5
Rationalizing the Future Research Agenda

As noted in Chapter 3, the committee believes that the IT research areas of highest priority for counterterrorism are in three major areas: information and network security,1 information technologies for emergency response, and technologies for information fusion. Within each of these areas, a reasonably broad agenda is appropriate, as none of them can be characterized by the presence of a single stumbling block or impediment whose removal would allow everything else to fall into place.

Attention to human and organizational issues in a counterterrorism context is also critical. Insight, knowledge, and tools that result from such attention are likely to be much more relevant to systems integration than to technology efforts devoted to proofs-of-principle or other technology development issues. However, that fact does not mean that there is no role for research, especially since system development methodologies that incorporate such tools are scarce or nonexistent. Thus, the engagement of social scientists (e.g., psychologists, anthropologists, sociologists, organizational behavior analysts) will be important in any research program in IT for counterterrorist purposes.

Based on the discussion in Chapter 3, Box 5.1 summarizes some of the

1  

Further discussion of a broader research agenda on information and network security can be found in CSTB’s Computers at Risk (1991) and Trust in Cyberspace (1999). Though these reports were issued several years ago, their comments on a relevant research agenda remain pertinent today, reflecting the reality that the information-security field has not advanced much in the intervening years.



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement



Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page 106
Information Technology for Counterterrorism: Immediate Actions and Future Possibilities 5 Rationalizing the Future Research Agenda As noted in Chapter 3, the committee believes that the IT research areas of highest priority for counterterrorism are in three major areas: information and network security,1 information technologies for emergency response, and technologies for information fusion. Within each of these areas, a reasonably broad agenda is appropriate, as none of them can be characterized by the presence of a single stumbling block or impediment whose removal would allow everything else to fall into place. Attention to human and organizational issues in a counterterrorism context is also critical. Insight, knowledge, and tools that result from such attention are likely to be much more relevant to systems integration than to technology efforts devoted to proofs-of-principle or other technology development issues. However, that fact does not mean that there is no role for research, especially since system development methodologies that incorporate such tools are scarce or nonexistent. Thus, the engagement of social scientists (e.g., psychologists, anthropologists, sociologists, organizational behavior analysts) will be important in any research program in IT for counterterrorist purposes. Based on the discussion in Chapter 3, Box 5.1 summarizes some of the 1   Further discussion of a broader research agenda on information and network security can be found in CSTB’s Computers at Risk (1991) and Trust in Cyberspace (1999). Though these reports were issued several years ago, their comments on a relevant research agenda remain pertinent today, reflecting the reality that the information-security field has not advanced much in the intervening years.

OCR for page 106
Information Technology for Counterterrorism: Immediate Actions and Future Possibilities topics within these areas that the committee believes would be fruitful to research. It is useful to note that progress in these areas would have commercial applications as well in many cases. The fruits of information and network security research would benefit all users of information technology, though their particular relevance to providers of critical infrastructure is obvious. Emergency responders will be the primary beneficiaries of research that focuses on their particular needs. Progress in information fusion has relevance across the spectrum of counterterrorism efforts, from prevention to detection to response, and indeed to information mining for other public and private purposes. (A point of particular interest is the fact that information-fusion efforts for countering bioterrorism have significant applicability to public health, especially with respect to the early identification of “natural” disease outbreaks.) Advances in developing tools to incorporate knowledge about human and organizational factors in systems integration would be relevant to the deployment of most large IT-based systems. The fact that research in these areas may have commercial relevance raises for some questions about the necessity of government involvement. As noted in Chapter 4, the commercial market has largely failed in promoting information and network security. In other cases, the research program required (e.g., research addressing the needs of emergency responders) is of an applied nature—and focused on counterterror applications. As for information fusion, it is highly likely that its applications will have commercial applications once new technologies are developed, but whether those new technologies would develop in the absence of government-supported research and become broadly available is another question entirely. Most of these technology research areas are not new. Efforts have long been under way in information and network security and information fusion, though additional research is needed because the resulting technologies are not sufficiently robust or effective, they degrade performance or functionality too severely, or they are too hard to use or too expensive to deploy. Moreover, given the failure of the market to adequately address security challenges, adequate government support for R&D in information systems and network security is especially important. Information technologies for emergency response have not received a great deal of attention, though efforts in other contexts (e.g., military operations) are intimately related to progress in this area.2 2   Military communications and civilian emergency-response communications have similarities and differences. Military forces and civilian agencies share the need to deploy emergency capacity rapidly, to interoperate, and to operate in a chaotic environment. But while military communications must typically work in a jamming environment or one in

