Computers at Risk

David D. Clark (b. 1944)

At the behest of the Defense Advanced Research Projects Agency (DARPA),
several organizations, including the National Research Council and the
Commission on Physical Sciences, Mathematics, and Applications, authored a
frightening 320-page report, Computers at Risk: Safe Computing in the
Information Age.
“Making computer and communications systems secure is a technical
problem,” the report stated. But, it “is also a management and social problem.”
Simply put, the issue wasn’t just that many computer systems were not
secure—they were not securable.
That was a big problem, the report’s authors wrote, because society was
growing increasingly dependent upon networked computer systems: “As
computer systems become more prevalent, sophisticated, embedded in physical
processes, and interconnected, society becomes more vulnerable to poor
system design, accidents that disable systems, and attacks on computer
systems.”
David D. Clark was the chair of the committee that authored the report, which
was divided into chapters on topics such as technologies needed to achieve
security, criteria to evaluate computer and network security, and why the
security market had failed. Ideas suggested by the report’s authors included
establishing an Information Security Foundation, emergency response teams,
and defining the tactics of high-grade threats. Computers at Risk also
discussed how the US Department of Defense’s computer system evaluation
framework did not provide a concept for security that would be adequate for
either industry or the private sector.
The overarching message was that computer system security requires a
planned approach that considers the problem from a holistic perspective.
Within this broad scope, it aimed to provide explanations that put the strategic
computer security problem into context. Computers at Risk promoted
measures to enhance a computer system’s trustworthiness, mitigate
vulnerabilities, and enable people to maintain vigilance as America’s computer
and information networks became increasingly connected and valuable.
Coming just two years after the Morris Worm, the report all but predicted the
information system security challenges that the next 25 years would bring.
SEE ALSO WarGames (1983), Morris Worm (1988)
The 320-page report Computers at Risk issued dire warnings regarding the
security of computer and communications systems.