Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter.
Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.
Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.
OCR for page 367
367
Opening Remarks and Discussion, April 27
Transcript of Presentation
367
OCR for page 368
368
DR. CHAYES: I 'm not exactly sure what we are
going to do in this session. We have a great session
coming up at 9 o'clock.
Let me tell you a couple of things about the
room. We are filming this for the MSRI website, so that it
will be archived. This is the only mike which we will hear
in the room, but all the speakers should attempt to speak
into those mikes, even though they won't seem as if they
are being miked, because it is being picked up for the
film. If you can remember, when you ask a question, it
would be great if you would go to that mike over there and
speak into that, just so that this is archived better.
The second thing is that the temperature in the
room -- I know that some people were freezing yesterday and
other people claimed to be quite warm. It is considerably
warmer on that side of the room, so if you are freezing,
you can do your own temperature control by just moving from
one side of the room to the other, if we haven't gotten the
heating or cooling system working properly in here, which
it seems like we haven't, actually, given the way the room
feels.
The purpose of this session, which I was just
told a few minutes ago that I am chairing, is just to try
to summarize what we talked about yesterday. This is a
368
OCR for page 369
369
very unusual workshop, as anyone who was here yesterday
realizes. We have got people who are actually
practitioners in various fields, which are related to
homeland security, although the speakers themselves may not
have thought in much detail about homeland security in the
past. We have also got mathematicians, some of whom are
really core mathematicians.
What we hope to come out of this is that a lot of
mathematicians who have not really thought about doing
applied work in the past or certainly who have not thought
about doing anything like homeland security, are now
thinking about it. A lot of mathematicians who haven't
made contributions to these kinds of efforts in the past
want to make contributions in the future, so we need a
research agenda and we don't want to do what mathematicians
sometimes do, which is just make up a problem and then
write in the beginning of your NSF proposal that this is
relevant to such-and-such. We really want to talk to
people in the field to find out what their real problems
are, and set a research agenda for the community that
people who are interested can get involved in. Hopefully,
it will be interesting enough that many people will want to
get involved.
369
OCR for page 370
370
I know that there were some comments yesterday
that we didn't have time for, so I am hoping that some of
you who had general comments to make -- I know that Andrew
made some interesting general comments, but if others of
you have general comments on homeland security, on the role
of mathematics in homeland security, and if you are
prepared to make those comments at this hour of the
morning, this is your big chance.
Does anybody have comments? I'll start calling
on people. Sally. And, Sally, can you speak into that so
that we can record you for posterity?
DR. KELLER-McNULTY: I don't need to, because I
was going to point to Kathy, who was making some important
comments outside during coffee.
DR. CHAYES: Oh, Kathy Laskey, wonderful.
DR. KELLER-McNULTY: So I call on her to stand up
and do that.
DR. LASKEY: As I said to a few of you at the
reception before and also in comments outside, I think we
really have to take a systems approach to the homeland
security issue. We think of ourselves as being part of a
system that involves equipment, people, processes, and we
want to improve our overall security process, and
370
OCR for page 371
371
mathematics plays a role in that. There are important
mathematics challenges.
One of the things that I want to avoid is people
thinking I have this mathematical algorithm that I am going
to use to solve problems of homeland security, or this
mathematical theorem that I have just proved is going to
solve homeland security. What you want to do is look for
aspects of that system that can be improved.
What we want to look at is the critical aspects.
We want to be able to analyze the whole system and say,
what are the bottlenecks, what are the problems. It may be
that I can fix this piece of the system and it wouldn't do
anything for overall system performance. It may be that
the driver is something else. So we have to look at how
all of the components of the system interact, and that in
itself poses mathematical challenges.
We were talking about gain theory. We were
talking about economic and gain theoretic models of the
actors in the system playing against each other. In order
to solve those kinds of challenges, it requires the
mathematicians to work with the political scientists, the
anthropologists, the organizations, the psychologists, to
analyze behaviors of organizations and what happens when we
371
OCR for page 372
372
do this and they do that, and the gaming aspects of it.
