20.07.2013 Views

computing lives - FTP Directory Listing

computing lives - FTP Directory Listing

computing lives - FTP Directory Listing

SHOW MORE
SHOW LESS

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

A<br />

Computer Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M S BE<br />

aG<br />

F<br />

92<br />

COMPUTER<br />

SECURITY<br />

An example of a presumption in<br />

this context is: “If a tracked object<br />

enters a restricted airspace, then<br />

assign a weapon to that object and<br />

engage.” An instance of engaging<br />

the human operator would occur if,<br />

for example, the US were to have a<br />

chance to intercept missiles over<br />

another country. In this case, intercepting<br />

the missiles would be lawful<br />

but the potential consequences—<br />

such as residual debris from the<br />

missiles’ chemical, nuclear, or biological<br />

payloads landing on the other<br />

country’s territory—would need to be<br />

weighed against the risk of the missiles<br />

reaching their targets.<br />

Other aspects of preparedness<br />

could be incorporated into cyber<br />

C2/BM systems, such as a brokering<br />

capability to facilitate controlled dissemination<br />

of information among<br />

cyberoperators from different<br />

administrative domains who are collaborating<br />

in an ad hoc but formal<br />

coalition, or persistent operations to<br />

defend assets through their combined<br />

cyberwarfare resources.<br />

For example, a legal advisor might<br />

need to subscribe to certain data<br />

feeds to pull together the information<br />

required to make a legal determination,<br />

but he or she might not have a<br />

need to know about where the data<br />

originated or related information.<br />

That is, the brokering capability provides<br />

a means for enabling the sharing<br />

of information by protecting the anonymity<br />

of the information sources<br />

and their methods of collection, only<br />

sharing what cyberoperators playing<br />

particular roles are entitled to access.<br />

Such an information-sharing capability<br />

would have been useful to the<br />

informal assembly of private- and<br />

public-sector organizations that came<br />

to the aid of Estonia in 2007.<br />

Systems have become increasingly<br />

interconnected through trends such<br />

as the adoption of cloud <strong>computing</strong><br />

and the creation of systems of systems.<br />

These compositions provide<br />

one or more value-added capabilities<br />

that none of the individual systems<br />

can deliver on their own. Preparedness<br />

for cyberattacks will entail<br />

cooperation between the many stakeholders<br />

in these systems, even with<br />

sound mechanisms for containment<br />

of behavior between systems.<br />

Efforts at achieving cyberpreparedness,<br />

such as that by NIST, are<br />

a step in the right direction, as the<br />

NIST report on the smart grid shows:<br />

Some of the responses [to cyber<br />

attacks] must be autonomic—timely<br />

response is a critical requirement for<br />

grid reliability. However, for a quick<br />

response to treat the symptom locally<br />

and effectively, the scope and extent<br />

of the impact of the failure needs to be<br />

quickly determined. Not all responses<br />

are autonomic however. New research<br />

is needed to measure and identify<br />

the scope of a cyber attack and the<br />

dynamic cyber threat response options<br />

available in a way that can serve as a<br />

decision support tool for the human<br />

operators.<br />

We believe that our<br />

research is on target<br />

regarding support for<br />

cyber command-and-control understanding,<br />

planning, and decision<br />

activities. Preparation must include<br />

provision of integrated full-spectrum<br />

capabilities in cyber C2/BM systems<br />

along with specialized dynamic virtual<br />

cells like the proposed legal cell<br />

enabling collaboration among cyberoperators<br />

proactively.<br />

James Bret Michael is a professor in<br />

the Department of Computer Science<br />

and a member of the Center for Cyber<br />

Warfare at the Naval Postgraduate<br />

School. Contact him at bmichael@<br />

nps.edu.<br />

_____<br />

John F. Sarkesain is a senior engineer<br />

with the Aerospace Corporation. Contact<br />

him at john.f.sarkesain@aero.org.<br />

Thomas C. Wing eld is a professor<br />

at the George C. Marshall European<br />

Center for Security Studies. Contact<br />

him at ____________________<br />

thomas.c.wing eld@marshallcenter.org.<br />

_______<br />

Georgios Dementis is a lieutenant<br />

in the Hellenic Navy. Contact him at<br />

ydementis@gmail.com.<br />

_______________<br />

Gonçalo Nuno Baptista de Sousa is<br />

a lieutenant in the Portuguese Navy.<br />

Contact him at _______________<br />

goncalobsousa@gmail.<br />

___ com.<br />

Editor: Jeffrey Voas, National Institute<br />

of Standards and Technology;<br />

j.voas@ieee.org<br />

_________<br />

________<br />

_________________<br />

Disclaimer<br />

The views and conclusions<br />

contained herein are those<br />

of the authors and should not<br />

be interpreted as necessarily<br />

representing the official policies<br />

or endorsements of the US<br />

Government.<br />

A<br />

Computer Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M S BE<br />

aG<br />

F

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!