OCR for page 106
Information Technology for Counterterrorism: Immediate Actions and Future Possibilities BOX 5.1 Illustrative Topic Areas for Long-Term Research Authentication, Detection, Identification Develop fast and scalable methods for high-confidence authentication. Explore approaches that could self-monitor traffic and users to detect either anomalous users or unusual traffic patterns. Develop intruder-detection methods that scale to function efficiently in large systems. Containment Develop the tools and design methodologies for systems and networks that support graceful degradation in response to an attack. Develop mechanisms to contain attackers and limit damage rather than completely shutting down the system once an intrusion is detected. Explore how to fuse a simple, basic control system used during “crisis mode” with a sophisticated control system used during normal operations. Recovery Develop schemes for backing up large systems, in real time and under “hostile” conditions, that can capture the most up-to-date, but correct, snapshot of the system state. Create new decontamination approaches for discarding as little good data as possible and for removing active and potential infections on a system that cannot be shut down for decontamination. Cross-cutting Issues in Information and Network Security Develop tools that support security-oriented systems development. Find new ways to test bug fixes reliably. Develop better system-administration tools for specifying security policies and checking against prespecified system configurations. Create new tools to detect added and unauthorized functionality. Develop authentication mechanisms that provide greater security and are easier to use. Create and employ metrics to determine the improvement to system security resulting from the installation of a security measure. Monitor and track emerging types of attack and explore potential consequences of such attacks. Understand why previous attempts to build secure systems have failed and recommend how new efforts should be structured to be more successful. C3I Systems for Emergency Response Understand how to transition gracefully and with minimal disruption from a unit-specific communication system to a systemwide structure. Define new communication protocols and develop generic technology to facilitate interconnection and interoperation of diverse information sources. Develop approaches for communication systems to handle surge capacity and function in a saturated state. Develop methods to provide more capacity for emergency communication and coordination. Create self-adaptive networks that can reconfigure themselves as a function of damage and changes in demand and that can degrade gracefully.

OCR for page 106
Information Technology for Counterterrorism: Immediate Actions and Future Possibilities Understand the special security needs of rapidly deployed wireless networks. Develop decision-support tools to assist the crisis manager in making decisions based on incomplete information. Explore mechanisms to provide information tailored to specific individuals or locations through location-based services. Establish more effective means of communicating the status of affected people to those outside the disaster area. Develop robust sensors and underlying architectural concepts to track and locate survivors as well as to identify and track the spread of contaminants. Create digital floor plans and maps of other physical infrastructure, and use wearable computers and “map ants” to generate maps that can be updated. Develop tools to map network topology, especially of converged networks that handle voice and data traffic. Begin to characterize the functionality of regional networks for emergency responders. Information Fusion for Counterterrorism Develop more effective machine-learning algorithms for data mining, including learning for different data types (text, image, audio, video). Develop methods for systems to learn when data are scarce. Create better mixed-initiative methods that allow the user to visualize the data and direct the data analysis. Explore new methods to normalize and combine data from multiple sources. Create methods to extract structured information from text. Build approaches to handle multiple languages. Improve algorithms for image interpretation, speech recognition, and interpretation of other sensors (including perception based on mixed media). Extend, and test extensively in more demanding applications, the principle-based methods for reasoning under uncertainty. Develop techniques for machine-aided query formulation. Develop visualization techniques that are well-adapted for unstructured data. Privacy and Confidentiality Understand the impact on confidentiality of different kinds of data disclosure. Develop data-mining algorithms that can be used without requiring full disclosure of individual data records. Human and Organizational Factors Create system development methods that more easily accommodate inputs relevant to human and organizational factors. Develop software toolboxes and handbooks that codify and encapsulate principles derived from the social sciences that are relevant to system development and design. Develop reliable security measures that do not interfere with legitimate workers. Understand the IT issues related to the disparate organizational cultures of agencies that will be fused under the Department of Homeland Security. NOTE: A future CSTB report on cybersecurity research will explicate research areas in greater detail.