But all those things have to go together as a system.
DR. CHAYES: Let me ask you a question about
that. What about mathematics? How does the system
approach involve mathematics? Or are you simply saying
that mathematicians must interact with these other groups?
DR. LASKEY: There are mathematical systems.
There are mathematical challenges in analyzing a system,
breaking it into sub-systems, issues of modelling pieces of
the system and how they interact, and different
resolutions. I can model the economy at the macro level by
flows of currency, or I can look at individual micro -- I
forget the name of the person who gave the talk yesterday,
where he was talking about the agent simulations. I can
make the connection between the micro and the macro
behavior.
There are definitely mathematical challenges in
that. There are system architectures we can design.
Suppose we design our airport security architecture this
way. This is what happens when people walk in the door.
They go up to the counter and they present their security,
and then they go through the lines and they do this. You
can build a simulation of that, a mathematical model of it,
and then simulate it, and then analyze different changes in
372
OCR for page 373
373
the system architecture and how that will impact on airport
security. If I increase the sensitivity of this sensor
when I am putting my luggage through, how is that going to
impact on overall security?
DR. CHAYES: And the economic implications of
doing that also.
DR. LASKEY: It is benefit tradeoffs, right.
DR. CHAYES: Yes, cost-benefit.
DR. LASKEY: But the issues of looking at these
things not as a simulation that gives as an answer, because
I don't think we can build a giant simulation of our
security apparatus and then say, let me change this
parameter and see what the classic implications are and the
security implications. But we can analyze pieces of it.
We can try to think globally as a system.
DR. CHAYES: Peter?
DR. BICKEL: I think what has to distinguish the
short term and long term effects and the interaction with
mathematics. I think Kathy has described the short term
interactions which could benefit directly homeland
security.
On the other hand, we had yesterday a longer term
question, which would be called for not only by the
homeland security concerns, but more generally by society.
373
OCR for page 374
374
I am referring to Dave Donoho's presentation, or the
discussion from Coifman. There you have these large
problems, contributions to which will hopefully, in fact, I
think almost surely, will move back possibly to directly
affect how one can deal with problems of homeland security.
So I think one has to distinguish between --
DR. CHAYES: Any other people volunteering to
make comments before I call on someone? I would actually
like to hear from someone from one of the funding agencies,
or one of the agencies that would potentially fund.
I see people almost heading towards the door at
this point, looking away. This is what I do; I look away
when I go through the airport security, so that they won't
choose me. So I see all the people I know from the
agencies, looking away. It is effective sometimes, but I
know your names.
But seriously, I think that one of the ways in
which the mathematics community moves, since we are a
fairly conservative community, is that we are energized by
some of the federal agencies putting funds in various
places. So I was wondering if anybody from the agencies
would like to speak to the question of, if people here want
to start doing work on some of the problems that we have
discussed, how do you deal with very high dimensional
374
OCR for page 375
375
systems and some of the other problems that we have talked
about, where would this fit in, in NSF and DACHA and DoD?
Where would somebody apply to do this, and what is the
infrastructure that exists already, or that we might want
to implement to support these kinds of efforts?
Deborah? You knew I was going to call on you.
DR. LOCKHART: If I had to describe NSF's
mission, it is to support basic research in science and
education. So we respond to proposals that come. We don't
necessarily put out special calls for proposals in a
particular area, although sometimes we do.
What I would say at this point on the best thing
someone could do if they wanted to make a proposal in this
area is simply to submit a proposal. We have a number of
programs in our division that would certainly welcome such
proposals.
My own program in applied mathematics, I can see
a number of the issues that we talked about yesterday being
relevant to that. We have a program called computational
methods for statistics and probability that I think would
also be very, very response to proposals in these areas.
So there already exists this venue for individuals who want
to do research.
