RELIABILITY AND VULNERABILITY OF THE NATIONAL INFORMATION INFRASTRUCTURE (NII)

A BLUEPRINT FOR ACTION
AUGUST 17, 1995
EXECUTIVE SUMMARY

THE NATIONAL INFORMATION INFRASTRUCTURE

The United States is in the midst of a revolution in the way that it does business. This revolution is driven by the explosion in information technology and the availability and affordability of vast new information services. The White House has recognized the information revolution and established a National Information Infrastructure (NII) initiative to harness its energy. As described in the Administration's National Information Infrastructure: Agenda for Action, the NII will produce benefits to society that will change forever the way people live, work, and interact with each other. The vision of the NII is an advanced information infrastructure consisting of communications networks, computers, data bases, and consumer electronics. It will be built and operated by the private sector, evolving from networks, information services, and applications that are in place today. These existing networks and systems already comprise a nation-wide information infrastructure and the issue is how the evolution will take place to realize the promise and potential of the NII.

RELIABILITY AND SECURITY OF INFORMATION SERVICES

As the government, private sector, and general public become increasingly dependent on information services to support the nation's economic well-being and lifestyle, the reliability and security of these information services will become increasingly critical. Temporary loss of service will not only be inconvenient but could be life threatening (e.g., natural disasters or national security situations). Wide-spread failures of the networks and services could be catastrophic. Prolonged disruption of the commercial financial infrastructure or denial of basic telecommunications services could result in business failures and damage to the national economy. For these reasons, U.S. economic security and its stability are now regarded as vital national security concerns. Reliability and security of NII services are the keys to consumer confidence.

RELIABILITY AND VULNERABILITY WORKING GROUP

In order to promote the principles of reliability and security in the NII, a Reliability and Vulnerability Working Group (RVWG) was formed as an inter-agency working group under the Administration's Information Infrastructure Task Force (IITF). The RVWG was chartered to be the government's focal point in defining the attributes of reliability for the NII. To this end, it will identify threats, vulnerabilities, or other issues relevant to the reliability and survivability of NII services.

To focus the efforts of the working group, the RVWG has defined a set of broad actions as a road map for accomplishing its objectives. The recently published document, Vision of the Reliability and Vulnerability Working Group, describes these actions and presents the RVWG's preliminary findings. These findings include the principle that levels of performance in the NII will be determined by the expectations of customers and their willingness to pay for specific features and capabilities. The government's role in this process should be to encourage competition and ensure a level playing field among competitors, with a minimum of oversight or regulation. As presented in the RVWG Vision document, the emerging principles for ensuring reliability and security in the NII are:

In order for the private sector to plan for the provision of capabilities and required levels of performance for the NII, the government must identify its reliability and security requirements. In particular, the government must work with industry to determine what capabilities are not likely to be commercially available through market demand and how these capabilities should be developed.

BLUEPRINT FOR ACTION

To provide the government's perspective on the attributes of reliability and security in the NII, the RVWG has developed a set of desired NII features and capabilities. These capabilities were identified from the points of view of various classes of information consumers. There are requirements from general day-to-day users of the NII, as well as users of critical services during emergencies where public safety could be involved, and users who would perform national security and emergency preparedness (NS/EP) functions during national emergencies. Other capability requirements were identified from the need to protect the networks from failure in the face of various threats. Further, reliability in the NII is not only a product of systems and technology, it also depends on appropriate capabilities for management of information resources and on government leadership in the areas of policy, regulation, and legal/legislative frameworks pertaining to information technology.

This paper supplements the previously referenced RVWG Vision document and presents an updated summary of the RVWG's findings. The attributes for reliability and security that are necessary to assure consumer confidence and trust in the NII are identified as an initial blueprint for the acquisition of future government information systems. This information is intended for use by the Administration, government agencies, and the private sector as a guide to assist in the design and use of networks, information services, and applications that satisfy the reliability and security requirements of the nation.

A companion document, Capability Assessments, is a supplement to the Blueprint document. It contains preliminary assessments by the RVWG of how well the current NII satisfies the proposed features and capabilities for reliability and security. Although these assessments are highly subjective, they serve to highlight potential areas of concern.

