| Title Page and Notice |
i |
| National Academies Statement |
iii |
| Committee |
iv |
| Preface |
v |
| Acknowledgment of Reviewers |
vii |
|
| 1 |
CYBERSECURITY TODAY AND TOMORROW |
1 |
| |
Background and Introduction |
1 |
| |
The Nature of Cyberthreats |
2 |
| |
Causes of System and Network Problems |
3 |
| |
The Harm from Breaches of Cybersecurity |
6 |
| |
What Do We Know About Cybersecurity? |
7 |
| |
|
General Observations |
7 |
| |
|
Management |
8 |
| |
|
Operational Considerations |
10 |
| |
|
Design and Architectural Considerations |
11 |
| |
What Can Be Done? |
12 |
| |
|
Individual Organizations |
13 |
| |
|
Vendors of Computer Systems |
13 |
| |
|
Policy Makers |
14 |
|
| 2 |
EXCERPTS FROM EARLIER CSTB REPORTS |
17 |
| |
Computers at Risk: Safe Computing in the Information Age (1991) |
18 |
| |
|
The Cybersecurity Challenge |
18 |
| |
|
Fundamentals of Cybersecurity |
18 |
| |
|
The Security Experience: Vulnerability, Threat, and Countermeasure |
20 |
| |
|
The Asymmetry Between Offense and Defense |
20 |
| |
|
Confidence in Countermeasures |
21 |
| |
|
On Network Vulnerabilities |
21 |
| |
|
Market Influences on Cybersecurity |
22 |
| |
|
Nontechnical Dimensions of Cybersecurity |
22 |
| |
Realizing the Potential of C4I: Fundamental Challenges (1999) |
24 |
| |
|
On What a Defense Must Do |
24 |
| |
|
On Practice in the Field |
31 |
| |
Trust in Cyberspace (1999) |
33 |
| |
|
Cybersecurity and Other Trustworthiness Qualities Interact |
33 |
| |
|
On Managing Risk |
33 |
| |
|
Vulnerabilities in the Public Telephone Network and the Internet |
35 |
| |
|
On Building Secure Systems and Networks |
36 |
| |
|
On the Impact of System Homogeneity ("Monoculture") |
37 |
|
| WHAT IS CSTB? |
39 |
