Document Information
Securing the U.S. Defense Information Infrastructure
A Proposed Approach
It is widely believed, and increasingly documented, that the United States is vulnerable to various types of information warfare attacks. Threats range from nuisance attacks by hackers to those potentially putting national security at risk. The latter might include attacks on essential U.S. information systems in a major regional crisis or theater war. The purpose might be to deter (or coerce) a U.S. intervention, to degrade U.S. power projection capabilities, to punish the United States or its allies, or to undermine the support of the American public for the conflict. Critical command-and-control and intelligence systems are designed to be robust and secure under attack. However, their survivability cannot be taken for granted, and they depend on a diverse, primarily civilian and commercial, information infrastructure (consisting of the Internet and the public telephone network, among other elements). As the diversity and potential seriousness of threats to the U.S. information infrastructure have become apparent, national-security planners and analysts have begun to think of ways to counter such threats--to increase the infrastructure's availability for essential functions. The authors analyze the concept of a minimum essential information infrastructure (MEII) in light of the characteristics of the national information infrastructure and the nature of the threat. They suggest that it is useful to think of the MEII as a process rather than a hardened stand-alone structure, and they provide a methodology and a tool to support the implementation of that process by military units and other organizations.
Support RAND Research — Buy This Product!
Paperback Cover Price: $35.00
Discounted Web Price: $31.50
Pages: 188
ISBN/EAN: 0-8330-2713-1
Contents
Preface PDF
Figures PDF
Tables PDF
Summary PDF
Acknowledgments PDF
Acronyms and Abbreviations PDF
Glossary PDF
Chapter One:
Introduction PDF
Chapter Two:
The Information Warfare Threat and the Meii Response PDF
Chapter Three:
Vulnerabilities PDF
Chapter Four:
Responsive Security Techniques PDF
Chapter Five:
Identifying Security Techniques PDF
Chapter Six:
Distribution of Research Effort PDF
Chapter Seven:
Recommendations PDF
Appendix A:
Historical Note on the U.S. Minimum Essential Emergency Communications Network (Meecn) PDF
Appendix B:
How Threats Relevant to an Meii Differ from Hacker Nuisance Attacks PDF
Appendix C:
Biological Analogies for Information System Survivability PDF
Appendix D:
Prioritization in Information Systems PDF
Appendix E:
On Deception PDF
Appendix F:
Mapping Security Solution Techniques to Vulnerabilities PDF
Appendix G:
Information Assurance Research Projects Examined PDF
References PDF
The monograph/report was a product of the RAND Corporation from 1993 to 2003. RAND monograph/reports presented major research findings that addressed the challenges facing the public and private sectors. They included executive summaries, technical documentation, and synthesis pieces.
Permission is given to duplicate this electronic document for personal use only, as long as it is unaltered and complete. Copies may not be duplicated for commercial purposes. Unauthorized posting of RAND PDFs to a non-RAND Web site is prohibited. RAND PDFs are protected under copyright law. For information on reprint and linking permissions, please visit the RAND Permissions page.
The RAND Corporation is a nonprofit research organization providing objective analysis and effective solutions that address the challenges facing the public and private sectors around the world. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.
* RAND research is conducted across divisions, centers, and projects; these organizational components are represented in the "Related RAND Divisions" section above.
Top
RAND® is a registered trademark. Copyright © 1994-2009 RAND Corporation. Last Modified: December 07, 2007 