| Related sites for http://usinfo.state.gov/journals/itps/1198/ijpe/pj48min.htm |
| International_Guide_Book_for_Traffic_Accident_Reconstruction A technical reference book in both US and metric measurements for traffic accident analysts and reconstructionists. | | Hussaini,_Syed_Abid Resume, statement of purpose and pharmacology information. | | Salvation_Army_London_Citadel_Corps The Salvation Army London Citadel Corps located in London, Ontario Canada. Information includes the history, special events, weekly activities, contact information, and a photo gallery. | | Finest_City_Squares Includes schedule, links, gallery, and contact information. Located in San Diego, California | | Daily_Diva Magazine of fashion, music, culture and beautiful Black women. | | Johannsmeyer Family database compiled by William L Johnsmeyer. Features the lineage that originated in Rattinghausen, Germany, near the town of Bad Essen. | | Rocky_Mountain_Miracle_Center Serving the A Course In Miracles (ACIM) community and its teachers, students groups, classes and meetings. | | Christians Addresses the modern belief that there is no absolute truth, unity in the church, and the relationship between faith and works. Includes downloadable and printable versions of the site. | | Watchman_Fellowship_Profile__A_Course_in_Miracles History of the movement, Course doctrine as compared to Biblical verse, and additional resources. | | Key_Information__The_United_Methodist_Church Includes links to important UM groups, churches, and districts, contact information, news, historical background, theology, and doctrine. | | Buddhist_Country_Statistics Lists Top 10 countries with most Buddhists, top 10 countries with highest percentage of Buddhists. | | The_Walk_With_Christ Formerly Eastern Washington Walk to Emmaus. Features events, contacts, and news. | | TV_Polonia Polish satellite television available in the US. Contains ordering information, programming schedules and pricing. | | The_Way_to_Christ A 1622 book explaining how the soul may come to know the divine. Consists of the works known as "Of True Repentance," "Of True Resignation," "Of Regeneration," "Of the Super-Sensual Life," "Of Heaven | | Overview_of_Community_Corrections Florida corrections statistics for the 1998-99 fiscal year. | | Law_Office_of_Janet_Langjahr_PA Commentary on family law matters, focused on Florida. [RSS] | | Political_Writings_of_George_Orwell Essays, newspaper columns, letters and editorials from 1943 - 1947. | | South_Eastern_Centre_Against_Sexual_Assault Resources and support for both men and women. SECASA is a sexual assault and rape crisis center in Victoria, Australia. | | GreenWatch_org Capital Research Center project detailing the activities and funding of left-environmental organizations. Searchable database of environmental pressure groups. | | The_Acappella_Company_Online_Store Official shopping outlet for Acappella albums and other TAC artists, series and themed albums. Also includes CD-quality songs in MP3 format, sheet music, songbooks, singles, pictures, posters and othe |
|
USIA, U.S. Foreign Policy Agenda, November 1998 --Lieutenant General Kenneth A. MinihanDirector, National Security Agency, "Defending the Nation againstCyber AttackDEFENDING THE NATION AGAINST CYBER ATTACK:INFORMATION ASSURANCE IN THE GLOBAL ENVIRONMENTBy Lieutenant General Kenneth A.MinihanDirector, National Security Agency The National Security Agency "is applying itsuniqueexpertise to develop the fundamental technology to create anational cyber-attack detection and response capability," saysAirForce Lieutenant General Kenneth A. Minihan. He emphasizes that"information superiority in the Information Age is a clearnationalimperative."We are at risk. America depends on computers. They controlpower delivery, communications, aviation, and financial services.They are used to store vital information, from medical records tobusiness plans, to criminal records. Although we trust them,they are vulnerable -- to the effects of poor design andinsufficient quality control, to accident, and perhaps mostalarmingly, to deliberate attack. The modern thief can stealmore with a computer than with a gun. Tomorrow's terrorist maybe able to do more damage with a keyboard than with a bomb.""Computers at Risk," National Research Council,1991 IntroductionPerhaps the most remarkable thing about the words quoted above isthat they were written almost at the dawn of the Information Age.Until recently, we as a nation have paid them little heed. TheUnited States, and the rest of the world, continue to chargeheadlong into the information revolution -- informationtechnology is making profound inroads into the very fabric of oursociety and our economy as a nation in the global community. Ina very real sense, the "Information Superhighway" has become theeconomic lifeblood of our nation.While leading the world into the Information Age, at the sametime the United States has become uniquely dependent oninformation technology -- computers and the global network thatconnect them together. This dependency has become a clear andcompelling threat to our economic well-being, our public safety,and our national security.The world's networks, referred to by many as "cyberspace," knowno physical boundaries. Our increasing connectivity to