Good information: The key to good security

On the battlefield, having good information about an adversary's aims, resources and movements, as well as the deployment of your own forces and defenses, can be a decisive advantage. This age-old principle holds true, perhaps more than ever, in the current war against cyberattacks.

As the United States deepens its economic, social and security dependence on technology, its foes are acquiring more sophisticated capabilities designed to sabotage and disrupt these systems.

Superior information can play the same decisive role for battles in cyberspace as it does with conventional conflicts. The purpose of this special report is to look at several ways that information about security is being created, managed and shared to improve the security of the nation and its information technology-based infrastructures.

Better information about the readiness of internal IT security systems, for example, is the goal of a new departmentwide incident management system that the Transportation Department is building, a project detailed in one story in this report.

When the system is completed, DOT officials will be able to see all of the department's security systems, such as firewalls and intrusion-detection systems, through a single Web-based portal. This consolidated information will help officials identify which areas are the most vulnerable to attack and where the most urgent fixes are needed. It will also help them recognize and respond to attacks in real time.

With a somewhat similar idea but on a much broader scale, the government has been encouraging companies from various industries, as well as state governments, to team up and create centers for recording and sharing information about cyberattacks they've experienced.

These Information Sharing and Analysis Centers (ISACs) — 12 have been formed so far — can be valuable early warning systems for signs of coordinated attacks on critical infrastructures such as power grids, financial systems and telecommunications networks. However, a shortage of federal funding for the centers has put pressure on many ISAC members, who are struggling to justify the ongoing expense of their participation.

Interestingly, the method increasingly favored for these kinds of security-related information exchanges — the standards-based Extensible Markup Language — is itself not inherently secure. In the story "Spreading thin," we look at industry efforts to better secure XML transactions.

And on a different front, information about the behavior of cyberattacks — and conversely, the characteristics of normal system behavior — is the foundation of an emerging class of IT security products called intrusion-prevention systems. The systems, as the name suggests, nip attacks before they can do damage by automatically isolating illegal system activity.

Somehow it seems fitting that part of the answer to fixing the vulnerabilities of the Information Age is more information.