ATTRIBUTES OF RELIABILITY IN THE NII

From identification of the capabilities and features as described in this paper, the RVWG has proposed an initial set of broad reliability attributes for the NII. These attributes support consumer confidence in the NII and are consistent with the nation's dependence on its information services:

I. INTRODUCTION

The Reliability and Vulnerability Working Group. The National Information Infrastructure: Agenda for Action, published September 15, 1993, describes the White House's vision for the National Information Infrastructure (NII) and identifies its benefits for society and for the nation. It further defines a set of goals and policy principles to guide the government's actions in harnessing the information revolution. The Agenda for Action establishes an Information Infrastructure Task Force (IITF) to articulate the Administration's vision and oversee its implementation. The task force consists of high-level representatives of federal agencies that play a major role in the development and application of information technologies. Working together with the private sector, the participating agencies will develop comprehensive telecommunications and information policies that best meet the needs of the agencies as well as the country.

In order to promote the principles of reliability and security in the NII, a Reliability and Vulnerability Working Group (RVWG) was formed as an inter-agency working group under the Telecommunications Policy Committee of the IITF. The RVWG was chartered to be the government's focal point in defining the attributes of reliability for the NII. To this end, it will identify threats, vulnerabilities, or other issues relevant to the reliability and survivability of NII services.

RVWG Approach. The NII will be built, owned, and operated by the private sector. Thus, the government's role is to ensure a level playing field for open competition and provide leadership in defining the government's information needs. To accomplish this role, the RVWG will work with industry and government players in the NII community to identify policy, legislative, regulatory, or other actions that the government should take to foster reliability and security. To focus the efforts of the working group and to set a road map for reaching its objectives, the RVWG has identified a set of broad actions to follow. The recently published Vision of the Reliability and Vulnerability Working Group describes these actions and presents the preliminary findings of the RVWG.

The RVWG has begun work in the areas of each of the prescribed actions, but the working group itself lacks the resources and in-depth expertise that resides in other government organizations. For this reason, the RVWG is negotiating with various government agencies to act as Offices of Primary Responsibility (OPRs) to lead in the execution of specific actions that have been defined. For example, the Office of the Manager, National Communications System (OMNCS) has a comprehensive understanding of the information needs of national security and emergency preparedness (NS/EP) users. Similarly, the General Services Administration (GSA) is cognizant of the day-to-day information needs of the federal government, and the National Institute of Standards and Technology (NIST) has expertise in defining capabilities to protect the networks against threats that could deny the availability of information services.

Purpose of This Paper. This paper supplements the previously referenced RVWG Vision document and presents an updated summary of the working group's findings. It identifies the information needs of users of the NII and develops a set of corresponding reliability capabilities and features in the NII that are consistent with these needs. This information provides a common starting point and a frame of reference for the government OPRs who will lead in the execution of the RVWG's planned actions. It is also intended for use by the Administration, government agencies, and the private sector as a guide to assist in the design and use of networks, information services, and applications that satisfy the reliability and security requirements of the nation. The attributes for reliability and security that are necessary to assure consumer confidence and trust in the NII are identified as a blueprint for the acquisition of future government information systems.

II. SCOPE AND BACKGROUND

RVWG Charter. The RVWG is the government's focal point for defining the attributes of reliability, survivability, and security of the networks and systems of the NII and their extension to global information systems. It will identify network vulnerabilities, potential threats to the networks, and other issues relevant to the reliability and survivability of the NII. It will determine implications for U.S. policy and will make appropriate recommendations for legislation, regulations, policy, or other measures that the government should take to enhance the reliability, survivability, and security of information systems in the NII. To this end, the RVWG will work closely with the private sector and other committees and working groups of the IITF.

To accomplish the objectives of a reliable, survivable, and secure NII, the RVWG will work to ensure that:

Terms and Definitions. Terms such as reliability, security, availability, and privacy can be defined clearly and distinctly but, often, their meanings are blurred in common usage. Since these terms sometimes have ambiguous meanings, the following definitions will be used in this paper:

Partitioning the Problem. The NII will be expected to provide reliable and secure services under all conditions associated with normal, day-to-day circumstances and emergency conditions which may range from natural disasters through national security crises and even war. The general public, commercial, and government users will compete for services during emergencies and, in the case of NS/EP circumstances, the needs of certain users performing designated critical functions must also be met.