andthrough cyberspace increases our exposure to traditionaladversaries and a growing body of new ones. Terrorists, radicalgroups, narcotics traffickers, and organized crime will joinadversarial nation-states in making use of a burgeoning array ofsophisticated information attack tools. Information attacks cansupplement or replace traditional military attacks, greatlycomplicating and expanding the vulnerabilities we must anticipateand counter. The resources at risk include not only informationstored on or traversing cyberspace, but all of the components ofour national infrastructure that depend upon informationtechnology and the timely availability of accurate data. Theseinclude the telecommunications infrastructure itself; our bankingand financial systems; the electrical power system; other energysystems, such as oil and gas pipelines; our transportationnetworks; water distribution systems; medical and health caresystems; emergency services, such as police, fire, and rescue;and government operations at all levels. All are necessary foreconomic success and national security.Information Assurance -- the National GoalOn May 22, 1998, the president signed Presidential DecisionDirective 63 (PDD-63) on Critical Infrastructure Protection. Init he states: "I intend that the United States will take allnecessary measures to swiftly eliminate any significantvulnerability to both physical and cyber attacks on our criticalinfrastructures, including especially our cyber systems.The national goal is that by no later than the year 2000, theUnited States shall have achieved an initial operating capabilityand no later than five years from today the United States shallhave achieved and shall maintain the ability to protect ournation's critical infrastructures from intentional acts thatwould significantly diminish the abilities of: The federal government to performessential national security missions and to ensure the generalpublic health and safety; State and local governments tomaintain order and to deliver minimum essential public services; The private sector to ensure theorderly functioning of the economy and the delivery of essentialtelecommunications, energy, financial, and transportationservices."Achieving this sweeping goal will be a considerable undertaking,requiring a cooperative effort between the government and theprivate sector elements that operate the criticalinfrastructures. The PDD directs the federal government to leadby example in assuring the robustness of federal systems, butalso makes it clear that the public sector cannot solve theproblem unilaterally. Every federal department and agency ishighly dependent on the services provided by the private sector-- power, telecommunications, transportation, etc. Thus, the PDDenvisions a Public-Private Partnership to develop and implement acomprehensive National Infrastructure Assurance Plan, to dealwith the threat of electronic terrorism. The significantchallenge is how to get the private sector to engageinfrastructure assurance from a national perspective. In today'shighly competitive environment, the private sector is typicallydriven to achieve market advantage -- including driving downoperating costs -- to increase profits. Enhancedcyber-protection measures will require both expanded investmentand collaboration with competitors.Essential ElementsAny strategy for enhancing the robustness of our criticalinfrastructures must contain three basic elements: increasedprotection against cyber attack, the ability to detect when anattack is occurring, and the capability to respond and/or recoverwhen an attack is detected.Increased protection against cyber attack is founded uponencryption technology -- including digital signatures -- toprovide the authentication, integrity, non-repudiation, andprivacy/confidentiality services necessary for informationassurance. Strong digital-signature-based authentication used toprovide positive access control is perhaps the most powerful toolin protecting against cyber attack. Digital signature alsoprovides for integrity of electronic information andnon-repudiation of cyber-transactions. Encryption is applied todesktops, file servers, and across networks to assure the privacyof sensitive government, business, and personal information. Once the almost exclusive province of governments, encryptiontechnology is now widely available in the commercial marketplace,and is a fundamental enabler for information assurance. In fact,on September 16, 1998, the vice president announced a majorupdating of U.S. Export Control Policy on Encryption Technology,a clear indication of its importance to critical infrastructureprotection, as well as global electronic commerce and economicprosperity.Given the coming of age of encryption technology, the remainingchallenge is to apply the technology in a coherent and effectiveway to all of our critical infrastructures. To do this requiresboth a framework for application of the encryption services in ascalable, interoperable way, along with the establishment of asupporting public key infrastructure (PKI) to provide robust andglobally recognizable digital signature and encryption keycertificates, the individually unique "electronic ID" of theInformation Age. PKI services are now emerging in the privatesector to meet the demands of