Personal privacy and national security in the 21st century both depend on protecting a set of systems that didn’t even exist until late in the 20th — the electronic web of information-sharing known as cyberspace.
Why is cyberspace security is important?
Electronic computing and communication pose some of the most complex challenges engineering has ever faced. They range from protecting the confidentiality and integrity of transmitted information and deterring identity theft to preventing the scenario recently dramatized in the Bruce Willis movie "Live Free or Die Hard," in which hackers take down the transportation system, then communications, and finally the power grid.
As that movie depicted, networks of electronic information flow are now embedded in nearly every aspect of modern life. From controlling traffic lights to routing airplanes, computer systems govern virtually every form of transportation. Radio and TV signals, cell phones, and (obviously) e-mail all provide vivid examples of how communication depends on computers — not only in daily life, but also for military, financial, and emergency services. Utility systems providing electricity, gas, and water can be crippled by cyberspace disruptions. Attacks on any of these networks would potentially have disastrous consequences for individuals and for society.
In fact, serious breaches of cyber security in financial and military computer systems have already occurred. Identity theft is a burgeoning problem. Viruses and other cyber-attacks plague computers small and large and disrupt commerce and communication on the Internet.
Why are the engineering solution for securing cyberspace?
Historically, the usual approach to computer protection has been what is called “perimeter defense.” It is implemented by placing routers and “firewalls” at the entry point of a sub-network to block access from outside attackers. Cyber security experts know well that the perimeter defense approach doesn’t work. All such defenses can eventually be penetrated or bypassed. And even without such
breaches, systems can be compromised, as when flooding Web sites with bogus requests will cause servers to crash in what is referred to as a “denial of service” attack or when bad guys are already inside the perimeter.
The problems are currently more obvious than the potential solutions. It is clear that engineering needs to develop innovations for addressing a long list of cyber security priorities. For one, better approaches are needed to authenticate hardware, software, and data in computer systems and to verify user identities. Biometric technologies, such as fingerprint readers, may be one step in that direction.
A critical challenge is engineering more secure software. One way to do this may be through better programming languages that have security protection built into the ways programs are written. And technology is needed that would be able to detect vulnerable features before software is installed, rather then waiting for an attack after it is put into use.
Another challenge is providing better security for data flowing over various routes on the Internet so that the information cannot be diverted, monitored, or altered. Current protocols for directing data traffic on the Internet can be exploited to make messages appear to come from someplace other than their true origin.
All engineering approaches to achieving security must be accompanied by methods of monitoring and quickly detecting any security compromises. And then once problems are detected, technologies for taking countermeasures and for repair and recovery must be in place as well. Part of that process should be new forensics for finding and catching criminals who commit cybercrime or cyberterrorism.
Finally, engineers must recognize that a cybersecurity system’s success depends on understanding the safety of the whole system, not merely protecting its individual parts. Consequently cybercrime and cyberterrorism must be fought on the personal, social, and political fronts as well as the electronic front.