Click for next page ( 368


The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement



Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page 367
367 Opening Remarks and Discussion, April 27 Transcript of Presentation 367

OCR for page 367
368 DR. CHAYES: I 'm not exactly sure what we are going to do in this session. We have a great session coming up at 9 o'clock. Let me tell you a couple of things about the room. We are filming this for the MSRI website, so that it will be archived. This is the only mike which we will hear in the room, but all the speakers should attempt to speak into those mikes, even though they won't seem as if they are being miked, because it is being picked up for the film. If you can remember, when you ask a question, it would be great if you would go to that mike over there and speak into that, just so that this is archived better. The second thing is that the temperature in the room -- I know that some people were freezing yesterday and other people claimed to be quite warm. It is considerably warmer on that side of the room, so if you are freezing, you can do your own temperature control by just moving from one side of the room to the other, if we haven't gotten the heating or cooling system working properly in here, which it seems like we haven't, actually, given the way the room feels. The purpose of this session, which I was just told a few minutes ago that I am chairing, is just to try to summarize what we talked about yesterday. This is a 368

OCR for page 367
369 very unusual workshop, as anyone who was here yesterday realizes. We have got people who are actually practitioners in various fields, which are related to homeland security, although the speakers themselves may not have thought in much detail about homeland security in the past. We have also got mathematicians, some of whom are really core mathematicians. What we hope to come out of this is that a lot of mathematicians who have not really thought about doing applied work in the past or certainly who have not thought about doing anything like homeland security, are now thinking about it. A lot of mathematicians who haven't made contributions to these kinds of efforts in the past want to make contributions in the future, so we need a research agenda and we don't want to do what mathematicians sometimes do, which is just make up a problem and then write in the beginning of your NSF proposal that this is relevant to such-and-such. We really want to talk to people in the field to find out what their real problems are, and set a research agenda for the community that people who are interested can get involved in. Hopefully, it will be interesting enough that many people will want to get involved. 369

OCR for page 367
370 I know that there were some comments yesterday that we didn't have time for, so I am hoping that some of you who had general comments to make -- I know that Andrew made some interesting general comments, but if others of you have general comments on homeland security, on the role of mathematics in homeland security, and if you are prepared to make those comments at this hour of the morning, this is your big chance. Does anybody have comments? I'll start calling on people. Sally. And, Sally, can you speak into that so that we can record you for posterity? DR. KELLER-McNULTY: I don't need to, because I was going to point to Kathy, who was making some important comments outside during coffee. DR. CHAYES: Oh, Kathy Laskey, wonderful. DR. KELLER-McNULTY: So I call on her to stand up and do that. DR. LASKEY: As I said to a few of you at the reception before and also in comments outside, I think we really have to take a systems approach to the homeland security issue. We think of ourselves as being part of a system that involves equipment, people, processes, and we want to improve our overall security process, and 370

OCR for page 367
371 mathematics plays a role in that. There are important mathematics challenges. One of the things that I want to avoid is people thinking I have this mathematical algorithm that I am going to use to solve problems of homeland security, or this mathematical theorem that I have just proved is going to solve homeland security. What you want to do is look for aspects of that system that can be improved. What we want to look at is the critical aspects. We want to be able to analyze the whole system and say, what are the bottlenecks, what are the problems. It may be that I can fix this piece of the system and it wouldn't do anything for overall system performance. It may be that the driver is something else. So we have to look at how all of the components of the system interact, and that in itself poses mathematical challenges. We were talking about gain theory. We were talking about economic and gain theoretic models of the actors in the system playing against each other. In order to solve those kinds of challenges, it requires the mathematicians to work with the political scientists, the anthropologists, the organizations, the psychologists, to analyze behaviors of organizations and what happens when we 371

OCR for page 367
372 do this and they do that, and the gaming aspects of it. But all those things have to go together as a system. DR. CHAYES: Let me ask you a question about that. What about mathematics? How does the system approach involve mathematics? Or are you simply saying that mathematicians must interact with these other groups? DR. LASKEY: There are mathematical systems. There are mathematical challenges in analyzing a system, breaking it into sub-systems, issues of modelling pieces of the system and how they interact, and different resolutions. I can model the economy at the macro level by flows of currency, or I can look at individual micro -- I forget the name of the person who gave the talk yesterday, where he was talking about the agent simulations. I can make the connection between the micro and the macro behavior. There are definitely mathematical challenges in that. There are system architectures we can design. Suppose we design our airport security architecture this way. This is what happens when people walk in the door. They go up to the counter and they present their security, and then they go through the lines and they do this. You can build a simulation of that, a mathematical model of it, and then simulate it, and then analyze different changes in 372

