Policy Issue Example: Government E-mail
Organizations develop
computer security policies along the lines just described. Generally the
policies lead to the familiar assets, vulnerabilities, and controls. But sometimes
you have to start with existing policieswhich may be formal documents or
informal understandingsand consider how they apply in new situations. Is this
action consistent with the goals of the policy and therefore acceptable?
Applying policies can be like being a judge. As security professionals, we
often focus on security policy without remembering the context in which we are
making policy decisions. In this section, we look at a real-life issue to see
how security policy fits into the broader scope of issues the security must
address.
The U.S. government has
proposed using network technologies to enhance its ability to interact with
American citizens. Some people think that by employing functions such as
electronic mail and World Wide Web access, the government could make more
information available to citizens more quickly and at the same time be more
responsive to citizens' needs. It is also hoped that costs would be reduced, a
winning proposition for government and taxpayers alike.
This proposal has clear
security implications. Indeed, having read this far in this book, you can
probably list dozens of security issues that must be addressed to make this
proposal work. The technology to design, build, and support this type of
function exists, and the requirements, design, and implementation can easily be
done from a technological point of view. But what about the other issues
involved in building such a system? Neu et al. [NEU98]
point out that the technology must be viewed in the larger institutional,
organizational, and administrative contexts.
Much of what the government
wants to do is already done. Many federal agencies have web sites providing
large amounts of information to citizens, such as regulations, reports, and
forms. This type of information is equally accessible to anyone who needs it.
But other information exchange is more personalized: submitting completed tax
forms, filing required paperwork for licenses and benefits, and asking specific
questions about an individual's records, for example. Clearly the last type
suggests stringent requirements relating to confidentiality, authentication,
and integrity.
Neu et al. mention several
security policy issues that must be addressed before such a system could be
implemented. These include the following:
How do the commercial firms'
security policies meet the government's security needs?
To enable secure
communication, the government will likely want to use public key encryption. As
we noted in Chapter 2, a certificate
authority associates a public key with a particular user, establishing the
user's identity. But for the government communication system, we must also know
who has authority to access information and services and to initiate
transactions. The processes required to perform identification are likely to be
different from those performing authorization. In particular, identification
may require direct interaction with a user, whereas authorization may require
links among large databases.
A citizen may have more than
one identity. For example, Jane Doe may be the same person as Mrs. Nathaniel
Simmons, who is also the same person as the Trustee for the Estate of Mr.
Robert Jones. In turn, each of these identities may have multiple authorities.
How will the identification authorities interact with the authorization ones to
enable these situations?
Sometimes the authorization
does not need to be tied to a specific identity. For example, a government
agency may need to know only that an individual is capable of paying for a
service, much as a credit card company provides a credit rating. How will the
authorization be able to release the minimum amount of information possible
about an individual?
How will certificate
authorities have a high degree of confidence in their identification of individuals?
How will certificate
authorities deal with the need to view certain documents, such as birth
certificates and passports, in person? This condition may mean that certificate
authorities may be required to have local offices around the country.
Should there be a single
certificate authority or many? A single provider can minimize the need for
multiple keys and might save money by streamlining operations. But a single
provider can also monitor all of a citizen's transactions, inviting abuse.
These issues are not trivial.
Their solutions, not at all obvious, build on the concepts presented in this
book. But they do so in a way that is not just technological. We can easily
build a PKI to provide certificates to anyone we want. But how do we connect two
certificates, connoting that the digital identities actually belong to the same
person? In the real world you can be anonymous by purchasing something with
cash; how can you be anonymous digitally?
But in addition to the
security issues, there are also broader issues of management, responsibility,
and law. Neu et al. note that, even when the technical issues are resolved, we
have still to answer these questions:
What happens if a certificate authority makes a mistake, either by
identifying or authorizing the wrong person or by assigning keys to an
impostor? What are the legal and financial implications of such an error? What
if the error is made even though the certificate authority followed government
guidelines?
How will citizens create, record, and protect their keys? If smart
cards are used to store keys, does that card become a national identity card?
What legal protections are available to electronic transactions?
For example, in the United States today, it is illegal to intercept someone's
surface mail, but it is not illegal to intercept someone's electronic mail.
How do we prove that official electronic communications, such as a
summons or subpoena, have been read? Will a citizen be responsible for
regularly checking e-mail for official documents?
If law enforcement officials need to access encrypted electronic
communications, how will they be able to perform the decryption? Will there be
a method by which they can obtain the key? Does this require the citizen to
participate?
What levels of protection are
required for electronic documents? For instance, should medical records have
the same level of protection as tax returns or driving violations? How do these
levels apply across the different states that have very different laws? How
does the protection address international law?
How will every citizen be provided with an electronic mail address?
What happens when an e-mail address changes? What security standards will apply
to e-mail boxes and service providers?
How will the government ensure equal access to electronic
government services? Should the government provide help and training to
first-time users?
How will electronic communication be phased in to the current mix
of paper and telephone communication?
These questions are not
challenges to the technical side of computer security. But they are very much a
part of the administrative side. It is not sufficient to know all the latest
encryption algorithms; you also have to know how the use of computer security
mechanisms fits into the broader context of how they are used and what they
support. This example is included to introduce you to the procedural,
administrative, policy, and privacy issues that a computer security
administrator must consider. These questions highlight the degree to which
security planning and policy must fit in with the larger policy issues that we,
as individuals, organizations, and societies, must address. For this reason, in
the next chapter we turn to the legal and ethical considerations of computer
security.
But before we move to those
concerns, we must cover one more topic involved in administering security:
physical security. Protecting computing systems from physical harm is no less
important than protecting data from modification in transit through a network.
In the next section we briefly survey physical security vulnerabilities and
controls.
Related Topics
Privacy Policy, Terms and Conditions, DMCA Policy and Compliant
Copyright © 2018-2023 BrainKart.com; All Rights Reserved. Developed by Therithal info, Chennai.