Securing the U.S. Defense Information Infrastructure
A Proposed Approach
Download eBook for Free
|PDF file||0.4 MB||
Use Adobe Acrobat Reader version 10 or higher for the best experience.
Purchase Print Copy
|Add to Cart||Paperback188 pages||$35.00||$28.00 20% Web Discount|
It is widely believed, and increasingly documented, that the United States is vulnerable to various types of information warfare attacks. Threats range from nuisance attacks by hackers to those potentially putting national security at risk. The latter might include attacks on essential U.S. information systems in a major regional crisis or theater war. The purpose might be to deter (or coerce) a U.S. intervention, to degrade U.S. power projection capabilities, to punish the United States or its allies, or to undermine the support of the American public for the conflict. Critical command-and-control and intelligence systems are designed to be robust and secure under attack. However, their survivability cannot be taken for granted, and they depend on a diverse, primarily civilian and commercial, information infrastructure (consisting of the Internet and the public telephone network, among other elements). As the diversity and potential seriousness of threats to the U.S. information infrastructure have become apparent, national-security planners and analysts have begun to think of ways to counter such threats — to increase the infrastructure's availability for essential functions. The authors analyze the concept of a minimum essential information infrastructure (MEII) in light of the characteristics of the national information infrastructure and the nature of the threat. They suggest that it is useful to think of the MEII as a process rather than a hardened stand-alone structure, and they provide a methodology and a tool to support the implementation of that process by military units and other organizations.
Table of Contents
The Information Warfare Threat and the MEII Response
Responsive Security Techniques
Identifying Security Techniques
Distribution of Research Effort
Historical Note on the U.S. Minimum Essential Emergency Communications Network (MEECN)
How Threats Relevant to an MEII Differ from Hacker Nuisance Attacks
Biological Analogies for Information System Survivability
Prioritization in Information Systems
Mapping Security Solution Techniques to Vulnerabilities
Information Assurance Research Projects Examined
Research conducted by
The research described in this report was sponsored by the Office of the Secretary of Defense (OSD), by the National Security Agency, and by the Defense Advanced Research Projects Agency. The research was conducted in RAND's National Defense Research Institute, a federally funded research and development center supported by the OSD, the Joint Staff, the unified commands, and the defense agencies.
This report is part of the RAND Corporation Monograph report series. The monograph/report was a product of the RAND Corporation from 1993 to 2003. RAND monograph/reports presented major research findings that addressed the challenges facing the public and private sectors. They included executive summaries, technical documentation, and synthesis pieces.
This document and trademark(s) contained herein are protected by law. This representation of RAND intellectual property is provided for noncommercial use only. Unauthorized posting of this publication online is prohibited; linking directly to this product page is encouraged. Permission is required from RAND to reproduce, or reuse in another form, any of its research documents for commercial purposes. For information on reprint and reuse permissions, please visit www.rand.org/pubs/permissions.
The RAND Corporation is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.