| Creating Trust In Critical Network
Infrastructures |
|
The use of electronic communications and the related
issues of security are not new. However, as
the Internet and other info-communication
networks become an ever-increasing part of our
daily lives, so does our dependency upon their underlying infrastructure.
Unfortunately, as our dependency has grown, so have hostile
attacks on infrastructure by network predators. Newly discovered
forms of attacks, the availability and wide distribution
of attack tools, as well as the flaws in common desktop software
have resulted in networks becoming increasingly vulnerable.
Simple viruses are argued to have cost billions of dollars
worldwide in lost productivity. Sophisticated distributed denial
of service attacks on the Internet are on the rise.
Yet security schemes based solely on preventive measures or
constant patching of software appear inherently fragile. Indeed,
it is a kind of arms race where the attackers have most of
the advantages. Defenders need to defend against all possible
attacks while an attacker only needs to find a single
exploitable weakness.
In the rush to move much of what we do in the real world onto
info-communications networks, the implications of
failure of our critical network
infrastructures are not at all well understood. What
exactly do we mean by critical network infrastructures? Is there
anything about the architecture of the Internet that makes it
more or less vulnerable when compared to other info-communication
networks? Where are the weak links? If
vulnerabilities continue to emerge, what are
the costs in terms of users' loss of confidence? How
do we increase global awareness of the issues? Do we need active
global security monitoring? Is securing network
infrastructure a technology or policy problem
- or a combination of both? Do we need an
integrated risk management strategy involving prevention, detection,
monitoring and response? If so, what are the respective roles of
the private sector and government? In a world
of intertwined global networks, is there a
need for a coordinated, sustained and institutionalized approach
to protecting critical network infrastructure?
The
definition of critical infrastructure is dependent on the context
within which it is used. For the purpose of the ITU
workshop, network infrastructures were identified as those
networks, public or private, capable of transporting large
quantities of data across international boundaries. Critical network
infrastructures are those networks which carry information relevant
to national security and safety or information of high financial
value. The scope of the workshop was focused on these
underlying infrastructures, their security, their availability and
the public’s trust in them. Questions
raised during the workshop ranged from such topics as the
definition of terms of reference with regard to critical network
infrastructures, the need for a global, international approach to
the dissemination of information regarding the security of critical
network infrastructures and ways to stimulate international and
regional cooperation with respect to critical network
infrastructure. The workshop also examined the role of regional
and international organizations.
|
|
|
ITU
organized a
New Initiatives workshop on the subject of network
security from 20 to 22 May 2002. The meeting was hosted in Seoul
by
the Government of the Republic of Korea.