375
OCR for page 376
376
But I want to follow up on something Felipe
Hondure said yesterday. There is another vehicle that we
started two or three years ago that I think can be very,
very useful for those of you who are seeking support. That
is a relatively new vehicle, research groups in
mathematical sciences.
We are currently beginning the process of
recommending awards in the third round. The purpose of
this program is support groups of researchers to work on
what they think are important problems. These are the
kinds of problems that require the collective expertise of
either a group of mathematicians working together or a
group of statisticians working together or mathematicians
and statisticians working together with people in other
disciplines. So the proposals can either be
multidisciplinary or not, as the problem is described, and
in terms of what is demanded in terms of expertise.
The duration of such grants is three years, and
the funding varies from $150 K to $350 K per year. So a
number of the grants approach on the order of close to a
million dollars over three years, which can support
students, postdocs, et cetera. What is important is the
timeliness of the problem, and I can't think of things more
timely than this, of course the scientific quality, the
376
OCR for page 377
377
fact that a project has to make the case that the results
will reflect -- that the group will be more than the sum of
its parts.
So that is certainly a vehicle. Now, in terms of
when proposals come in, we are in the process of putting
together our new solicitation for that right now. I would
expect that the required letters of intent would be coming
in sometime in August, and the proposals would be due
sometime in mid-September, so there would be sufficient
time. So it is not a hurry up, get this in tomorrow kind
of program, but something that could reflect these middle
and longer term issues that so many of you have talked
about over the last day or so.
So I think right now there are ways we can use
our existing venues. I don't know if there is going to be
a special kind of money available at NSF to broaden these
kinds of things. That will be up to the President and
Congress. But we don't have anything right now that -- but
I suspect that if we do, we will be hearing about it.
DR. KELLER-McNULTY: Jennifer, I'm going to pick
on another person. I am going to make Sally get up and
reiterate some of the things we were talking about at the
reception in terms of trying to think of how --
377
OCR for page 383
into it and thinking, what better way to solve some of the
issues that we have got that aren't going to be solved with
guns, gates and guards and fences and stuff like that. So
I thank you for the opportunity to be here.
I am joined by some extremely distinguished folks
on the panel and the follow-on review and discussion. I am
just going to say their names for right now. After I asked
everyone give me some little talking points on your bias
and everything, I am probably going to let them do it,
because I think I would not do them justice by introducing
them my way, so I would like to have them do it themselves.
In that vein, as we go through the session this
morning, I would like to start out just framing some of the
things we are looking at from the White House perspective
in this area. As I have talked to the panelists -- and
their presentation -- in the back of your mind, and I'm
sure they will point it out specifically, look at some of
the correlations between some of the things we are looking
to accomplish in creating a national strategy in defending
cyberspace, where is where one of our key focuses is, and
some of the things that the panelists are going to be
talking about.
Going back to my previous comment about thinking
this might be a joke, in reality this makes a lot of sense.
383
OCR for page 384
384
Listening to what they are going to say, you will see
whether there is so much potential in using the talent to
solve some of the key problems we have got.
I'm not sure if it was Dorothy or someone at one
point talked about the big encryption debate that was going
around. The comment was made, if you think encryption is
the answer to security, you understand neither security nor
encryption. So when you look at the picture from the
things we are trying to solve, it is just as complex as
that.
So with that, let me talk about some of the
things that the President's Critical Infrastructure
Protection Board is looking at as priorities, and then turn
it over to my distinguished colleagues here.
First and foremost, one of the things that we
find to be in short supply is awareness. As we have gone
around the country, we have talked to government leaders,
we have talked to industry leaders. If you get outside
that small sphere of security and you talk about security,
you get the deer in the headlight look, so people start to
drool, going, what are you talking about? Why do I care
about this?
So there is this component about the awareness
and the education we really need to focus on, and build
384
OCR for page 385
that piece up. One of the ways we are looking at this
right now through the education component is, we have
created a scholarship program called Scholarships for
Service. The National Science Foundation administers it.
