Reflections on the evolution of internet threats: the growing imperative for a cyber secure society

Abstract

Critical infrastructure, including the Internet, plays a vital role in the economic, political, and social fabric of society. This interdependency leaves society vulnerable to a wide range of threats that impact the security, reliability, availability, and overall trustworthiness of information technology resources. Assuring these properties in the face of adversarial behavior and an Internet that has changed dramatically in size, complexity, and diversity over the last decade has proven to be a critical challenge. In this talk, I will reflect on the evolution of Internet threats - from early threats, such as viruses and worms, to modern botnets. I will explore how changing attacker's technological means (e.g., resilient infrastructure, covert communication) have intertwined with attacker's changing social, behavioral, and economic motives (e.g., vandalism, crime, activism) to create today's large, complex, and diverse ecosystem of threats. I will also touch on how future innovation in the threat landscape will likely be driven by Internet adoption patterns such as the explosive growth of on-line data, the proliferation of mobile devices, and the emergence of the "cloud" computing paradigm. In response to these challenges, I will discuss the need for sustained, long-term research investments in a spectrum of scientific and technical areas with particular emphasis on calls to develop the scientific foundations of cyber-security and to accelerate the transition of knowledge into practice. I will articulate a vision in which a cyber secure society is necessary if we are to achieve the promise of computing to address a wide range of national priorities including health, energy, transportation, education and life-long learning, and public safety/emergency preparedness.