Abstract :
In the United States alone well over a million organizations have become so dependent on cyberspace that their vital interests are now vulnerable to attack, accidents, and design failures that may compromise those interests. Many experts believe the situation is getting worse; that new vulnerabilities are being pumped into cyberspace, and that the bad guys are coming up with more sophisticated and scalable attacks faster than the good guys are coming up with improved defenses. The technical R&D pipelines do not show much promise for generating solutions that will provide discernable, measureable, readily and massively scalable improvements in cyber security for enormous populations of users. Nor is there much expectation that a broadly operational engineering science of cyber security, nor a set of voluntary standards and calls for information sharing, nor a set of government laws and enforcing institutions, will achieve this end any time soon.
