Vulnerabilities, Threats, and Risks
- The existing information infrastructures are riddled with vulnerabilities, including hardware and software unreliability and system unavailability. Examples include the nationwide 1990 AT&T long-distance collapse and many recent outages and saturations of Internet service providers. Further cases are anticipated in the many computer systems that are expected to break in the Year 2000 because of two-digit date fields. Serious security flaws are also abundant in computer systems, networks, Web software, programming languages, and have been widely reported. The extent of the risks is still not widely recognized, and preventive measures have been very slow to develop. Indeed, we are in all likelihood not even aware of many still unidentified vulnerabilities, and new vulnerabilities are continually being introduced. Future disasters may exploit vulnerabilities we do not know about.
- There are many realistic threats to the information infrastructures, including malicious insiders and intruders, terrorists, saboteurs, and just plain incompetent administrative and operational staff. These threats may come from corporate and national interests as well as individuals --- in addition to effects of the environment, natural phenomena, accidental interference, and so on. Malicious attacks may come from anywhere in the world, via dial-up lines and network connections, often anonymously. The list of threats is long and multidimensional (and discussed in the PCCIP report). Consequently, it is not possible to predict which threats will be exploited, and under what circumstances.
- Thus far, there have been relatively few truly serious malicious attacks on computer systems and networking (for example, see Reference 10, which includes analysis of the Rome Lab case), although such activities from both insiders and outsiders appear to be increasing, particularly in financial systems (such as the $588 million Japanese Pachinko frauds and the Citibank case). There have been numerous cases of more than mere nuisance value (for example, the hacking of Web sites of the Justice Department, CIA, US Air Force, and NASA), including many denials of service (for example, flooding attacks that have disabled entire networks). There have also been penetration studies that have constructively demonstrated the extent of the vulnerabilities, without malicious intent (such as the 1988 Internet Worm and numerous analyses and demonstrations of flaws in Web browsers, servers, protocols, algorithms, and encryption schemes). It is good that we have so many friendly participants in this struggle to increase dependability. Perhaps because there have been no devastating attacks, concern is less than it should be --- considering the magnitude of the potential risks. However, the rapid acceleration of electronic commerce can be expected to inspire some ingenious massive frauds that systematically exploit various major vulnerabilities on the information infrastructure --- which could be a goldmine for organized crime.
- In many cases, system collapses attributable to reliability problems could also have been triggered maliciously, because of corresponding security vulnerabilities.
Dec 6th, 2014
Oct 23rd, 2016
Mark as Final Answer
Unmark as Final Answer
Content will be erased after question is completed.