OCR for page 367
373 the system architecture and how that will impact on airport security. If I increase the sensitivity of this sensor when I am putting my luggage through, how is that going to impact on overall security? DR. CHAYES: And the economic implications of doing that also. DR. LASKEY: It is benefit tradeoffs, right. DR. CHAYES: Yes, cost-benefit. DR. LASKEY: But the issues of looking at these things not as a simulation that gives as an answer, because I don't think we can build a giant simulation of our security apparatus and then say, let me change this parameter and see what the classic implications are and the security implications. But we can analyze pieces of it. We can try to think globally as a system. DR. CHAYES: Peter? DR. BICKEL: I think what has to distinguish the short term and long term effects and the interaction with mathematics. I think Kathy has described the short term interactions which could benefit directly homeland security. On the other hand, we had yesterday a longer term question, which would be called for not only by the homeland security concerns, but more generally by society. 373

OCR for page 367
374 I am referring to Dave Donoho's presentation, or the discussion from Coifman. There you have these large problems, contributions to which will hopefully, in fact, I think almost surely, will move back possibly to directly affect how one can deal with problems of homeland security. So I think one has to distinguish between -- DR. CHAYES: Any other people volunteering to make comments before I call on someone? I would actually like to hear from someone from one of the funding agencies, or one of the agencies that would potentially fund. I see people almost heading towards the door at this point, looking away. This is what I do; I look away when I go through the airport security, so that they won't choose me. So I see all the people I know from the agencies, looking away. It is effective sometimes, but I know your names. But seriously, I think that one of the ways in which the mathematics community moves, since we are a fairly conservative community, is that we are energized by some of the federal agencies putting funds in various places. So I was wondering if anybody from the agencies would like to speak to the question of, if people here want to start doing work on some of the problems that we have discussed, how do you deal with very high dimensional 374

OCR for page 367
375 systems and some of the other problems that we have talked about, where would this fit in, in NSF and DACHA and DoD? Where would somebody apply to do this, and what is the infrastructure that exists already, or that we might want to implement to support these kinds of efforts? Deborah? You knew I was going to call on you. DR. LOCKHART: If I had to describe NSF's mission, it is to support basic research in science and education. So we respond to proposals that come. We don't necessarily put out special calls for proposals in a particular area, although sometimes we do. What I would say at this point on the best thing someone could do if they wanted to make a proposal in this area is simply to submit a proposal. We have a number of programs in our division that would certainly welcome such proposals. My own program in applied mathematics, I can see a number of the issues that we talked about yesterday being relevant to that. We have a program called computational methods for statistics and probability that I think would also be very, very response to proposals in these areas. So there already exists this venue for individuals who want to do research. 375

OCR for page 367
376 But I want to follow up on something Felipe Hondure said yesterday. There is another vehicle that we started two or three years ago that I think can be very, very useful for those of you who are seeking support. That is a relatively new vehicle, research groups in mathematical sciences. We are currently beginning the process of recommending awards in the third round. The purpose of this program is support groups of researchers to work on what they think are important problems. These are the kinds of problems that require the collective expertise of either a group of mathematicians working together or a group of statisticians working together or mathematicians and statisticians working together with people in other disciplines. So the proposals can either be multidisciplinary or not, as the problem is described, and in terms of what is demanded in terms of expertise. The duration of such grants is three years, and the funding varies from $150 K to $350 K per year. So a number of the grants approach on the order of close to a million dollars over three years, which can support students, postdocs, et cetera. What is important is the timeliness of the problem, and I can't think of things more timely than this, of course the scientific quality, the 376

OCR for page 367
377 fact that a project has to make the case that the results will reflect -- that the group will be more than the sum of its parts. So that is certainly a vehicle. Now, in terms of when proposals come in, we are in the process of putting together our new solicitation for that right now. I would expect that the required letters of intent would be coming in sometime in August, and the proposals would be due sometime in mid-September, so there would be sufficient time. So it is not a hurry up, get this in tomorrow kind of program, but something that could reflect these middle and longer term issues that so many of you have talked about over the last day or so. So I think right now there are ways we can use our existing venues. I don't know if there is going to be a special kind of money available at NSF to broaden these kinds of things. That will be up to the President and Congress. But we don't have anything right now that -- but I suspect that if we do, we will be hearing about it. DR. KELLER-McNULTY: Jennifer, I'm going to pick on another person. I am going to make Sally get up and reiterate some of the things we were talking about at the reception in terms of trying to think of how -- 377

