computing lives - FTP Directory Listing
computing lives - FTP Directory Listing
computing lives - FTP Directory Listing
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
A<br />
Computer Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M S BE<br />
aG<br />
F<br />
92<br />
COMPUTER<br />
SECURITY<br />
An example of a presumption in<br />
this context is: “If a tracked object<br />
enters a restricted airspace, then<br />
assign a weapon to that object and<br />
engage.” An instance of engaging<br />
the human operator would occur if,<br />
for example, the US were to have a<br />
chance to intercept missiles over<br />
another country. In this case, intercepting<br />
the missiles would be lawful<br />
but the potential consequences—<br />
such as residual debris from the<br />
missiles’ chemical, nuclear, or biological<br />
payloads landing on the other<br />
country’s territory—would need to be<br />
weighed against the risk of the missiles<br />
reaching their targets.<br />
Other aspects of preparedness<br />
could be incorporated into cyber<br />
C2/BM systems, such as a brokering<br />
capability to facilitate controlled dissemination<br />
of information among<br />
cyberoperators from different<br />
administrative domains who are collaborating<br />
in an ad hoc but formal<br />
coalition, or persistent operations to<br />
defend assets through their combined<br />
cyberwarfare resources.<br />
For example, a legal advisor might<br />
need to subscribe to certain data<br />
feeds to pull together the information<br />
required to make a legal determination,<br />
but he or she might not have a<br />
need to know about where the data<br />
originated or related information.<br />
That is, the brokering capability provides<br />
a means for enabling the sharing<br />
of information by protecting the anonymity<br />
of the information sources<br />
and their methods of collection, only<br />
sharing what cyberoperators playing<br />
particular roles are entitled to access.<br />
Such an information-sharing capability<br />
would have been useful to the<br />
informal assembly of private- and<br />
public-sector organizations that came<br />
to the aid of Estonia in 2007.<br />
Systems have become increasingly<br />
interconnected through trends such<br />
as the adoption of cloud <strong>computing</strong><br />
and the creation of systems of systems.<br />
These compositions provide<br />
one or more value-added capabilities<br />
that none of the individual systems<br />
can deliver on their own. Preparedness<br />
for cyberattacks will entail<br />
cooperation between the many stakeholders<br />
in these systems, even with<br />
sound mechanisms for containment<br />
of behavior between systems.<br />
Efforts at achieving cyberpreparedness,<br />
such as that by NIST, are<br />
a step in the right direction, as the<br />
NIST report on the smart grid shows:<br />
Some of the responses [to cyber<br />
attacks] must be autonomic—timely<br />
response is a critical requirement for<br />
grid reliability. However, for a quick<br />
response to treat the symptom locally<br />
and effectively, the scope and extent<br />
of the impact of the failure needs to be<br />
quickly determined. Not all responses<br />
are autonomic however. New research<br />
is needed to measure and identify<br />
the scope of a cyber attack and the<br />
dynamic cyber threat response options<br />
available in a way that can serve as a<br />
decision support tool for the human<br />
operators.<br />
We believe that our<br />
research is on target<br />
regarding support for<br />
cyber command-and-control understanding,<br />
planning, and decision<br />
activities. Preparation must include<br />
provision of integrated full-spectrum<br />
capabilities in cyber C2/BM systems<br />
along with specialized dynamic virtual<br />
cells like the proposed legal cell<br />
enabling collaboration among cyberoperators<br />
proactively.<br />
James Bret Michael is a professor in<br />
the Department of Computer Science<br />
and a member of the Center for Cyber<br />
Warfare at the Naval Postgraduate<br />
School. Contact him at bmichael@<br />
nps.edu.<br />
_____<br />
John F. Sarkesain is a senior engineer<br />
with the Aerospace Corporation. Contact<br />
him at john.f.sarkesain@aero.org.<br />
Thomas C. Wing eld is a professor<br />
at the George C. Marshall European<br />
Center for Security Studies. Contact<br />
him at ____________________<br />
thomas.c.wing eld@marshallcenter.org.<br />
_______<br />
Georgios Dementis is a lieutenant<br />
in the Hellenic Navy. Contact him at<br />
ydementis@gmail.com.<br />
_______________<br />
Gonçalo Nuno Baptista de Sousa is<br />
a lieutenant in the Portuguese Navy.<br />
Contact him at _______________<br />
goncalobsousa@gmail.<br />
___ com.<br />
Editor: Jeffrey Voas, National Institute<br />
of Standards and Technology;<br />
j.voas@ieee.org<br />
_________<br />
________<br />
_________________<br />
Disclaimer<br />
The views and conclusions<br />
contained herein are those<br />
of the authors and should not<br />
be interpreted as necessarily<br />
representing the official policies<br />
or endorsements of the US<br />
Government.<br />
A<br />
Computer Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M S BE<br />
aG<br />
F