The RVWG is specifically tasked to address the security of network information and protection from catastrophic network failure. Although there is a great deal of overlap between the concepts for network security, information security, and overall reliability and availability, a distinction is made between protection of the networks and protection of the information itself. The RVWG would be concerned, for example, with the risk of unauthorized penetration of switches or other network elements. Other IITF groups would be concerned with, for example, the effectiveness of end-to-end encryption algorithms.

The partitioning in Figure 1 is used to define the reliability, survivability, and security of

NII services from four viewpoints. These viewpoints are complementary and not mutually exclusive.

Figure 1. Partitioning the Problem

The Unbounded NII. The Administration's Agenda for Action describes the NII as a "seamless web of communications networks, computers data bases, and consumer electronics that will put vast amounts of information at users' fingertips". This vision of the NII includes people, facilities, computers, communications, data bases, information systems, and sources that are attached to the networks. The NII will involve unlimited numbers of providers of information transport, services, and added value applications, with no central ownership or management. The scope of systems, technologies, services, and industries that are expected to comprise the NII is unbounded and there are many government groups, industry consortia, and other members of the NII community who are addressing issues in this broad context. Thus, the RVWG must define a reasonable focus for its efforts and not duplicate the efforts of others.

Scope of RVWG Efforts. The layered model of the NII is a useful visualization of the relationships among the communications transport, information processing, and information sources that comprise an information infrastructure. As shown in Figure 2, for example, information consumers have applications (e.g., entertainment) which may interface with "appliances" (e.g., multi-media terminals). These appliances may invoke other appliances (e.g., Web Servers) or may invoke network services (e.g., billing). The network services are based on standard protocols which enable access to other appliances or information sources through "bitways", which provide handling and transport for information services.

From the viewpoint of the general and NS/EP users of the NII, the requirements for reliable services from these systems are end-to-end and extend from communications transport to information appliances and user applications. Similarly, for policy, legislative, and regulatory issues, the entire NII as depicted in Figure 2 is within the scope of RVWG concern. However, the major networks or system elements that have been addressed by the RVWG to date include the Public Switched Networks (PSN), Internet, cable TV, commercial satellite systems, and wireless systems such as cellular telephone that access the NII. From the viewpoint of security, the RVWG is focusing its attention on the protection of these networks from loss of service and the security of network information. Fortunately, there are other groups and organizations addressing appliances, network services, and attached information systems and other dimensions of the unbounded NII.

Figure 2. Layered View of the NII

Groups such as the IITF Security Issues Forum and the Government Information Technology Services (GITS) Working Group are leading initiatives to address Information Security in the NII. Additionally, the IITF Applications and Technology Committee is leading the addressal of appliances and user applications. In particular, the Technology Policy Working Group has published a Framework for National Information Infrastructure (NII) Services document that develops a framework for NII services and appliances.

Thus, the RVWG is ultimately concerned with the reliability, survivability, and security of information services that extend from bitways to applications in the model shown in Figure 2. To this end:

III. USER APPLICATIONS AND INFORMATION NEEDS

NII Users. The nation's dependence on the telephone as a household and business necessity has been replaced by an increasing dependence on information services of all kinds. This dependence ranges from support to personal lifestyles, to the day-to-day conduct of business, continuous availability for critical functions such as hospitals, response to local emergencies, law enforcement, public safety, and other functions associated with NS/EP emergencies. The RVWG is chartered to address the reliability of NII services to all of these classes of users. In order to describe the information needs of this diverse population, three general classes of users are defined:

General and Essential Users of the NII. As shown in Table 1, the major classes of general users include individuals with personal, household, or other business activities. They also include commercial, government, or other public organizations conducting functions such as electronic data interchange or electronic commerce. Individuals are becoming more and more sophisticated users of the new tools for personal information exchange on the Internet. Interactive multi-media access to the NII will be in demand for entertainment, home shopping, and the myriad of new services that are becoming available.

Organizational users are also becoming sophisticated consumers of new technology and are developing strong dependencies on information services for business applications. Security and dependability of information resources will be paramount, with an emerging market for new technologies such as digital signatures and digital cash.

Users of essential information services may be general users who also have a specific and critical need for the immediate availability of services during emergency circumstances. These circumstances may also involve network congestion or stressed conditions which exacerbate the competition for information resources. Another category of essential services includes services that should be considered as non-interruptable, for example 911 telephone service. Table 1 summarizes user functions that categorize the information applications of general and essential users. These applications are not exhaustive but are useful in describing the information needs of these users.