OCR for page 367
into it and thinking, what better way to solve some of the issues that we have got that aren't going to be solved with guns, gates and guards and fences and stuff like that. So I thank you for the opportunity to be here. I am joined by some extremely distinguished folks on the panel and the follow-on review and discussion. I am just going to say their names for right now. After I asked everyone give me some little talking points on your bias and everything, I am probably going to let them do it, because I think I would not do them justice by introducing them my way, so I would like to have them do it themselves. In that vein, as we go through the session this morning, I would like to start out just framing some of the things we are looking at from the White House perspective in this area. As I have talked to the panelists -- and their presentation -- in the back of your mind, and I'm sure they will point it out specifically, look at some of the correlations between some of the things we are looking to accomplish in creating a national strategy in defending cyberspace, where is where one of our key focuses is, and some of the things that the panelists are going to be talking about. Going back to my previous comment about thinking this might be a joke, in reality this makes a lot of sense. 383

OCR for page 367
384 Listening to what they are going to say, you will see whether there is so much potential in using the talent to solve some of the key problems we have got. I'm not sure if it was Dorothy or someone at one point talked about the big encryption debate that was going around. The comment was made, if you think encryption is the answer to security, you understand neither security nor encryption. So when you look at the picture from the things we are trying to solve, it is just as complex as that. So with that, let me talk about some of the things that the President's Critical Infrastructure Protection Board is looking at as priorities, and then turn it over to my distinguished colleagues here. First and foremost, one of the things that we find to be in short supply is awareness. As we have gone around the country, we have talked to government leaders, we have talked to industry leaders. If you get outside that small sphere of security and you talk about security, you get the deer in the headlight look, so people start to drool, going, what are you talking about? Why do I care about this? So there is this component about the awareness and the education we really need to focus on, and build 384

OCR for page 367
that piece up. One of the ways we are looking at this right now through the education component is, we have created a scholarship program called Scholarships for Service. The National Science Foundation administers it. I think our biggest customer thus far has been the Department of Defense, where they allocate funds through NSF to scholarships to people in advanced degree programs in information assurance, information security. They do a one-for-one; if we pay for one year of tuition, they come back and do one year of government service, two years and two years, et cetera. The intent is to build the cadre of expertise that we have internal to the government, because we lose it regularly. Many go back and forth between the private sector. The discussion also goes, though, if we train these people and they come back and do two years of government service, they are going to be prime candidates to go in the public sector. My answer is, wonderful, because who are the owners and operators of the critical infrastructure that we care about? The private sector. So it is a win-win situation. We have a couple of years to beef up the government stuff, which we need desperate help on. At the 385

OCR for page 367
same time, we have the opportunity for those folks to get some real, live, on the job training, move out into the private sector and then continue to proliferate the wonderful things they have learned. The other priority is the information sharing part. This is a wonderful forum for that as well. There is this pace of activity that goes on that you see in the newspaper all the time. I read one last night. There was a bunch of computer sites in Korea, in which the ill- intended people are doing things and using those to launch attacks on other systems around the world. That is a bad thing. But when you try to get details and you try to get some information, it is generally a standoff approach. We are not privy to a lot of the details. We are not privy to a lot of the things that could help us better protect ourselves. So this sharing amongst professionals, and there is no group that does it better than academia, and sharing that information and saying, let's figure out how this is going on, let's figure out the defenses to make it work accordingly. The other one is the R&D component. There is a true belief, at least in the government circle, and I think it is shared by some of my colleagues, I know when I was in the private sector, many of us talked about it, that there 386

OCR for page 367
is some wonderful R&D being done in the buildings where the walls that have no windows and being done in the venue of national security. There is some really great stuff being done by the researchers in the private sectors to generate things that can be used to bring to market to benefit the public. But there is some space in the middle that we are not sure what that space is. We think there is some really hard- core, thoughtful R&D that needs to be done that is not being funded. So we have asked the Congress to give us a boatload of money, in the tens of millions of dollars, to fund some key programs. People come to us and say, gee, I think we can do this, and this will help the overall package and we can help fund these things on the front end. So the R&D is extremely important. I want to touch on another thing that is a priority for us, and that is some pure technology things, the way the Internet was built. That is the domain name servers and border gateway protocols. If you are not familiar with this aspect of it, the domain name servers are those things, when you type in a name, it is converted to a number, when then identifies your address on the Internet. There are about 14 of them 387