OCR for page 106
Information Technology for Counterterrorism: Immediate Actions and Future Possibilities As for the funding of the research program described in this report, computer crime losses are estimated at $10 billion per year (and growing).3 Although statistics on the amount lost to cybercrime are of dubious reliability, there is no doubt that aggregate losses are considerable. The committee believes that because this research program has considerable overlap with that needed to fight cybercrime, progress in this research program has the potential to reduce cybercrime as well. Without rigorous argument, the committee believes that the potential reduction in cybercrime would likely offset a considerable portion (if not all) of the research program described in this report (though of course the primary beneficiaries will be society at large rather than any individual company that today may suffer loss). Nevertheless, the committee has not had access to information that would allow it to determine an appropriate level of funding for the research program described in this report. The time scale on which the fruits of efforts in these research areas will become available ranges from short to long. That is, each of these areas has technologies that can be beneficially deployed on a relatively short time scale (e.g., in a few years). Each area also has other prospects for research and deployment on a much longer time scale (e.g., a decade or more) that will require the development of entirely new technologies and capabilities. The committee is silent on the specific government agency or agencies that would be best suited to support the program described above,4 though it notes that the recently created Department of Homeland Security may expand the options available for government action. Rather, the more important policy issue is how to organize a federal infrastructure to support this research. In particular, the committee believes that this infrastructure should have the following attributes. It would: Engage and support multidisciplinary, problem-oriented research that is useful both to civilian and military users. (Note that this approach contrasts strongly with the disciplinary orientation that characterizes most academic departments and universities.) Develop a research program driven by a deep understanding and     which there is a need for a low probability of intercept, these conditions do not obtain for civilian emergency-response communications. Also, military forces often must communi-cate in territory without a pre-existing friendly infrastructure, while civilian agencies can potentially take advantage of such an infrastructure. 3   “Cyber Crime.” BusinessWeek Online, February 21, 2000. Available online at <http://www.businessweek.com/2000/00_08/b3669001.htm>. 4   See CSTB, NRC, 2002, Cybersecurity Today and Tomorrow, pp. 13-14.

OCR for page 106
Information Technology for Counterterrorism: Immediate Actions and Future Possibilities assessment of IT vulnerabilities. This will likely require access to classified information, even though most of the research should be unclassified. Support a substantial effort in research areas with a long time horizon for payoff. Historically, such investigations have been housed most often in academia, which can conduct research with fewer pressures for immediate delivery on a bottom line. (This is not to say that private industry has no role. Indeed, because the involvement of industry is critical for deployment, and is likely to be essential for developing prototypes and mounting field demonstrations, it is highly appropriate to support both academia and industry perhaps even jointly in efforts oriented toward development.) Provide support extending for time scales that are long enough to make meaningful progress on hard problems (perhaps 5-year project durations) and in sufficient amounts that reasonably realistic operating environments for the technology could be constructed (perhaps $2 million to $5 million per year per site for system-oriented research programs). Invest some small fraction of its budget on thinking “outside the box” in consideration (and possible creation) of alternative futures (Box 5.2). Be more tolerant of research directions that do not appear to promise immediate applicability. Research programs, especially in IT, are often—even generally—more “messy” than research managers would like. The desire to terminate unproductive lines of inquiry is understandable, and sometimes entirely necessary, in a constrained budget environment. On the other hand, it is frequently very hard to distinguish between (A) a line of inquiry that will never be productive and (B) one that may take some time and determined effort to be productive. While an intellectually robust research program must be expected to go down some blind alleys occasionally, the current political environment typically punishes such blind alleys as being of Type A, with little apparent regard for the possibility that they might be Type B. Be overseen by a board or other entity with sufficient stature to attract top talent to work in the field, to provide useful feedback, and to be an effective sounding board for that talent. Pay attention to the human resources needed to sustain the counterterrorism IT research program. This need is especially apparent in the fields of information and network security and emergency communications. Only a very small fraction of the nation’s graduating doctoral students in IT specialize in either of these fields, only a very few professors conduct research in these areas, only a very few universities support research programs in these fields, and, in the judgment of the committee,

