- Email: [email protected]
17th National Computer Security Conference — An opinion
Computers
& Security, 13 (1994) 481-483
17th National Computer Security Conference An Opinion Edwin B. Heinlein
This annual conference is held in mid-October in Baltimore under the sponsorship of the US government. The agencies named in the welcoming letter are The Computer Systems Laboratory ofthe National Institute of Standards and Technology, the National Computer Security Center and the National Security Agency, otherwise known as NIST, NCSC and NSA. The letter credits Presidential initiatives for a National Information Infrastructure (NII), sometimes called the “Information Super Highway,” in the past year for heightened interest in information security. At the opening plenary session, 11onn parker of SRI was identified as the recipient of the Computer Security Award for this year. In his few words of acknowledgement, the formal award ceremony was scheduled at the end of the conference, Dorm gave full credit for his recognition to the fact that he continues to operate as a “curmudgeon ” in the world of systems security. Whether or not a true curmudgeon, he focuses on the practical matters and never lets us forget that security is as much a ‘people’ problem as it is a technical one. He referred to his paper, presented later at the conference, in which he proposes that the three principles of information systems security, availability, confidentiality and integrity be expanded to availability and utility/usefulness, confidentiality and possession plus integrity and authenticity. He claims that the expanded list is helpful in identieing a larger-than-usual list of threats and that consideration of possession helps to
0167-4048/94/$7.00
0 1994, Elsevier Science Ltd
define differences between military/government business information security.
and
While his points are well made and are based on his experience in analyzing 3500 computer abuse cases gathered since 1958, the integrity/authenticity matter remains a question for me and has been one since the OECD definition of integrity was published. It defines integrity as “the characteristic of data and information being accurate and complete and the preservation of accuracy and completeness. ” For rne, this definition and also Dorm Parker’s, holds the IS Security function responsible for the propriety ofthe data and information rather than “what comes out is the same as what went in.” For example, if I submit a r&urn6 to an employment agency with highly inflated previous salary and qualifications that then are entered into a computer system and then transmitted to prospective employers, why is anyone but me responsible for the false information? Under the integrity definition supplied by the OECI1 and the integrity/authenticity definition supplied by Donn Parker, it seems to include the IS Security function at the employment agency. The conference went into full operation on the afiernoon of the first day with six parallel sessions. On the second, third and half of the fourth day there were five parallel sessions each day with a closing plenary session as the last meeting in the late morning of the fourth day. It is a large conference with a broad range of topics that
481
Edwin B. Heinlein/l 7th National Computer Security Conference - An Opinion
included a panel on product and system certification in Europe. The two volumes of proceedings total over 700 pages. The long awaited draft of the Generally Accepted Security Principles (GSSP), known as ‘gassp’ to most, was distributed and discussed in one session. Since it has been developed in secrecy for several years, there wasn’t much informed discussion possible, at this time. There were several notes in an accompanying document that recognize the existence ofthe Common Criteria efforts and does mention the OECD principles as less than adequate. It does not list the OECD document in the reference or bibliography sections. An early session was titled, “International Harmonization, the Common Criteria - Progressive 8i Status.” It was chaired by Eugene Troy of NIST and the panel was composed of three people from Germany, France and the UK of the European Commission [sic], one from Canada and one from NSA. These people represent the Common Criteria Editorial Board (CCEB) which is chaired by Mr. Troy. He said that the US is driving the international harmonization efforts, has incorporated the Canadian interests in the Common Criteria and is now incorporating the European interests. This will lead to a set of common international criteria next year and then there will be a move to have them become IS0 standards, but who knows when this will happen since they take such a long time to act. (This and all sessions with people whose basic language is not English were conducted in English without the benefit of any instantaneous interpreter facilities.)
The general direction of the discussion was to detail the rights of people using networks and little was said about their responsibilities. Much was said about free speech and how it must be assured, even on privately controlled systems. Privacy was described as not absolute and balanced by a need/desire for discussion. One viewpoint described the possible outcomes of the NII as big bills, information overload,technology drain,less isolation for remotely located people, shift in one’s work style and location plus concern about dependence on a single system. There were for people economic cluded the is the most
several mentions ofwidening the social gap due to accessibility being dependent on capabilities. Finally. the session chair condiscussion with the statement that, “owner dangerous word in security.”
The panel titled, “Medical Information Privacy: Current Legislative and Standards Activity,” featured Mr. T. Olhede from the Swedish Institute for Health Services who reported on a study about the handling of health records in Sweden. The presentation was more oriented to how the study was performed than to make any conclusions about health records privacy or security, and description of the data collected being dependent on who completed the forms than the meaning or use of the data itself.
Another session that same day dealt with the security requirements for distributed systems in the contest of the Common Criteria. It was chaired by Mr. R. Dobry of NSA and it was noted that the Common Criteria issued in 1992 did not address distributed systems and was severely criticized for this lack. His panel consisted of three people, one each from NIST, the University of Maryland and the Institute of Defense Analysis. It was not indicated whether the Common Criteria Editorial Board is favourable to this effort.
