Accession Number:

AD1052862

Title:

Efficiency vs. Security: Information Technology Consolidations - Resilience, Complexity, and Monoculture

Descriptive Note:

Technical Report

Corporate Author:

Naval Postgraduate School Monterey United States

Personal Author(s):

Report Date:

2018-03-01

Pagination or Media Count:

73.0

Abstract:

Governmental organizations commonly seek to cut costs and increase efficiency through consolidation and standardization of information technology IT infrastructure. This may result in vulnerabilities not typically considered by policymakers, due to concentration and homogenization of critical assets, elimination of redundancy and surge capacity, and tightly coupled systems. This thesis reviewed the potential vulnerabilities that may exist in consolidated IT systems due to the effects of complexity, self-organized criticality, and monoculture, and shows that efficient systems carry inherent vulnerabilities. Because we cannot mitigate every possible threat, hazard, or vulnerability, IT professionals should focus on system resilience. Resilience of a system is counter-proportional to the product of vulnerability and spectral radius therefore, any increase in vulnerability, spectral radius, or both decreases resilience. A reduction in overall vulnerability can compensate for increased self-organization and other losses of resilience through a variety of recommended actions. Many of those actions come with a costorganizations will have to determine the tradeoffs they are willing to make between efficiency and security.

Subject Categories:

  • Computer Systems

Distribution Statement:

APPROVED FOR PUBLIC RELEASE