Table 1. Applications of General and Essential Users of the NII

NS/EP Users of the NII. Table 2 defines a range of functions that may be performed during NS/EP circumstances.[1] These functions would be performed by designated personnel who would depend upon the NII for their information needs. This particular set of NS/EP functions is derived from the efforts of both government and industry representatives who developed the Telecommunications Services Priority (TSP) system.

The functions in Table 2 range from critical activities supporting national security and public safety, through maintaining the nation's economic posture. In general, NS/EP functions demand assured availability of voice and messaging services under conditions of stress on the infrastructure. These functions imply the need for possible priority allocation of information resources and define special capabilities such as emergency broadcast. More advanced features such as imagery and collaborative computing may be desired for specific functions, but the demand appears to be less universal than the need for voice band and data services. These conclusions are verified by a recent OMNCS survey of NCS member organizations regarding their perceived needs for NS/EP NII capabilities. Among the findings of the survey were, in priority order:

Table 2. Applications of NS/EP Users of the NII

IV. RELIABILITY FEATURES AND CAPABILITIES

Categories of Features and Capabilities. From consideration of the information needs of users of the NII, the RVWG has prepared an initial set of features and capabilities that should be promoted to ensure the reliability, survivability, and security of services. As discussed previously, the NII will serve all classes of users who may have different information needs, depending on the circumstances and functions being performed. The RVWG has considered the basic classes of general day-to-day users, the users of services that are essential during emergencies or stressed conditions, and the special requirements for information services during NS/EP circumstances. In addition, the capabilities needed to support the security and protection of the networks have been considered, as well as capabilities in the management, policy, legislative, and regulatory areas.

Capabilities for General Users. The NII should provide reliable information services and systems to meet all information needs of commercial, government, and general public users -- under day-to-day and stressed conditions.

Capabilities for Users of Essential Services. This class of users requires all of the capabilities of general users, plus:

Assured Capabilities for NS/EP Users. All of the capabilities of general and essential users, plus the requirement to provide assured and timely transfer of information among federal, state, and local government participants as they respond to any emergency situation, including natural disasters, terrorist attacks, civil disturbances, and war:

Capabilities for Protection of the Network. Security of the NII networks, including protection of network information and measures to minimize loss of service.

Management Capabilities. Management mechanisms that permit and encourage collaboration -- across industry and between industry and government -- to ensure seamless, reliable, and secure services from a heterogeneous NII.

National Policy. Consistent policy on information services technology that both encourages competition and protects the nation's critical interests, in the international as well as domestic arenas.

Regulatory Policy. Effective and fair regulatory policies that reflect the restructured and evolving information and telecommunications industries.

Legal/Legislative Frameworks. Legal and legislative frameworks that protect security and reliability of the NII.

V. ATTRIBUTES OF RELIABILITY IN THE NII

Integrated Features and Capabilities. Section III summarized the information needs of government and private sector users of the NII, and Section IV developed a list of features and capabilities that would promote reliability and security in satisfying these needs. The goal features and capabilities in Section IV can be traced to the projected applications of users, to the threats to the security of the networks, and to the requirements associated with management, policy, regulation, and legal/legislative frameworks. In this section, these features and capabilities are integrated into a broader group of capabilities that are defined here as the preliminary set of desired attributes of reliability, survivability, and security proposed by the RVWG. These attributes could be used as a checklist for consideration in the acquisition of future government information systems:

The substance of these broad attributes is defined in terms of the reliability features and capabilities that were shown in Section IV.

Reliable Performance. Consistency, repeatability or dependability with which specified services, functions, or operations are performed, over time and under specific conditions.

Available Services. The property that authorized users can access and use information or telecommunications services at any time.

Trust. Confidence in the protection of information handled by the NII.

Priority Treatment. The capability to manage the allocation of information resources.

Broadcast Information Dissemination.

Protection of the Networks. Protection of the networks from threats to loss of service and protection of network information.

Monitoring and Restoral. Capability to monitor the networks, rapidly reconfigure the networks, and restore network failures.

Management Mechanisms. Management mechanisms that permit and encourage collaboration -- across industry and between industry and government -- to ensure seamless, reliable, and secure services from a heterogeneous NII.

Government Leadership

Regulatory Policy. Effective and fair regulatory policies.

Legal/Legislative Frameworks. Legal and legislative frameworks that protect security and reliability of the NII.