Why This Book Is Needed
About five years back, we initiated an information assurance program at the University of Pittsburgh under the flagship of Laboratory of Education and Research in Information Assurance Education (LERSAIS), which was created for that purpose. We had to often explore and discuss issues related to security, dependability, survivability, etc., with respect to what could be accommodated within the area of IA, while planning for (a) the curricular content that aligns with the National Security Agency’s center of excellence in information assurance education (CAEIAE) program and it’s Committee on National Security Systems (CNSS) information assurance (IA) standards (now considered the US national IA education standards), and (b) the long term research agenda for LERRSAIS. Coming from different research background including that of security, dependability and others, we often found it difficult to reconcile the different perspectives related to the notion of IA and more specifically that of assurance which roughly appears to have brought together the notion of integrating security and dependability aspects of networked information systems. We realized that there is no well established definition of assurance, and more importantly, there is a lack of interaction between the security and the dependability communities. At the same time, our interest in research related to integrated approach to addressing security and dependability aspects grew and we were convinced that such an approach would help generate more wholesome solutions to trustworthy and high assurance systems.
With the rapid developments in information technologies (IT) over last several years, our global society has embarked in a path where we are critically dependent on IT infrastructures. Infrastructural failures, cyber attacks and cyberwars are now looming realities that can have catastrophic effects on the global society and each individual’s life. With the growing complexity and interconnectedness of information systems, even simple disruptive event can have dire consequences. Securing and ensuring the dependability of such IT environment is a growing challenge and there is a critical need for pragmatic solutions that can accommodate known and unknown disruptive events and enable systems to adopt and survive any type of disruptions. We are convinced that only through the involvement of both the dependability and security communities can such a singular goal of developing highly assured, survivable information systems can be achieved. While there have been some efforts towards this direction, it has not been very successful. We planned this book with a hope to generate the needed momentum that matches the criticality of this need.