|
|
|
 mess@ge home
Table of
contents |
Internet security and critical infrastructures
One of the enabling elements to create an information society in Europe is fast and secure Internet. The security of electronic networks and information systems is a critical issue for the use of new technologies in all fields of life, and in particular in e-commerce. It is a prerequisite for building confidence in users. Internet and network infrastructure The definition of network infrastructure is dependent on the context in which it is used. A network infrastructure can be identified as a public or private network that carries information of high financial value or information relevant to national security and safety. Network infrastructure can also be defined physically as the whole network or a part of the network that exchanges information of high significance. For example, if the objective of the network itself is to exchange confidential information among nations, the whole network itself can be defined as a network infrastructure. However, in the case of the Internet, it is appropriate to define pertinent parts as network infrastructures, because its objective is to simultaneously share information that is open to many anonymous users, and it has been increasingly used as a means to exchange information which is important for society and the economy. While communication networks have become an ever-increasing part of our daily lives, so does our dependency upon their underlying infrastructure. Unfortunately, as our dependency has grown, also hostile attacks on the infrastructure by network predators have increased in number and impact. Newly discovered forms of attacks, the availability and wide distribution of attack tools, as well as the flaws in common desktop software have resulted in networks becoming increasingly vulnerable. Sophisticated, distributed denial-of-service attacks on the Internet are rising, and simple viruses are argued to have cost billions of dollars worldwide in lost productivity. For these reasons, it is essential to guarantee the security of information which is considered of critical importance, from a political, economic, financial or social standpoint. In order to safeguard critical information resources and to guarantee network security, the technical aspects of network security have been explored in many studies. Even if large parts of the network have state-of-the-art security, in practice the level of security is only as strong as the weakest link in the entire network. Current information security services, which are used in individual systems, are generally limited by regulations and legislation to national borders, rather than being applied to all nations or to international networks. Since the security system is usually located at the network access point, it is imperative to have a security plan for the access point. In addition, interoperability among individual security systems must be provided and security nodes must be monitored and controlled. Furthermore, secure network techniques should be introduced in order to provide information security services which meet diverse user requirements. Only a combination of measures can result in improved protection of critical network infrastructures. Effects of network vulnerabilities There are several examples of damage that may result from vulnerabilities or defects in today’s network infrastructures. Services with high financial value, such as banking, e-commerce, and trade, exchange confidential data worldwide, beyond the boundaries of national network regulation and legislation. Other industries, such as aviation, space transport, mass transit, and shipping, also depend on the network infrastructure. Elements of a transportation system, such as communication, navigation or the information network, can be threatened in numerous ways. For instance, there are only few technical security features implemented in the GPS (global positioning system), which is used as a navigation tool for aircraft, ships, and automobiles as well as a positioning tool during military operations. Power supply can also affect the physical aspects of network infrastructures. Natural disasters can damage important data even if perfect back-up systems are available. Other examples of dependent infrastructures include energy infrastructures, such as oil and natural gas. Similarly, cyber disruptions can result in damages of these infrastructures stretching over a wide geographical range. A reliable international security system is necessary, if such damage is to be prevented in advance. Impact of new technologies There are also new security threats in telecommunications resulting from the evolution of cellular and other wireless technologies. Cellular devices, in particular, are becoming general-purpose computing platforms. These devices are present in very large numbers, and most are supported by software provided by a small number of manufacturers. These manufacturers' operating systems, now somewhat obscure, are becoming familiar to attackers. The increasing prevalence of Internet connectivity in wireless networks opens these devices to the same avenues of attack as currently available for non-mobile Internet hosts. In addition, device mobility complicates the auditing and control of device configurations. The cellular infrastructure could be especially vulnerable to phone-based threats, especially if Internet access is provided via an internal network, logically located inside the carrier's network. Raised awareness Network infrastructure security has become a high priority issue due to a variety of reasons, including data protection, economic dependency, national security, and e-commerce. These are good reasons for international cooperation. Currently, although each country applies legal restrictions for network infrastructure security based on its own network situation, there is no international legal policy or system that applies. A systematic international legal solution for network infrastructure security must be developed. In the past few years, there has been an increase in the number of infrastructure security initiatives around the world, as a reaction to many and varied network security incidents. In Europe a new agency, ENISA, is becoming operational, which will address some of the issues. Among the European standards organisation, a new group has been set up to co-ordinate security issues. Conclusion The knowledge on computer security has already reached a high level, but the implementation lags far behind, with continued failure to implement security measures. There are a number of reasons for this deficit. Information on the details of security vulnerabilities, threats, and breaches is insufficient, and incentives to encourage the private sector to improve critical infrastructure protection are lacking. This is exacerbated by technology and competition cycles, which provide further disincentives for the private sector to pay attention to and invest in critical infrastructure protection. Better data will certainly help, because it will demonstrate the case for improved critical infrastructure protection. The establishment of an incentive structure, which might include insurance requirements, liability, standards, and R&D and tax credits, should accompany this. At EU level, from a policy standpoint, both the improvement of technologies for e-procurement and the reform of existing public procurement procedures are now regarded as complementary measures that will enable public utilities and other public sector organisations in the EU to make more extensive use of public procurement as an instrument for stimulating private sector research and development. However, such public services can only be developed, if trust in the network infrastructure and service security can be increased. Further information about INNO-UTILITIES is available at www.inno-utilities.org Please send us your comments on this article. |