I think our biggest customer thus far has been the
Department of Defense, where they allocate funds through
NSF to scholarships to people in advanced degree programs
in information assurance, information security. They do a
one-for-one; if we pay for one year of tuition, they come
back and do one year of government service, two years and
two years, et cetera.
The intent is to build the cadre of expertise
that we have internal to the government, because we lose it
regularly. Many go back and forth between the private
sector.
The discussion also goes, though, if we train
these people and they come back and do two years of
government service, they are going to be prime candidates
to go in the public sector. My answer is, wonderful,
because who are the owners and operators of the critical
infrastructure that we care about? The private sector. So
it is a win-win situation.
We have a couple of years to beef up the
government stuff, which we need desperate help on. At the
385
OCR for page 386
same time, we have the opportunity for those folks to get
some real, live, on the job training, move out into the
private sector and then continue to proliferate the
wonderful things they have learned.
The other priority is the information sharing
part. This is a wonderful forum for that as well. There
is this pace of activity that goes on that you see in the
newspaper all the time. I read one last night. There was
a bunch of computer sites in Korea, in which the ill-
intended people are doing things and using those to launch
attacks on other systems around the world.
That is a bad thing. But when you try to get
details and you try to get some information, it is
generally a standoff approach. We are not privy to a lot
of the details. We are not privy to a lot of the things
that could help us better protect ourselves. So this
sharing amongst professionals, and there is no group that
does it better than academia, and sharing that information
and saying, let's figure out how this is going on, let's
figure out the defenses to make it work accordingly.
The other one is the R&D component. There is a
true belief, at least in the government circle, and I think
it is shared by some of my colleagues, I know when I was in
the private sector, many of us talked about it, that there
386
OCR for page 387
is some wonderful R&D being done in the buildings where the
walls that have no windows and being done in the venue of
national security.
There is some really great stuff being done by
the researchers in the private sectors to generate things
that can be used to bring to market to benefit the public.
But there is some space in the middle that we are not sure
what that space is. We think there is some really hard-
core, thoughtful R&D that needs to be done that is not
being funded.
So we have asked the Congress to give us a
boatload of money, in the tens of millions of dollars, to
fund some key programs. People come to us and say, gee, I
think we can do this, and this will help the overall
package and we can help fund these things on the front end.
So the R&D is extremely important.
I want to touch on another thing that is a
priority for us, and that is some pure technology things,
the way the Internet was built. That is the domain name
servers and border gateway protocols.
If you are not familiar with this aspect of it,
the domain name servers are those things, when you type in
a name, it is converted to a number, when then identifies
your address on the Internet. There are about 14 of them
387
OCR for page 388
388
out there. So if I wanted to disrupt activity in the
online world, be it commercial or be it telecommunications,
that is where I will go, because I can knock out those
fairly handily because they are addressable from the
Internet. They are addressable in spaces where they have
to be able to have an in-band address to be able to
communicate. So consequently, we have some real concerns
about that.
I don't think redundancy is the answer. In the
border gateway protocols, the language they talk in is
insecure. Many times it is done in unclear text. We see
in this, particularly going back to the illustration I
mentioned about career -- one of the things I cited was
being able to create denial of service attacks as a result
of it.
Then there is the priority we have about
standards and best practices. Many of you -- and Dorothy
and I were just talking about this in the lobby, about the
old Orange Book that effectively said, here is the standard
to which you design things. Then no one can meet the
standard, so consequently they start to give exemptions.
Then exemptions led to almost total obliteration of the
standard and say don't worry about it anymore, because
nobody can meet it.
388
OCR for page 389
389
We have got to find a meaningful scientific way
to say, we can bring this up. We can raise the standard so
we can use the procurement power that we have both within
government and outside of government to make sure that the
development process meets what we need in the areas of
security.
Let me broaden security for just a moment,
because I am almost fanatical in some cases about this. I
want to use the word trust, because security is only a
component of it. I will qualify that right now. You have
got the security, you've got the privacy, you've got the
availability component. There has been a lot of discussion
of late -- this is a little bit
notes here, but there has been a
security is going to trump privacy.