Mr. Dale Miller, who is co-chair of the Computer-Based Patient Records Institute formed in 1992, described their efforts to deal with healthcare information security issues related to the computer-based patient record. It is a newly evolving operation that will be affected #by many things. For instance, many times the concept of ‘permanence’ was mentioned and was freely described as a record spanning possibly 100 years of a person’s life to include prenatal information plus all post birth information about one’s health. When I asked about what possible use of benefit an individual would accrue from this, the answer had to do with supplying data for research studies. Then, we got into ownership of information, ownership of medical records and the reasonable amount of data needed for an individual to have in a record when seeking medical care. As one might suspect, there’< much to be defined.
There was a session titled, “Ethical Issues in the National Information Infrastructure” and the panel included DOrothy Denning of Georgetown University. Marc Rotenberg was listed on the panel, but did not attend.
Mr. Robert Gellman, Chief Counsel to the subcommittee in the US House of Representatives that developed Practices legislation named “Fair Health Information Act”, in which details of information sharing and the
482
Computers & Security, Vol. 73, No. 6
concept of information trustees are described, was able to briefly summarize the legislation. It was attached to the Health Security Act and was defeated earlier this year. In any case, this legislation represents a reasonable approach to the handling of health care information on a federal level and does call for the proper care of such data and information.
a structure conceived for a client/server implementation that, in their words,” . ..requires that new forms of system security be incorporated into an EMR at a strrl~trrv~zl(my italics) level, with an emphasis on the labeling of elements to be secured behind a security barrier, with audit trails to document necessary overrides and monitor for suspicious use.”
The Executive Director and the Medical stitute, Mr. Peter Waegemann, mentioned planning and standards activities including work.
Although 1 was a bit put off by having my name spelled right in one place on my attendance badge and wrong in another place on the same badge, the conference was a success. There were at least 2000 people registered at the end of the first day and many informative sessions from which to choose. The conference next year will take place at the same location, the Baltimore Convention Center, from October 10-13. Submissions of proposed papers and panels should arrive by 1 March 1995. Call 301 975 2775 or contact NCS [email protected] on the Internet for complete information.
Records Ina variety of current EU
As part of another session, a paper titled, “Healthcare Information Architecture: Elements of a New Paradigm,” by Daniel Essin and Thomas Lincoln of the University of Southern California and The RAND Corporation, respectively, contained many concepts for dealing with the security of the Electronic Medical Record (EMR). They outlined a real world approach to
483
& Security, 13 (1994) 481-483
17th National Computer Security Conference An Opinion Edwin B. Heinlein
This annual conference is held in mid-October in Baltimore under the sponsorship of the US government. The agencies named in the welcoming letter are The Computer Systems Laboratory ofthe National Institute of Standards and Technology, the National Computer Security Center and the National Security Agency, otherwise known as NIST, NCSC and NSA. The letter credits Presidential initiatives for a National Information Infrastructure (NII), sometimes called the “Information Super Highway,” in the past year for heightened interest in information security. At the opening plenary session, 11onn parker of SRI was identified as the recipient of the Computer Security Award for this year. In his few words of acknowledgement, the formal award ceremony was scheduled at the end of the conference, Dorm gave full credit for his recognition to the fact that he continues to operate as a “curmudgeon ” in the world of systems security. Whether or not a true curmudgeon, he focuses on the practical matters and never lets us forget that security is as much a ‘people’ problem as it is a technical one. He referred to his paper, presented later at the conference, in which he proposes that the three principles of information systems security, availability, confidentiality and integrity be expanded to availability and utility/usefulness, confidentiality and possession plus integrity and authenticity. He claims that the expanded list is helpful in identieing a larger-than-usual list of threats and that consideration of possession helps to
0167-4048/94/$7.00
0 1994, Elsevier Science Ltd
define differences between military/government business information security.
