Can Critical Information Infrastructure Protection be Achieved With Untested Software?

Citizens of modern societies need access to information infrastructures that are reliable, secure, non-interruptible, and fault-tolerant. In October of 1997, President Clinton’s Commission on Critical Infrastructure Protection (PCCIP) announced that the United States’s infrastructure, which is responsible for relaying information and communications, is vulnerable to information warfare attacks [2]. The commission found that while the resources needed to conduct a physical attack against the infrastructure have not changed dramatically, the resources necessary to launch a comparable scale attack via information warfare are commonplace. They simply consist of a personal computer and Internet connection. Furthermore, the ubiquity of Internet access and the plethora of “hacker” tools and recipe attacks on “underground” Internet sites have significantly reduced the barriers to launching effective attacks against critical systems. With roughly 95% of Defense Department communications relying on commercial infrastructure, the US government finds itself as a major stakeholder in the security of commercial systems [1]. Financial organizations are also heavily dependent. Wholesale payment systems such as the Federal Reserve’s FedWire and automated clearing houses move trillions of dollars over electronic networks daily [3]. Further, as societies transition to paper-less commerce, individual privacy is threatened with each transaction. Software is at the heart of modern information and communication infrastructures. Trust in the integrity of the infrastructure requires a high degree of trust in the underlying software. Software trust, however, has increasingly become a disappearing commodity. We are bombarded daily with news stories of incidents that can be tied directly to defective software. Software trust is a “quality” issue. Software users must trust that the software meets their requirements, is available, reliable, secure, and robust. When a particular software system has these properties, most would agree that the software is of “high quality.” But honestly, how many systems in use today have all of these charactistics? In this column, I will argue that a research initiative focused on testing “systems of systems” must occur if we expect to achieve a comfortable level of infrastructure protection. In fact, in 1992, Clarke and Osterweil called for a similar initiative (except that their reasoning at that time was different than infrastructure protection and did not focus on “systems of systems”). They