TY - GEN
T1 - The strategies for critical cyber infrastructure (CCI) protection by enhancing software assurance
AU - Cronkrite, Mecealus
AU - Szydlik, John
AU - Park, Joon
PY - 2011
Y1 - 2011
N2 - Modern organizations are becoming more reliant on complex, interdependent, integrated information systems. Key national industries are the critical infrastructure (CI) and include telecommunications, energy, healthcare, agriculture, and transportation. These CI industries are becoming more dependent on a critical cyber infrastructure (CCI) of computer information systems and networks, which are vital to the continuity of the economy. Organized attackers are increasing in number and power with more powerful computing resources that increasingly threaten CCI software systems. The motivations for attacks range from terrorism, fraud, identity theft, espionage, and political activism. Government and industry research have found that most cyber attacks exploited known vulnerabilities and common software programming errors. Software publisher vendors have been unable to agree or implement a secure coding standard for two main reasons. The on-technical consumer is ill informed to demand secure quality products. These current conditions perpetuate preventable risk. As a result, software vendors do not implement security unless specifically required by the customer, leaving many systems full of gaps. Since most of exploited vulnerabilities are preventable, the implementation of a minimum level of software quality is one of the key countermeasures for protecting the critical information infrastructure. Government and industry can improve the resilience of the CI in an increasingly interdependent network of information systems by protecting the CCI with stronger software assurance practices and policies and strengthening product liability laws and fines for non-compliance. In this paper we discuss the increasing software and market risks to CCI and address the strategies to protect the CCI through enhancing software assurance practices and policies.
AB - Modern organizations are becoming more reliant on complex, interdependent, integrated information systems. Key national industries are the critical infrastructure (CI) and include telecommunications, energy, healthcare, agriculture, and transportation. These CI industries are becoming more dependent on a critical cyber infrastructure (CCI) of computer information systems and networks, which are vital to the continuity of the economy. Organized attackers are increasing in number and power with more powerful computing resources that increasingly threaten CCI software systems. The motivations for attacks range from terrorism, fraud, identity theft, espionage, and political activism. Government and industry research have found that most cyber attacks exploited known vulnerabilities and common software programming errors. Software publisher vendors have been unable to agree or implement a secure coding standard for two main reasons. The on-technical consumer is ill informed to demand secure quality products. These current conditions perpetuate preventable risk. As a result, software vendors do not implement security unless specifically required by the customer, leaving many systems full of gaps. Since most of exploited vulnerabilities are preventable, the implementation of a minimum level of software quality is one of the key countermeasures for protecting the critical information infrastructure. Government and industry can improve the resilience of the CI in an increasingly interdependent network of information systems by protecting the CCI with stronger software assurance practices and policies and strengthening product liability laws and fines for non-compliance. In this paper we discuss the increasing software and market risks to CCI and address the strategies to protect the CCI through enhancing software assurance practices and policies.
KW - Critical cyber infrastructure
KW - Secure programming quality
KW - Software assurance
UR - http://www.scopus.com/inward/record.url?scp=84893087969&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84893087969&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:84893087969
SN - 9781622766758
T3 - 6th International Conference on Information Warfare and Security, ICIW 2011
SP - 68
EP - 75
BT - 6th International Conference on Information Warfare and Security, ICIW 2011
PB - Academic Conferences Ltd
T2 - 6th International Conference on Information Warfare and Security, ICIW 2011
Y2 - 17 March 2011 through 18 March 2011
ER -