OCR for page 106
Information Technology for Counterterrorism: Immediate Actions and Future Possibilities BOX 5.2 Planning for the Future Planning for the future is a critical dimension of any research agenda, though the resources devoted to it need not be large. System architectures and technologies such as switched optical networks, mobile code, and open-source or multinational code development will have different vulnerabilities from the technologies that characterize most of the existing infrastructure and hence require different defense strategies. Similarly, device types such as digital appliances, wireless headphones, and network-capable cell phones may pose new challenges. Even today, it is hard to interconnect systems with different security models or security semantics; unless this problem is successfully managed, it will become increasingly difficult in the future. Furthermore, the characteristics of deployed technology that protect the nation against catastrophic IT-only attacks today (e.g., redundancy, system heterogeneity, and a reliance on networks other than the Internet for critical business functions) may not continue to protect it in the future. For example, trends toward deregulation are pushing the nation’s critical infrastructure providers to reduce excess capacity, even though this is what provides much of the redundancy so important to reduced vulnerability. In the limit, the market dominance of a smaller number of products leads to system monocultures that, like their ecological and agricultural counterparts, are highly vulnerable to certain types of attack. For these reasons, researchers and practitioners must be vigilant to changes in network technology, usage and reliance on IT, and decreasing diversity. In addition, research focused on the future is likely to have a slant that differs from the orientation of the other research efforts described in this chapter. While the latter efforts might be characterized as building on existing bodies of knowledge (and are in that sense incremental), future-oriented research would have a more radical orientation: it would, for example, try to develop alternative paradigms for secure and reliable operation that would not necessarily be straightforward evolutions from the Internet and information technology of today. One such pursuit might be the design of appropriate network infrastructure for deployment in 2020 that would be much more secure than the Internet of today. Another might be an IT infrastructure whose security relied on engineered system diversity—in which deployed systems were sufficiently similar to be interoperable, yet sufficiently diverse to essentially be resistant to large-scale attacks. only a very small fraction of the universities that do support such programs can be regarded as first-rate universities. One additional attribute of this R&D infrastructure would be desirable, though the committee has few good ideas on how to achieve it. The success of the nation’s R&D enterprise in IT (as well as in other fields) rests in no small part on the ability of researchers to learn from each other in a relatively free and open intellectual environment. Constraining the openness of that environment (e.g., by requiring that research be classified or by forbidding certain research from being undertaken) would

OCR for page 106
Information Technology for Counterterrorism: Immediate Actions and Future Possibilities have obvious negative consequences for researchers and the creation of new knowledge. On the other hand, keeping counterterrorist missions in mind, the free and open dissemination of information has potential costs as well, because terrorists may obtain information that they can use against us. Historically, these competing interests have been “balanced”—with more of one in exchange for less of the other. But the committee believes (or at least hopes) that there are other ways of reconciling the undeniable tension, and calls for some thought to be given to a solution to this dilemma that does not demand such a trade-off. If such a solution can be found, it should be a design characteristic of the R&D infrastructure. A comment on the counterterrorist research program is that successfully addressing the privacy and confidentiality issues that arise in counterterrorism efforts will be critical for the deployment of many information technologies. This area is so important that research in the area itself is necessary and should be a fundamental component of the work in virtually all of the other areas described in this report. Finally, it is the belief of the committee that an R&D infrastructure with the characteristics presented above has the best chance of delivering successfully on the complex research problems described in this report. The committee is not arguing for unlimited latitude to undertake research that is driven primarily by intellectual curiosity, but rather for a program focused on the specific national needs described in this report that can look beyond immediate deliverables. More detailed research agendas should be forthcoming from the agencies responsible for implementing the broad research program described in this report.

OCR for page 106
Information Technology for Counterterrorism: Immediate Actions and Future Possibilities This page in the original is blank.