in efforts to counter cyber-crime and cyber-terrorism. For example, several of us are actively researching the technical aspects of information warfare, and I am a co-chair of the Tools and Technology Committee of the National Institute of Justice’s Electronic Crime Partnership Initiative. SU’s Center for Systems Assurance earned the University the distinction of being a National Security Agency Center of Excellence in Information Assurance Education (csa.syr.edu. The CASE (Computer Applications and Software Engineering) Center at SU is recognized by the New York State Office of Science, Technology, and Academic Research (NYSTAR) as an Enhanced Center for Advanced Technology in Information Assurance (case.syr.edu).

Continued on page 16
Continued on page 17
Continued on page 18
Continued on page 19
Back to page 1
Back to page 2
Back to page 3
Back to page 4
Back to page 5
Back to page 6
Back to page 7
Back to page 8
Back to page 9
Back to page 10
Back to page 11
Back to page 12
Back to page 13
Back to page 14

Main Home Page Contents Chancellor's Message Opening Remarks
Reflections In Memoriam Time of Terror Lessons of Hope
Future Impact Voices

E-mail the magazine editor
E-mail the web guy
820 Comstock Ave., Rm. 308
Syracuse NY 13244-5040