Dorothy Denning: Researcher

“I’m currently studying trust and influence in the context of social and technological networks in preparation for a course I am developing at the Naval Postgraduate School. I’m trying to understand the nature and functions of trust and influence: how they are established, maintained and destroyed; and the role they play in human relationships, organizations and societies.

For CSOs, trust is essential in two domains. First, the software and hardware underlying the organization’s information infrastructure must be secure enough that the technology can be trusted to support mission-critical functions. Otherwise, the productivity gains possible with computing technology will not be fully realized, and people will resort to less efficient, manual methods for critical communications, business transactions and information processing. Or computers will be used, but information will be compromised, corrupted or destroyedthe consequences of which can be costly and even damaging to the organization’s credibility, particularly if compromised systems are used to launch attacks against other organizations. Second, the people must be trusted to use and operate the technology in a way that maintains security and is consistent with organizational objectives. Using weak passwords, for example, can undermine the security offered by firewalls and other security measures. Insiders must be trusted to not abuse their authority or engage in inappropriate or illegal activity.

Trust is also essential at a broader level to achieve national objectives for cyberspace security. In particular, efforts to promote information sharing through industry-sponsored Information Sharing and Analysis Centers and government-industry partnerships will fail unless CSOs have sufficient trust in each other and in the information-sharing systems used. CSOs will not share sensitive information unless they are confident that it will not be exposed or used against them. They need to know that their information is well-protected from both insiders and outsiders.

Because our national critical infrastructures are operated primarily by the private sector, the government and citizens must also trust the owners of those systems to provide security, reliability and survivability. To the extent that the industries involved are not regulated, this trust will be based more on the voluntary initiatives taken by the infrastructure owners than on government forces. Not everyone finds this approach satisfactory, but the industries themselves have a strong business incentive to protect their systems from physical attacks and cyberattacks.

The challenge of trust is that it is usually hard to establishbut so easy to destroy. It can take months or years of interaction before people trust each other or a particular technology. Yet, a single breach of trust can undermine it almost immediately.”