|Fusion of Security System Data to Improve Airport Security
The security of the U.S. commercial aviation system has been a growing concern since the 1970's when the hijacking of aircraft became a serious problem. Over that period, federal aviation officials have been searching for more effective ways for non-invasive screening of passengers, luggage, and cargo to detect concealed explosives and weapons. To assist in this effort, the Transportation Security Administration (TSA) asked the NRC for a study of emerging screening technologies. This book - the fourth of four - focuses on data fusion as a means to significantly improve the ability of the existing suite of airport detection systems and access control systems to detect and prevent attacks. The book presents a discussion of the data fusion, an analysis of current data fusion efforts, and an assessment of data fusion opportunities for various airport security activities.
|Summary of a Workshop on Software-Intensive Systems and Uncertainty at Scale
The growing scale and complexity of software-intensive systems are introducing fundamental new challenges of uncertainty and scale that are particularly demanding for defense systems. To assist in meeting these challenges, the Department of Defense asked the NRC to assess the nature of U.S. national investment in software research. As part of this study, a workshop was held to examine uncertainty at scale in current and future software-intensive systems. This report presents a summary of the workshop discussions that centered on process, architecture, and the grand scale; DoD software challenges for future systems; agility at scale; quality and assurance with scale and uncertainty; and enterprise scale and beyond. The report also offers a summary of key themes emerging from the workshop: architectural challenges in large-scale systems; the need for software engineering capability; and open questions and research opportunities.
|Strategic Management of Information and Communication TechnologyThe United States Air Force Experience with Y2K
Although Y2K did not result in major disruptions, the event is a rich source of critical lessons for strategic management of information and communication technology (ICT), many of which apply to large organizations today. Using a case study approach, this report describes lessons learned from the response of the Air Force to Y2K and makes recommendations for managing ICT complexity, aligning organizational and ICT strategies, and minimizing risk.
|Social Security Administration Electronic Service ProvisionA Strategic Assessment
Social Security Administration Electronic Service Provision examines the Social Security Administration's (SSA's) proposed e-government strategy and provides advice on how the SSA can best deliver services to its constituencies in the future. The assessment by the Committee on the Social Security Administration's E-Government Strategy and Planning for the Future was based on (1) its examination of the SSA's current e-government strategy, including technological assumptions, performance measures and targets, planned operational capabilities, strategic requirements, and future goals; (2) its consideration of strategies, assumptions, and technical and operational requirements in comparable public- and private-sector institutions; and (3) its consideration of the larger organizational, societal, and technological context in which the SSA operates.
|Toward a Safer and More Secure Cyberspace
Given the growing importance of cyberspace to nearly all aspects of national life, a secure cyberspace is vitally important to the nation, but cyberspace is far from secure today. The United States faces the real risk that adversaries will exploit vulnerabilities in the nation’s critical information systems, thereby causing considerable suffering and damage. Online e-commerce business, government agency files, and identity records are all potential security targets.
Toward a Safer and More Secure Cyberspace examines these Internet security vulnerabilities and offers a strategy for future research aimed at countering cyber attacks. It also explores the nature of online threats and some of the reasons why past research for improving cybersecurity has had less impact than anticipated, and considers the human resource base needed to advance the cybersecurity research agenda.
This book will be an invaluable resource for Internet security professionals, information technologists, policy makers, data stewards, e-commerce providers, consumer protection advocates, and others interested in digital security and safety.
|Software for Dependable SystemsSufficient Evidence?
The focus of Software for Dependable Systems is a set of fundamental principles that underlie software system dependability and that suggest a different approach to the development and assessment of dependable software.
Unfortunately, it is difficult to assess the dependability of software. The field of software engineering suffers from a pervasive lack of evidence about the incidence and severity of software failures; about the dependability of existing software systems; about the efficacy of existing and proposed development methods; about the benefits of certification schemes; and so on. There are many anecdotal reports, which—although often useful for indicating areas of concern or highlighting promising avenues of research—do little to establish a sound and complete basis for making policy decisions regarding dependability. The committee regards claims of extraordinary dependability that are sometimes made on this basis for the most critical of systems as unsubstantiated, and perhaps irresponsible. This difficulty regarding the lack of evidence for system dependability leads to two conclusions: (1) that better evidence is needed, so that approaches aimed at improving the dependability of software can be objectively assessed, and (2) that, for now, the pursuit of dependability in software systems should focus on the construction and evaluation of evidence.
The committee also recognized the importance of adopting the practices that are already known and used by the best developers; this report gives a sample of such practices. Some of these (such as systematic configuration management and automated regression testing) are relatively easy to adopt; others (such as constructing hazard analyses and threat models, exploiting formal notations when appropriate, and applying static analysis to code) will require new training for many developers. However valuable, though, these practices are in themselves no silver bullet, and new techniques and methods will be required in order to build future software systems to the level of dependability that will be required.
|Engaging Privacy and Information Technology in a Digital Age
Privacy is a growing concern in the United States and around the world. The spread of the Internet and the seemingly boundaryless options for collecting, saving, sharing, and comparing information trigger consumer worries. Online practices of business and government agencies may present new ways to compromise privacy, and e-commerce and technologies that make a wide range of personal information available to anyone with a Web browser only begin to hint at the possibilities for inappropriate or unwarranted intrusion into our personal lives. Engaging Privacy and Information Technology in a Digital Age presents a comprehensive and multidisciplinary examination of privacy in the information age. It explores such important concepts as how the threats to privacy evolving, how can privacy be protected and how society can balance the interests of individuals, businesses and government in ways that promote privacy reasonably and effectively? This book seeks to raise awareness of the web of connectedness among the actions one takes and the privacy policies that are enacted, and provides a variety of tools and concepts with which debates over privacy can be more fruitfully engaged. Engaging Privacy and Information Technology in a Digital Age focuses on three major components affecting notions, perceptions, and expectations of privacy: technological change, societal shifts, and circumstantial discontinuities. This book will be of special interest to anyone interested in understanding why privacy issues are often so intractable.
|Improving Disaster ManagementThe Role of IT in Mitigation, Preparedness, Response, and Recovery
Information technology (IT) has the potential to play a critical role in managing natural and human-made disasters. Damage to communications infrastructure, along with other communications problems exacerbated the difficulties in carrying out response and recovery efforts following Hurricane Katrina. To assist government planning in this area, the Congress, in the E-government Act of 2002, directed the Federal Emergency Management Agency (FEMA) to request the NRC to conduct a study on the application of IT to disaster management. This report characterizes disaster management providing a framework for considering the range and nature of information and communication needs; presents a vision of the potential for IT to improve disaster management; provides an analysis of structural, organizational, and other non-technical barriers to the acquisition, adoption, and effective use of IT in disaster; and offers an outline of a research program aimed at strengthening IT-enabled capabilities for disaster management.