The strategies for critical cyber infrastructure (CCI) protection by enhancing software assurance

Mecealus Cronkrite, John Szydlik, Joon Park

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Modern organizations are becoming more reliant on complex, interdependent, integrated information systems. Key national industries are the critical infrastructure (CI) and include telecommunications, energy, healthcare, agriculture, and transportation. These CI industries are becoming more dependent on a critical cyber infrastructure (CCI) of computer information systems and networks, which are vital to the continuity of the economy. Organized attackers are increasing in number and power with more powerful computing resources that increasingly threaten CCI software systems. The motivations for attacks range from terrorism, fraud, identity theft, espionage, and political activism. Government and industry research have found that most cyber attacks exploited known vulnerabilities and common software programming errors. Software publisher vendors have been unable to agree or implement a secure coding standard for two main reasons. The on-technical consumer is ill informed to demand secure quality products. These current conditions perpetuate preventable risk. As a result, software vendors do not implement security unless specifically required by the customer, leaving many systems full of gaps. Since most of exploited vulnerabilities are preventable, the implementation of a minimum level of software quality is one of the key countermeasures for protecting the critical information infrastructure. Government and industry can improve the resilience of the CI in an increasingly interdependent network of information systems by protecting the CCI with stronger software assurance practices and policies and strengthening product liability laws and fines for non-compliance. In this paper we discuss the increasing software and market risks to CCI and address the strategies to protect the CCI through enhancing software assurance practices and policies.

Original languageEnglish (US)
Title of host publication6th International Conference on Information Warfare and Security, ICIW 2011
PublisherCurran Associates Inc.
Pages68-75
Number of pages8
ISBN (Print)9781622766758
StatePublished - Jan 1 2011
Event6th International Conference on Information Warfare and Security, ICIW 2011 - Washington, DC, United States
Duration: Mar 17 2011Mar 18 2011

Publication series

Name6th International Conference on Information Warfare and Security, ICIW 2011

Other

Other6th International Conference on Information Warfare and Security, ICIW 2011
CountryUnited States
CityWashington, DC
Period3/17/113/18/11

    Fingerprint

Keywords

  • Critical cyber infrastructure
  • Secure programming quality
  • Software assurance

ASJC Scopus subject areas

  • Information Systems
  • Safety, Risk, Reliability and Quality

Cite this

Cronkrite, M., Szydlik, J., & Park, J. (2011). The strategies for critical cyber infrastructure (CCI) protection by enhancing software assurance. In 6th International Conference on Information Warfare and Security, ICIW 2011 (pp. 68-75). (6th International Conference on Information Warfare and Security, ICIW 2011). Curran Associates Inc..