Bruce Schneier has an thought-provoking article on software security: Is There Strategic Software? According to Schneier, “If you define critical infrastructure as 'things essential for the functioning of a society and economy,' then software is critical infrastructure. For many companies and individuals, if their computers stop working, they stop working.â€
That certainly makes protecting the critical infrastructure an impossibly huge task. The solution, he suggests is defense in depth:
If we were to get serious about critical infrastructure, we'd recognize it's all critical and start building security software to protect it. We'd build our security based on the principles of safe failure; we'd assume security would fail and make sure it's OK when it does. We'd use defense in depth and compartmentalization to minimize the effects of failure. Basically, we'd do everything we're supposed to do now to secure our networks.
Lots of comments posted, plenty about open source.
View Comments
There are currently no comments to display.
Post a Comment
To post a comment, you must be a registered user of FCW.com and be logged in. Use one of the forms below to login or register for FREE to FCW.com. To protect your privacy, you can use an alias as your username.
