Forty-two years ago, John F. Kennedy's commitment to landing a man on the moon and returning him safely to the Earth was the epitome of a "Grand Challenge"—the attempt to tackle a problem in science or engineering that is easy to describe but monumentally difficult to solve. More recently, the field of supercomputing has used the Grand Challenge concept as a tool for guiding research and funding priorities for such activities as modeling the global climate or accurately predicting weather many days in advance.
The notion of a Grand Challenge had left some
Well, it does. In November, I had the honor of being included among 50 of the leading computer security researchers in the world in doing just that
After days of round-the-clock meetings and late-night wordsmithing, this predictably cantankerous crowd managed to come up with four challenges deemed worthy of "sustained commitments." We identified the hard problems that we don't know how to solve today but that might be solvable within a decade (assuming enough research dollars are spent). Perhaps most important, they are problems that need to be solved if we want to continue to enjoy the fruits of the computer revolution.
First on the list of Grand Challenges is the elimination of "epidemic-style attacks" within 10 years. Certainly it would be nice to return to an Internet that is largely free of viruses, worms and spam. But it is interesting to note that the conference attendees don't think the solution to viruses and worms is for people to install antivirus software and keep their systems up-to-date
Certainly, the second challenge seems more doable than the first. Various pieces of the puzzle have been discussed at length: Perhaps all we need to do is assemble these tools together in a complete whole. Some researchers argue, for example, that every electronic voting machine should have an internal little printer and a roll of paper just to prevent the computer system from accidentally zeroing out votes for one candidate and assigning them to another.
But a competing proposal would have a second computer recording the votes with a digital camera. Indeed, this might not be a Grand Challenge at all if it weren't so terribly important and if we hadn't, as a society, done such a bad job with our voting system attempts to date.Measuring RiskThe third Grand Challenge doesn't seem all that difficult
If we could reliably measure the risk associated with a particular piece of software, we could then give an estimate of how much it would cost to decrease the risk
Alas, there are many problems with "best practices." The most obvious is that they really don't tell you how secure you happen to be at the moment. Instead, they simply tell you that you are as secure as everybody else who is following the same practices. Likewise, best practices give no metric for making purchasing decisions. That's why reviews comparing antivirus systems or firewalls tend to stress other factors, such as how much the systems cost, how fast they run and how easy they are to manage. Today, we just don't have good tools for measuring and quantifying the actual differences between various security applications and appliances. Control FreaksOur final challenge is to make security easier to use
This "secure usability" chestnut is a hard one to crack. After all, for years security experts have been telling everybody else that security and usability are diametrically opposed: If you make a system more secure, you make a system harder to use, and vice versa. Making security something that users can understand might mean that we need to fundamentally change the way that we think about and work with information systems.
Consider the role of education. It's easy to blame many of the recent Internet worm epidemics on the failure of users to download and install software updates. At the height of the Blaster worm, Microsoft was running full-page advertisements in many newspapers giving people instructions on how to enable XP's built-in Internet Connection Firewall. But this massive educational campaign wouldn't have been needed if Microsoft had instead configured XP to automatically download and install its patches. Are we better off trying to educate users who do not wish to be educated, or should we be automating as many processes as possible, knowing that those automated systems will occasionally make a mis- take
Creating these challenges was a useful exercise for the researchers, academics and government employees who attended the workshop. But the real value of this work was putting a signpost into the ground pointing to the direction in which we should be marching. It's easy to get caught up in the tactical elements of computer security, with all of its encryption algorithms, public-key infrastructures, disk sanitization and other nuts-and-bolts issues. Ultimately, though, we need to start thinking more strategically about computer security, or else we are going to lose this war.
Indeed, if we don't get a handle on the spam and worm problems soon, Internet e-mail could become a lost communication medium
Nevertheless, I hope these challenges will be used as a starting point for research projects and for businessfolk who are thinking of starting new companies. There's clearly a lot of work to be done. Let's get started!