Stronger than the weakest link

by Scott Bradner

It is an old maxim that a chain is only as strong as its weakest link. This assumption has long guided the understanding of computer and network security. But this and a number of long held assumptions are challenged by a recent publication done at the behest of the US federal government.

The National Research Council (NRC) has published the results of another one of its ongoing series of panels looking into various aspects of our changing technical world. The NRC was organized by the National Academy of Sciences (NAS) in 1916 to be a vehicle to fulfill NAS's mandate to advise the federal government on scientific and technical matters. This volume, titled "Trust in cyberspace" (ISBN 0-309-06558-5), is the output of a 14 member committee which started meeting in June of 1996. The committee was appointed by the NRC in response to a request from the Defense Advanced Research Agency and the National Security Agency. This study was designed, in the words of the report, "to assess the nature of information systems trustworthiness and the prospects for technology that will increase trustworthiness." For the fiscally challenged the NRC has also put this report on the web at http://www.nap.edu/readingroom/books/trust/.

The report notes: "It is easy to build a system that is less trustworthy than its least trustworthy component. The challenge is to do better: to build systems that are more trustworthy than even their most trustworthy components." It then proceeds to provide some general guidelines on ways to amplify system reliability and security. Although there are a number of chapters, such as the "Trustworthy Systems from Untrustworthy Components" one mentioned above, in this report that are quite valuable in their own right, the mission of NRC committees is to provide specific recommendations for government action especially in the area of government funded research.

The committee investigated not only the effect of malicious attacks by people who want to disrupt network operation but also of the accidental misconfiguration of network components and the impact of environmental factors such as fibertropic backhoes.

The conclusions and research recommendations section of this report does not present all that reassuring a picture. The current national network infrastructure, comprising both the public telephone network and the Internet, are not well positioned for security and reliability.

The report points out a number of areas of vulnerability and makes a number of specific recommendations for research that would help to enable the creation of more secure and reliable networks in the future.

There is a possibility that networks in the future can be made more reliable and secure than what we are currently dealing with. But if that happens it will be in spite of the market forces that are reshaping our telecommunications world and not because of them and it could be because of the research recommended in this report.

disclaimer: Harvard's relationship to market forces is tenuous so the above must be my observations.