I oftentimes get asked,
of a digression from my
lot of discussion that
where we are going to
level? I don't know. We are still in this aftershock mode
after what happened last year. So am I willing to give up
a little bit of my privacy for security? I don't know that
I will be six months from now, so I don't know what I'll
feel. But I think fundamentally, the issue always comes
across as an issue of trust. You have to have the
security, you have to have the privacy, you have to have
389
OCR for page 390
390
the availability. So we are talking about the standards
and best practices that we look to; those all play into it.
The next one is something that is extremely
worrisome to me as well as many of my colleagues, and that
is digital control systems. Last year, there was an
incident where a disgruntled employee left a company in
Australia, went back in in an unauthorized manner, broke
into the systems and reversed the flow of raw sewage.
Instead of going into the raw sewage treatment plant, they
went into one of the local parks. It is all because of
accessibility to digital control systems.
Look what we are seeing today. We are seeing a
lot of these digital control systems being accessible or
addressable from the Internet. It makes business sense,
but it doesn't make security sense. Not only do we have
directly accessible from the Internet, but we are finding
some that are saying, no, we don't have any addressable
space on the Internet, and you find out that they have
digital control systems connected to an internal
administrative LAN which is then connected to the Internet
on the other side, which translates into, they are
addressable from the Internet.
That is very worrisome. It controls the power
grid, it controls the water supplies in many instances. It
390
OCR for page 391
391
controls the water flowing over many dams to generate
electricity. There is a whole bunch of things that are
being controlled by digital control devices right now.
When we talk to some of the people that are
involved in the technology designing some of these things -
- this is something that maybe you all can collectively
help with -- they say, we would like to do more. But what
happens is, even if we are looking to do a simple thing
like authentication a digital control system, when we are
talking nanosecond switching time, there is no way to
authenticate something and still do the switching in an
appropriate manner. So we need to figure out a scientific
way to be able to do the authentication without losing the
gating factor, that we have to do switching of these
things.
It is a complex problem, and it is only going to
be solved by some of the activity that you all are doing.
DR. BORGS: I don't understand that. If I can go
in from the Internet to reverse the flow of the sewage
system, this is not necessarily to make it --
PARTICIPANT: An example. There are other
examples.
DR. SCHMIDT: Yes, that was a very broad example
from something that was very public in the news.
391
OCR for page 392
392
DR. BORGS: But where you are worried about this
outside the controls, that should not --
DR. CHAYES: The electricity, for example.
DR. SCHMIDT: For example, last year there was a
storm in the Pacific Northwest. A tree blew down in Oregon
and the lights went out in Tucson, Arizona, 1500 miles
away. It is all because of the switching controls.
Many of the switching controls, for example, in
the power grid are based on very, very slight fluctuations
in electrical usage that would cause the entire system to
switch over to another grid to provide power. Those are
the sort of instantaneous controls that need to be
switched, but there has also got to be the ability to do
them on an authenticated mechanism. That is what I am
referring to.
Lastly, and by all means no less importantly,
would be the issues around securing the future systems. I
love wireless. I don't know how many of you use it in
here, but I couldn't live without it. I did it when I was
at Microsoft, I use it at my home now, and I love it, but
it is not the most secure environment right now because it
hasn't been designed as such. We have grave concerns about
it.
392
OCR for page 393
393
Many agencies are talking about outlawing the use
of it. So consequently, there are issues around the
authentication piece, about the encryption piece,
future generation systems that we are looking at.
So with that, I took this
about what we
and other
opportunity to talk
concerned about in framing a broad
perspective, before I turn it over to my distinguished
colleagues to talk about their concerns
.
Thank you very much. I'd like to start out by
asking Dorothy Denning to step up and give us her thoughts
on it.
Thank you.
393
Representative terms from entire chapter:
digital control