OCR for page 367
388 out there. So if I wanted to disrupt activity in the online world, be it commercial or be it telecommunications, that is where I will go, because I can knock out those fairly handily because they are addressable from the Internet. They are addressable in spaces where they have to be able to have an in-band address to be able to communicate. So consequently, we have some real concerns about that. I don't think redundancy is the answer. In the border gateway protocols, the language they talk in is insecure. Many times it is done in unclear text. We see in this, particularly going back to the illustration I mentioned about career -- one of the things I cited was being able to create denial of service attacks as a result of it. Then there is the priority we have about standards and best practices. Many of you -- and Dorothy and I were just talking about this in the lobby, about the old Orange Book that effectively said, here is the standard to which you design things. Then no one can meet the standard, so consequently they start to give exemptions. Then exemptions led to almost total obliteration of the standard and say don't worry about it anymore, because nobody can meet it. 388

OCR for page 367
389 We have got to find a meaningful scientific way to say, we can bring this up. We can raise the standard so we can use the procurement power that we have both within government and outside of government to make sure that the development process meets what we need in the areas of security. Let me broaden security for just a moment, because I am almost fanatical in some cases about this. I want to use the word trust, because security is only a component of it. I will qualify that right now. You have got the security, you've got the privacy, you've got the availability component. There has been a lot of discussion of late -- this is a little bit notes here, but there has been a security is going to trump privacy. I oftentimes get asked, of a digression from my lot of discussion that where we are going to level? I don't know. We are still in this aftershock mode after what happened last year. So am I willing to give up a little bit of my privacy for security? I don't know that I will be six months from now, so I don't know what I'll feel. But I think fundamentally, the issue always comes across as an issue of trust. You have to have the security, you have to have the privacy, you have to have 389

OCR for page 367
390 the availability. So we are talking about the standards and best practices that we look to; those all play into it. The next one is something that is extremely worrisome to me as well as many of my colleagues, and that is digital control systems. Last year, there was an incident where a disgruntled employee left a company in Australia, went back in in an unauthorized manner, broke into the systems and reversed the flow of raw sewage. Instead of going into the raw sewage treatment plant, they went into one of the local parks. It is all because of accessibility to digital control systems. Look what we are seeing today. We are seeing a lot of these digital control systems being accessible or addressable from the Internet. It makes business sense, but it doesn't make security sense. Not only do we have directly accessible from the Internet, but we are finding some that are saying, no, we don't have any addressable space on the Internet, and you find out that they have digital control systems connected to an internal administrative LAN which is then connected to the Internet on the other side, which translates into, they are addressable from the Internet. That is very worrisome. It controls the power grid, it controls the water supplies in many instances. It 390

OCR for page 367
391 controls the water flowing over many dams to generate electricity. There is a whole bunch of things that are being controlled by digital control devices right now. When we talk to some of the people that are involved in the technology designing some of these things - - this is something that maybe you all can collectively help with -- they say, we would like to do more. But what happens is, even if we are looking to do a simple thing like authentication a digital control system, when we are talking nanosecond switching time, there is no way to authenticate something and still do the switching in an appropriate manner. So we need to figure out a scientific way to be able to do the authentication without losing the gating factor, that we have to do switching of these things. It is a complex problem, and it is only going to be solved by some of the activity that you all are doing. DR. BORGS: I don't understand that. If I can go in from the Internet to reverse the flow of the sewage system, this is not necessarily to make it -- PARTICIPANT: An example. There are other examples. DR. SCHMIDT: Yes, that was a very broad example from something that was very public in the news. 391

OCR for page 367
392 DR. BORGS: But where you are worried about this outside the controls, that should not -- DR. CHAYES: The electricity, for example. DR. SCHMIDT: For example, last year there was a storm in the Pacific Northwest. A tree blew down in Oregon and the lights went out in Tucson, Arizona, 1500 miles away. It is all because of the switching controls. Many of the switching controls, for example, in the power grid are based on very, very slight fluctuations in electrical usage that would cause the entire system to switch over to another grid to provide power. Those are the sort of instantaneous controls that need to be switched, but there has also got to be the ability to do them on an authenticated mechanism. That is what I am referring to. Lastly, and by all means no less importantly, would be the issues around securing the future systems. I love wireless. I don't know how many of you use it in here, but I couldn't live without it. I did it when I was at Microsoft, I use it at my home now, and I love it, but it is not the most secure environment right now because it hasn't been designed as such. We have grave concerns about it. 392

OCR for page 367
393 Many agencies are talking about outlawing the use of it. So consequently, there are issues around the authentication piece, about the encryption piece, future generation systems that we are looking at. So with that, I took this about what we and other opportunity to talk concerned about in framing a broad perspective, before I turn it over to my distinguished colleagues to talk about their concerns . Thank you very much. I'd like to start out by asking Dorothy Denning to step up and give us her thoughts on it. Thank you. 393