Protecting
computers from unwanted intrusion or destruction was once the largely esoteric
province of computer scientists, mid-level IT managers, and the occasional
policy wonk. Now, suddenly, cybersecurity is on the lips of senior government
officials, high-level corporate executives, and even casual computer users who
hadn’t a clue what it was six months ago.
Cybersecurity encompasses most of the domain of computer communications
technology and management. To protect a cyber infrastructure you must protect
each building block. For example, it does little good to protect the computer
system hardware and software if untrusted operators and programmers can make
compromising changes. Every facet must be examined and protected. These include
physical locations, computer
hardware, networking, operating systems, applications,
and management practices.The Internet belongs to everybody and nobody,
making it especially difficult to secure. Indeed, the embarrassing truth is that
the buyers of computer systems have been unwilling to pay extra for security
even for their own systems, and thus have dispensed with devices that foster
trusted, secure environments.
Not
all secure systems proposals are without controversy, most notably the trusted
computer platform alliance (TCPA), an effort to create a foundation for a secure
trusted hardware environment undertaken by 180 leading hardware and software
vendors. The TCPA is an important first step, and much of its work comes from a
simple observation that only a secure computer system can securely host
software, that
protects and controls the intellectual information that flows increasingly
through computer systems.
Much
of the controversy comes from some TCPA vendors’ support for digital rights
management systems governing the use of digital media such as books, software,
movies, and music, and for the reciprocal support that large media trade groups
have given the TCPA. Many believe that a such systems will severely impact
traditional fair uses of copyrighted information, and that they would spell the
death of open software and be used to protect and limit the use of certain
commercial software products.
So
the hazy debate forming about this area ends up sounding like a choice between
no secure computer systems and the potential damage to our established copyright
mechanisms and freedom of speech. What we need is a discussion within the
community of how to have both.
At HICSS-36 Professor Farber examined this complex set of issues and
defined a path that can give us both.
David
Farber is
considered by many to be the grandfather of the Internet. Currently Chief
Technologist of the Federal Communications Commission, Dr. Farber also is the
Alfred Fitler Moore Professor of Telecommunications Systems at the University of
Pennsylvania and a visiting professor at Carnegie Mellon University this year. He was responsible for the design of the DCS system, one of
the first operational message-based fully distributed systems and is one of the
authors of the SNOBOL programming language.
He was one of the principals in the creation and implementation of CSNet,
NSFNet, NITNET II, and CREN, and was instrumental in the creation of the NSF/DARPA
funded Gigabit Network Testbed Initiative and served as the Chairman of the
Gigabit Testbed Coordinating Committee.
Dr. Farber has held positions at Bell Labs, the Rand Corp, Xerox Data Systems,
UC Irvine and the University of Delaware. He
is a member of the US Presidential Advisory Committee of Information Technology,
a Fellow of the IEEE, and he serves on the Board of Directors of both the
Electronic Frontier Foundation and the Internet Society.
Dr. Farber is a ten-year alumnus of the Computer Science and
Telecommunications Board (CSTB) of the US National Research Council, and is a
Fellow of the Japan Glocom Institute and of the Cyberlaw Institute.
He is founder and editor of the influential network newspaper,
Interesting People.
http://www.cis.upenn.edu/~farber/