Content provided in partnership with
Government Industry
Self-inflicted vulnerabilities
Naval War College Review, Autumn, 2004 by Stephen D. Wolthusen
Even worse, it is not sufficient even to have individual components with proven certain security and assurance characteristics; their combination, such as between systems on a network, can still be insecure. (8) Such problems also arise--at levels of rigor far below formal modeling and proof--from configuration variations and the introduction of new subsystems (attached devices, new programs, or program revisions) within a single computer system. The ultimate result is a staggering combinatorial problem that simply cannot be addressed by mere testing, particularly since by definition the types of defects and cascading failure modes must be assumed to be triggered deliberately by an adversary with precise knowledge of the information system, rather than obeying standard probability distributions.
- Most Popular Articles in News
- The Ten Best Laptop bags
- Tata plans cheapest-ever car for Indian market
- GLOBALIZATION AND THE DEVELOPMENT OF UNDERDEVELOPMENT OF THE THIRD WORLD
- Corn is good for you; Corn is not only a tasty treat, but also a cereal that ...
- THE 50 BEST STYLISH HANDBAGS TO CARRY
- More »
Despite these well known limitations in trustworthiness, assurance, and manageability, off-the-shelf information technology products--for which safety and reliability requirements are generally relevant only as far as the civilian market will bear the inevitable increases in cost and decreases in otherwise desirable features--are increasingly used at all levels in the U.S. Navy, from planning to engineering systems onboard warships. This introduces a significant number of failure modes that must be considered but are nevertheless frequently ignored with predictable results. A case in point is an engineering network casualty aboard USS Yorktown (CG 48) in September 1997 that left the cruiser dead in the water for about two hours and forty-five minutes. (9) Land combat systems do not typically have the same levels of complexity--at least, not yet--but the gap is closing rapidly as new electronics subsystems are added and internetworked, as in the M1A2 main battle tank.
NO WAY BACK
Even if it were not already established acquisitions policy, fiscal considerations would dictate that COTS products, or marginal variations on them, will continue to dominate procurement of large parts of C4ISR assets. That is true as well for critical elements of civilian infrastructure that are increasingly relied upon for mission-critical requirements. Even if procurement of custom solutions were considered, such alternatives would lag considerably behind commercially available systems in terms of functionality. (10)
This reliance on commercially available products has already shown its drawbacks in such areas as electronics for weapons systems, where the cost and feasibility of reengineering are even less attractive than for purchasing systems reliable for the "life of type." (11) For software-based COTS systems, the outlook is even bleaker, for a number of reasons. First, hardware components are traditionally designed to a significantly higher level of quality, not least because errors introduced at the design stage are considerably more expensive to correct than with software-based systems. Hardware already manufactured with defects may need to be destroyed, recalled, and, if the defect is found, replaced.