and
While his points are well made and are based on his experience in analyzing 3500 computer abuse cases gathered since 1958, the integrity/authenticity matter remains a question for me and has been one since the OECD definition of integrity was published. It defines integrity as “the characteristic of data and information being accurate and complete and the preservation of accuracy and completeness. ” For rne, this definition and also Dorm Parker’s, holds the IS Security function responsible for the propriety ofthe data and information rather than “what comes out is the same as what went in.” For example, if I submit a r&urn6 to an employment agency with highly inflated previous salary and qualifications that then are entered into a computer system and then transmitted to prospective employers, why is anyone but me responsible for the false information? Under the integrity definition supplied by the OECI1 and the integrity/authenticity definition supplied by Donn Parker, it seems to include the IS Security function at the employment agency. The conference went into full operation on the afiernoon of the first day with six parallel sessions. On the second, third and half of the fourth day there were five parallel sessions each day with a closing plenary session as the last meeting in the late morning of the fourth day. It is a large conference with a broad range of topics that
481
Edwin B. Heinlein/l 7th National Computer Security Conference - An Opinion
included a panel on product and system certification in Europe. The two volumes of proceedings total over 700 pages. The long awaited draft of the Generally Accepted Security Principles (GSSP), known as ‘gassp’ to most, was distributed and discussed in one session. Since it has been developed in secrecy for several years, there wasn’t much informed discussion possible, at this time. There were several notes in an accompanying document that recognize the existence ofthe Common Criteria efforts and does mention the OECD principles as less than adequate. It does not list the OECD document in the reference or bibliography sections. An early session was titled, “International Harmonization, the Common Criteria - Progressive 8i Status.” It was chaired by Eugene Troy of NIST and the panel was composed of three people from Germany, France and the UK of the European Commission [sic], one from Canada and one from NSA. These people represent the Common Criteria Editorial Board (CCEB) which is chaired by Mr. Troy. He said that the US is driving the international harmonization efforts, has incorporated the Canadian interests in the Common Criteria and is now incorporating the European interests. This will lead to a set of common international criteria next year and then there will be a move to have them become IS0 standards, but who knows when this will happen since they take such a long time to act. (This and all sessions with people whose basic language is not English were conducted in English without the benefit of any instantaneous interpreter facilities.)
The general direction of the discussion was to detail the rights of people using networks and little was said about their responsibilities. Much was said about free speech and how it must be assured, even on privately controlled systems. Privacy was described as not absolute and balanced by a need/desire for discussion. One viewpoint described the possible outcomes of the NII as big bills, information overload,technology drain,less isolation for remotely located people, shift in one’s work style and location plus concern about dependence on a single system. There were for people economic cluded the is the most
several mentions ofwidening the social gap due to accessibility being dependent on capabilities. Finally. the session chair condiscussion with the statement that, “owner dangerous word in security.”
The panel titled, “Medical Information Privacy: Current Legislative and Standards Activity,” featured Mr. T. Olhede from the Swedish Institute for Health Services who reported on a study about the handling of health records in Sweden. The presentation was more oriented to how the study was performed than to make any conclusions about health records privacy or security, and description of the data collected being dependent on who completed the forms than the meaning or use of the data itself.
Another session that same day dealt with the security requirements for distributed systems in the contest of the Common Criteria. It was chaired by Mr. R. Dobry of NSA and it was noted that the Common Criteria issued in 1992 did not address distributed systems and was severely criticized for this lack. His panel consisted of three people, one each from NIST, the University of Maryland and the Institute of Defense Analysis. It was not indicated whether the Common Criteria Editorial Board is favourable to this effort.
Mr. Dale Miller, who is co-chair of the Computer-Based Patient Records Institute formed in 1992, described their efforts to deal with healthcare information security issues related to the computer-based patient record. It is a newly evolving operation that will be affected #by many things. For instance, many times the concept of ‘permanence’ was mentioned and was freely described as a record spanning possibly 100 years of a person’s life to include prenatal information plus all post birth information about one’s health. When I asked about what possible use of benefit an individual would accrue from this, the answer had to do with supplying data for research studies. Then, we got into ownership of information, ownership of medical records and the reasonable amount of data needed for an individual to have in a record when seeking medical care. As one might suspect, there’< much to be defined.
There was a session titled, “Ethical Issues in the National Information Infrastructure” and the panel included DOrothy Denning of Georgetown University. Marc Rotenberg was listed on the panel, but did not attend.
Mr. Robert Gellman, Chief Counsel to the subcommittee in the US House of Representatives that developed Practices legislation named “Fair Health Information Act”, in which details of information sharing and the
482
Computers & Security, Vol. 73, No. 6
concept of information trustees are described, was able to briefly summarize the legislation. It was attached to the Health Security Act and was defeated earlier this year. In any case, this legislation represents a reasonable approach to the handling of health care information on a federal level and does call for the proper care of such data and information.
a structure conceived for a client/server implementation that, in their words,” . ..requires that new forms of system security be incorporated into an EMR at a strrl~trrv~zl(my italics) level, with an emphasis on the labeling of elements to be secured behind a security barrier, with audit trails to document necessary overrides and monitor for suspicious use.”
The Executive Director and the Medical stitute, Mr. Peter Waegemann, mentioned planning and standards activities including work.
Although 1 was a bit put off by having my name spelled right in one place on my attendance badge and wrong in another place on the same badge, the conference was a success. There were at least 2000 people registered at the end of the first day and many informative sessions from which to choose. The conference next year will take place at the same location, the Baltimore Convention Center, from October 10-13. Submissions of proposed papers and panels should arrive by 1 March 1995. Call 301 975 2775 or contact NCS [email protected] on the Internet for complete information.
Records Ina variety of current EU
As part of another session, a paper titled, “Healthcare Information Architecture: Elements of a New Paradigm,” by Daniel Essin and Thomas Lincoln of the University of Southern California and The RAND Corporation, respectively, contained many concepts for dealing with the security of the Electronic Medical Record (EMR). They outlined a real world approach to
483