global electronic commerce and canbe leveraged to support critical infrastructure protection.In the areas of diagnosing, detecting, and responding to cyberattack, the technologies are not so mature or effective. Today,the United States has little ability to detect or recognize acyber attack against either government or private sectorinfrastructures, and even less capability to react. The abilityto identify a strategic cyber attack against one or severalcritical infrastructure components, and respond in appropriatefashion, is clearly a significant national security issue. Onecomplicating factor is that computer intrusions have beentraditionally regarded as a criminal event and within the purviewof law enforcement. When an intrusion occurred, the intruder was(hopefully) tracked down, arrested, and prosecuted. Further,many private sector entities were reluctant to share informationabout computer intrusions, fearing adverse press coverage (e.g.,newspaper headlines such as "Bank Losses Put at Millions inComputer Break-in" or "Hackers Disrupt Telephone Service") andpublic reaction. To build an effective national cyber-defensecapability, new rules of engagement must be developed to allowopen and dynamic collaboration among the private sector, the lawenforcement community, and the national security community.Emerging Information Assurance Role of the National SecurityAgencyIn the Information Age, the National Security Agency'straditional missions of Signals Intelligence and InformationSystems Security are evolving into one of providing informationsuperiority for the United States and its allies. Central tothis construct is an in-depth understanding of the GlobalInformation Infrastructure and the vulnerabilities of networkedinformation systems to cyber attack. On the defensive side ofthis mission, the NSA has undertaken a series of initiatives toprovide the technical foundation to protect our criticalinfrastructures.As mentioned earlier, encryption technology has become widelyavailable in the commercial marketplace and is the basicfoundation for protecting information systems from cyber attack. The bad news is that the many products available do not securelyinteroperate with each other and are of varying robustness, andthat there are many, often confusing, ways to apply encryption. As an example, there is e-mail encryption, file encryption, webencryption, link encryption, and virtual private networkencryption, just to name a few of the variations. To remedythis situation, the NSA has formed a partnership with the leadingsuppliers of security-enabled information technology to develop acommon framework for encryption services to provideenterprise-wide information assurance solutions. This frameworkdefines a coherent way to apply encryption technology to theenterprise, along with how encryption interacts with and supportsother security-related technologies and products, e.g.,firewalls, servers, routers, operating systems, intrusiondetection, malicious code detection, audit tools, and public keyinfrastructure services.Another dimension of the problem is the varying degrees ofrobustness in the many security relevant products in themarketplace. To address this issue, the NSA has formed apartnership with the National Institute for Standards andTechnology (NIST). Under this arrangement, the NSA and the NISTwill certify commercial laboratories to evaluate commercialsecurity relevant products, either to validate the vendor'ssecurity claims, or to validate compliance with the requirementsof the network security framework. Testing of the products willbe done by the certified laboratories on a fee-for-service basis,with cost and schedule negotiated between the lab and the productvendor.Lastly, the National Security Agency believes the nation needs ashared array of national security information assurance elementsand is applying its unique expertise to develop the fundamentaltechnology to create a national cyber-attack detection andresponse capability. The approach integrates a variety ofsensors that can be applied at critical infrastructure locationsand in the underlying telecommunications infrastructure itself,with sophisticated, broad-scale analytic techniques to provide adynamic view of the threats to critical infrastructures fromglobal cyberspace. These techniques should be shared by an arrayof national security, federal, industry, and regional componentsto allow concurrent detection, defense, reconstitution, andrecovery of vital services.In ConclusionThe economic prosperity that our nation enjoys today is largelyfounded in the Information Age and in our global leadership ininformation technology. Our continued leadership and prosperityin the global economy may well hinge on our national commitmentto act as leaders in bringing integrity and responsibility --information assurance -- to the global information environment wehave helped to create. The administration has sent a clearmessage via PDD-63 that the time to act is now, and the NSA iswell-positioned and ready to support the charge with ourtechnical know-how. Information superiority in the InformationAge is a clear national imperative.U.S. Foreign PolicyAgendaUSIA Electronic Journal, Vol. 3, No. 4, November1998Sorry, you need a JavaScript capable browser to get the best from this page |
|
