Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security Technology

"Grand Challenges" in Cyber Security Risks 12

The Computing Research Association recently invited 50 of the top scientists, educators, business people, and futurists in cyber security to an executive retreat in Virginia and locked them away for three days until they identified a set of "Grand Challenges" in information security research -- ideas that should "shape the research agenda in the field over the next few decades." The conference participants identified four: eliminate epidemic-style attacks (viruses, worms, email spam) within 10 years; develop tools and principles that allow construction of large-scale systems for important societal applications -- such as medical records systems -- that are highly trustworthy despite being attractive targets; develop quantitative information-systems risk management to be at least as good as quantitative financial risk management within the next decade; and give end-users security controls they can understand and privacy they can control for the dynamic, pervasive computing environments of the future. They haven't written the final report yet (due in early 2004), but they've already told Congress about it. Sounds like they've got a lot of work to do.
This discussion has been archived. No new comments can be posted.

"Grand Challenges" in Cyber Security Risks

Comments Filter:
  • ...privacy they can control for the dynamic, pervasive computing environments of the future.

    I'd like to see how this jives with the slowly-growing move toward "trusted computing". The dynamic, pervasive computing environments of the future may be designed to give the illusion of privacy, while silently reporting back to $CORPORATION. "Control" might be little more than a toggle switch which disables the "now transmitting data" message box.

  • ...is how to keep 50 top experts locked up in an executive retreat for three days.
  • The conference participants identified four: eliminate epidemic-style attacks (viruses, worms, email spam) within 10 years

    Well in 10 years I'm quite positive that there will be many different and more creative ways of performing attacks, we just have to wait for the newer generations to get out of elementary school.
  • Mobile phones...? (Score:3, Insightful)

    by Fulkkari ( 603331 ) on Monday December 01, 2003 @12:41PM (#7600259)

    I hope they didn't exclude mobile phones from their final report. While most of the mobile phones still are plain old phones, there still is a great potential of insecurity among these "new generation" phones. As covered on Slashdot [slashdot.org] last week, it would be smart to understand the problems with integrating the phones into the Internet. I'm pretty sure that developers at Nokia hasn't yet seen the really big problems, and that's good - in a way.

    How do you patch your mobile phone if someone finds a security bug in it anyway?

  • I think you're being a little over-critical. I suspect the main thrust of that meeting (potential jokes aside) was less about specific policies, goals, tools, etc...and more towards the development of ISO-like standards and the like so as to be able to judge and/or compare various solutions to these problems. Concerning the virii section: I dont think that one can simply "remove the monoculture". Any seriously popular program could be considered one. Didn't Quake have a few problems? Would it be that d
  • How about getting private, secure, verifiable electronic voting right. Or if it can't be done without a paper trail, showing the limitations of electronic methods.

    Or is this too easy for people who genuinely want to do it?

"All the people are so happy now, their heads are caving in. I'm glad they are a snowman with protective rubber skin" -- They Might Be Giants

Working...