From: InfoSec News (isnc4i.org)
Date: Thu Jun 19 2003 - 05:06:59 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://newsobserver.com/24hour/technology/story/920816p-6411106c.html

By CHRISTINA DYRNESS
THE NEWS & OBSERVER OF RALEIGH
June 18, 2003

(MN) - An Iraqi attack on U.S. computer systems leaves government
agencies in disarray until a cybervigilante comes to the rescue. So
goes the plot line of a first novel written by a cybersecurity expert.
Its timeliness is making waves in the industry and comes at a time
when the federal government is poised to boost spending on securing
its computer systems.

Called "No Outward Sign" (Writers Press Club, $18.95) [1], the book by
Bill Neugent describes a covert computer attack that couldn't be more
different than the stark visual image of burning twin towers of Sept.
11 forever etched in the national memory. But the cyberthreat against
the United States is real and has been for some time, experts say.

Dave Morrow, deputy director of global security and privacy services
at EDS, based in Cary, N.C., should know. During most of the 1990s, he
served as a cybercrime investigator in the Air Force. Morrow bears
witness to the fact that cyberattacks against U.S. government networks
are frequent - though most of what he knows is classified.

"There's a lot," Morrow said. "And I can't talk about it. But there is
quite a bit of capability out there."

The Sept. 11, 2001, terrorist attacks prompted the creation of the
U.S. Department of Homeland Security and a new focus on personal and
national security. With computer chips turning up in everything from
tractors to video cameras and the Internet creeping into more areas of
life - both wired and wireless - the securing of a nation can't happen
without securing computer networks that run electricity grids, store
confidential government secrets and control financial markets.

The promise of new funding is drawing much attention on the academic
front toward cybersecurity study, and some North Carolina universities
are studying better ways to protect systems from hackers and other
cybercrime. The schools have an eye on grants from the government to
fund this research, but also the job market for their graduates as the
demand for computer security experts is slated to grow while other
computer networking jobs have dried up.

For example, N.C. State University opened a Cyber Defense Lab in April
as a way to showcase its research on related topics and, perhaps,
score some new grants to support it.

The lab doesn't hold all of the university research related to online
security, but it's a convenient way to showcase the work of four
members of the computer science faculty and their graduate students.
They are working on grant-funded research on topics that include the
study of the software bugs exploited by hackers and security for
wireless computing.

"The level of sponsorship is going up and we expect it to grow up
quite dramatically in the next few years," said Douglas S. Reeves,
professor of computer science at N.C. State.

And the message is coming through loud and clear to students who are
piling into cybersecurity classes, eager to pursue an area of study
with a good chance for employment waiting at the other end.

"Now that networking is in a slump, security is the bright area in the
picture," Reeves said. "There is still a great demand and not enough
supply in security."

At the University of North Carolina in Charlotte, the opportunity is
furthered by a Federal Cyber Corps scholarship program.

Paid for by the National Science Foundation, Cyber Corps pays tuition
for cybersecurity-focused graduate students, gives them a
$1,000-per-month stipend and requires them to work for the federal
government for a year or two upon graduation.

Fifteen universities across the country participate in the program.
UNC-Charlotte, which has been offering the scholarship for three
years, is the only one in the Carolinas.

"In this market, the guaranteed job turns out to be a tremendous
attraction," said Bill Chu, chairman of the department of software and
information systems at UNC-Charlotte. "The admissions bar is very
high. A couple of years ago, you didn't see those students applying to
graduate school."

Chu said UNC-Charlotte started building its cybersecurity research
program five years ago with the support of the local banking
community.

"Our collaboration with the financial sector is important," Chu said.
"They take security very seriously."

Now that cybersecurity is a hot topic, Chu expects to see even more
activity around education and research.

"So far, the disappointment has been that Congress has approved
(additional research funding), but it has been tied up in
appropriations," Chu said. "There's a lot of talk in Washington, but
all this is still being shaken out. All this hasn't translated in big,
huge programs."

Proposed bills in Congress would designate about $100 million toward
cybersecurity research and education in the current fiscal year with
hundreds of millions more in future years. The bills now wait for the
appropriations committee to designate the money.

While additional money might stoke new research, myriad projects that
fall under the cybersecurity label are already under way at Triangle
universities.

"Cybersecurity is an umbrella term that means a lot of things to a lot
of people," said N.C. State's Reeves. He explains that the term is
invoked to mean the reaction to some malicious cyberactivity like
hacking.

But cybersecurity can also mean simply the reliability of a network.
"When we use the term, we mean that broad sense," he said.

Work at N.C. State's Cyber Defense Laboratory on Centennial Campus in
Raleigh includes projects by Reeves; S. Purushothama Iyer, associate
professor of computer science; Peng Ning, assistant professor of
computer science; and Bin Yu, a research associate; in addition to
graduate student researchers.

Iyer, for example, received funding from the National Science
Foundation and the Army Research Office for research into methods of
proactive network designs - looking at the bugs that hackers use and
trying to eliminate them.

Reeves' work, in collaboration with Ning, has been in improving
computer intrusion detection.

"How do you deal with massive amounts of information?" asks Reeves.
"Right now systems are not good at isolating what you really need to
worry about. Our work is about tuning systems to calibrate intrusion
detection."

MCNC, the nonprofit economic development center in Research Triangle
Park, N.C., has also positioned itself as a cybersecurity player.

Along with Duke University in Durham, MCNC is finishing a three-year
project, called SITAR, for the Defense Advanced Research Projects
Agency, or DARPA. SITAR stands for scalable, intrusion-tolerant
architecture for distributed services. The challenge was to design a
large computer network that provides online services to multiple users
and not only steel the network against hackers, but also make it
strong enough to continue to provide services if an intrusion occurs.

"It used to be that DARPA had a lot of projects sponsored for
intrusion detection," said Feiyi Wang, principal research scientist at
MCNC. "But often (hackers) will be successful. There's a class of
mission-critical applications and under active attack, some of the
system component was being compromised."

SITAR is just one of several research projects at MCNC, all of them in
collaboration with universities, that have applications in
cybersecurity.

Dan Stevenson, vice president of the MCNC Research and Development
Institute, said that sometimes government-funded research can sit on a
shelf and collect dust, but MCNC tries to ensure that research will
see the light of day as a commercial project or in use by other
government agencies.

"We're trying to make it happen for SITAR and other projects in the
cybersecurity space," Stevenson said.

Amin Vahdat, a Duke University assistant professor of computer
science, points out that North Carolina universities are not in the
top tier of cybersecurity research institutions, a designation he
reserves for schools such as the Massachusetts Institute of
Technology, Carnegie Mellon University in Pittsburgh, the University
of California at Berkeley, Purdue University in West Lafayette, Ind.,
and perhaps Stanford University of Palo Alto, Calif.

"We aren't in that league," Vahdat said.

But as interest in the topic has increased, so have the research
efforts, with more and more grant proposals heading to Washington in
hopes of getting financial support.

EDS' Morrow, who works with business clients to secure their networks,
hopes to see government-paid research finding its way to his
customers. "They do a lot of research and development for things that
can develop into some really good products for the private sector," he
said.

And one thing is for sure: Cybersecurity is the place to go for job
security. "There is going to be, in the future, no letup in the
requirement for people who know something about security," Morrow
said.

[1] http://www.amazon.com/exec/obidos/ASIN/0595257496/c4iorg

-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoattrition.org with 'unsubscribe isn'
in the BODY of the mail.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]