| ||||
| News | ||||
| Cyber Security | ||||
| Using Science to Protect Science | ||||
| Protecting an organization's information resources and assets often seems like a never- ending series of adding patches and shoring up defenses. Viruses, worms, botnets, zero day attacks, and phishing attacks combine to create a daily assault on any organization. Managing layered defenses and helping users grasp the dangers—and to follow what often seem to be tedious security policies—is a tremendous investment and for many organizations amounts to a generally defensive, rather than proactive, posture. | ||||
| Can we envision a different scenario in which cyber security is proactive rather than predominantly reactive? To consider the question, researchers from DOE's national laboratories and leading universities have organized a grassroots effort to examine strategies toward applying science and multidisciplinary collaboration to meet the challenges presented by the cyber threat. The aim of this effort is to approach cyber security with the same principles that the DOE community has successfully used to address the biggest science problems of our day: scientific analysis and the power of multidisciplinary collaboration, and to identify long-term research activities that could transform the future of cyber security. | ||||
| "In order to truly transform cyber security we are exploring new perspectives by bringing together not only mathematicians, computer scientists, and operational cyber security field researchers but also scientists from disciplines not traditionally involved in cyber security such as biologists, physicists, and cognitive psychologists" said Dr. Deborah Frincke, cyber security chief scientist at Pacific Northwest National Laboratory and one of the organizers of the effort. Others leading the movement to develop new approaches include Charlie Catlett of Argonne National Laboratory, Dr. Brian Worley of Oak Ridge National Laboratory, Don Petravick of Fermilab, and Ed Talbot of Sandia National Laboratories. | ||||
| The first public event hosted by the grassroots community was a Town Hall meeting, held February 11–13 at Argonne National Laboratory. Participants discussed biological models for redesigning self-protecting systems, considered fundamental mathematical principles needed to obtain knowledge and insight from petascale, heterogeneous data, and discussed questions such as whether the transformations that Deming sparked in manufacturing could offer valuable lessons in cyber security. Through an emphasis on scientific principles, and by leveraging the best thinking of a broad range of researchers, the community discussed research strategies for new ways to design, manage, and protect systems, so that future security activities will enable even broader collaboration in support of the DOE mission. | ||||
| The organizers recognize that building a community takes time, and are actively seeking involvement from additional labs and universities. "A key goal is to assess what the DOE complex is already doing well, identify important gaps, then determine where a cyber security R&D program can make the biggest impact," said Catlett | ||||
| Catlett indicated that as the group grows, an important goal is to reach out to other government agencies to study best practices and share expertise. Members of the group will also tap their connections with other organizations. By drawing on expertise from the science labs and the defense labs as well as universities, the grassroots community hopes to strengthen connections between the open science cyber security research community and those who primarily work in classified areas. | ||||
| "The goal is to permit researchers to work synergistically even when some aspects of the problem space are sensitive, and to produce results that are scientifically valid, while safeguarding classified aspects," Dr. Frincke said. "We need to involve the best minds in seeking solutions rather than limit ourselves, which is why we are partnering with academia as well as DOE and other government agency scientists." | ||||
| Though the community is not officially funded, the effort has received encouragement from DOE's Office of Advanced Scientific Computing Research (ASCR) and Under Secretary for Science, Dr. Raymond L. Orbach. The community anticipates possible direct funding for cyber security research through ASCR in fiscal year 2009. | ||||
| To map out the current research landscape, the group has produced several initial white papers, and made them available for comment and participation on an open-access community wiki. A second Town Hall meeting is planned for June 30-July 2 at Oak Ridge National Laboratory. Interested members from DOE, universities, industry, and other government agencies are welcome and encouraged to attend. Registration information for Town Hall 2 will soon be available on the wiki, or through Brian Worley. |
||||
| Further Information Dr. Deborah Frincke deborah.frincke@pnl.gov |
||||
| Community Wiki https://wiki.cac.washington.edu/display/doe |
||||
| Dr. Brian Worley worleyba@ornl.gov
|
||||
| Published by IOP Publishing in association with Oak Ridge National Laboratory, for the US Department of Energy, Office of Science. Copyright © 2008 by IOP. | ||||
