Under Attack: Information Security Battle will Require Computer Users to Make Tough Choices

Then work begins to repair the inevitable damage and limit the financial costs. There must be a better way.

Researchers at the Georgia Institute of Technology say solving the world's growing information security problems will demand tough choices involving tradeoffs in cost, convenience and computing performance.

For instance, computer users will have to put a priority on security and be prepared to pay for it. They may have to retain well-tested software rather than install the newest version rushed to market. And they'll have to bear the costs of rebuilding worldwide networks on secure foundations.

"Computers are being used more extensively, more widely and in more critical applications. They are a part of our lives today. They will be even more a part of our lives in the future," says Ralph Merkle, director of the Georgia Tech Information Security Center (GTISC). "And for the past couple of decades we have put up with buggy code, unreliable computers, insecure computers, and computers that are vulnerable to viruses, worms, spam and other problems. All of this has to change. We need to have reliable computers, systems and networks that we can trust."

From individual users to network administrators to senior government and industry officials, interest in information security is capturing people's attention. GTISC researchers and others are now hopeful that consumer demand will boost efforts to solve myriad issues in the field.

"Information security is not just a technological problem," says Professor of Computing Mustaque Ahamad, the GTISC co-director of technology. "There's a lot more to it. It's a complex problem, and its solutions will require new technology, policy, awareness and education. We're looking at the whole problem."

Though the task is daunting, the world's information security problems can be solved, Merkle confidently predicts. Because these issues have been resolved in special applications, such as aircraft navigation and national defense, researchers know it can be done for computer systems everywhere. Merkle concedes, however, that producing such secure software will be costly in dollars, time and, perhaps, convenience, as well.

Costs in dollars and time will mount as programmers rewrite a lot of computer code, as researchers build new systems with security as a basic component, and then as individuals and organizations have to update or replace insecure systems, Merkle explains.

"It will take fundamental changes in how we deal with computer software development, which will require fundamental changes in our use of secure systems," Merkle says. "We will have to rethink a lot of the basic approaches that have been used."