National Academies Press: OpenBook

The Mathematical Sciences' Role in Homeland Security: Proceedings of a Workshop (2004)

Chapter: Opening Remarks and Discussion, April 27

« Previous: Image Analysis and Voice Recognition
Suggested Citation:"Opening Remarks and Discussion, April 27." National Research Council. 2004. The Mathematical Sciences' Role in Homeland Security: Proceedings of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/10940.
×
Page 367
Suggested Citation:"Opening Remarks and Discussion, April 27." National Research Council. 2004. The Mathematical Sciences' Role in Homeland Security: Proceedings of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/10940.
×
Page 368
Suggested Citation:"Opening Remarks and Discussion, April 27." National Research Council. 2004. The Mathematical Sciences' Role in Homeland Security: Proceedings of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/10940.
×
Page 369
Suggested Citation:"Opening Remarks and Discussion, April 27." National Research Council. 2004. The Mathematical Sciences' Role in Homeland Security: Proceedings of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/10940.
×
Page 370
Suggested Citation:"Opening Remarks and Discussion, April 27." National Research Council. 2004. The Mathematical Sciences' Role in Homeland Security: Proceedings of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/10940.
×
Page 371
Suggested Citation:"Opening Remarks and Discussion, April 27." National Research Council. 2004. The Mathematical Sciences' Role in Homeland Security: Proceedings of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/10940.
×
Page 372
Suggested Citation:"Opening Remarks and Discussion, April 27." National Research Council. 2004. The Mathematical Sciences' Role in Homeland Security: Proceedings of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/10940.
×
Page 373
Suggested Citation:"Opening Remarks and Discussion, April 27." National Research Council. 2004. The Mathematical Sciences' Role in Homeland Security: Proceedings of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/10940.
×
Page 374
Suggested Citation:"Opening Remarks and Discussion, April 27." National Research Council. 2004. The Mathematical Sciences' Role in Homeland Security: Proceedings of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/10940.
×
Page 375
Suggested Citation:"Opening Remarks and Discussion, April 27." National Research Council. 2004. The Mathematical Sciences' Role in Homeland Security: Proceedings of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/10940.
×
Page 376
Suggested Citation:"Opening Remarks and Discussion, April 27." National Research Council. 2004. The Mathematical Sciences' Role in Homeland Security: Proceedings of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/10940.
×
Page 377
Suggested Citation:"Opening Remarks and Discussion, April 27." National Research Council. 2004. The Mathematical Sciences' Role in Homeland Security: Proceedings of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/10940.
×
Page 378
Suggested Citation:"Opening Remarks and Discussion, April 27." National Research Council. 2004. The Mathematical Sciences' Role in Homeland Security: Proceedings of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/10940.
×
Page 379
Suggested Citation:"Opening Remarks and Discussion, April 27." National Research Council. 2004. The Mathematical Sciences' Role in Homeland Security: Proceedings of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/10940.
×
Page 380
Suggested Citation:"Opening Remarks and Discussion, April 27." National Research Council. 2004. The Mathematical Sciences' Role in Homeland Security: Proceedings of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/10940.
×
Page 381
Suggested Citation:"Opening Remarks and Discussion, April 27." National Research Council. 2004. The Mathematical Sciences' Role in Homeland Security: Proceedings of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/10940.
×
Page 382
Suggested Citation:"Opening Remarks and Discussion, April 27." National Research Council. 2004. The Mathematical Sciences' Role in Homeland Security: Proceedings of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/10940.
×
Page 383
Suggested Citation:"Opening Remarks and Discussion, April 27." National Research Council. 2004. The Mathematical Sciences' Role in Homeland Security: Proceedings of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/10940.
×
Page 384
Suggested Citation:"Opening Remarks and Discussion, April 27." National Research Council. 2004. The Mathematical Sciences' Role in Homeland Security: Proceedings of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/10940.
×
Page 385
Suggested Citation:"Opening Remarks and Discussion, April 27." National Research Council. 2004. The Mathematical Sciences' Role in Homeland Security: Proceedings of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/10940.
×
Page 386
Suggested Citation:"Opening Remarks and Discussion, April 27." National Research Council. 2004. The Mathematical Sciences' Role in Homeland Security: Proceedings of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/10940.
×
Page 387
Suggested Citation:"Opening Remarks and Discussion, April 27." National Research Council. 2004. The Mathematical Sciences' Role in Homeland Security: Proceedings of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/10940.
×
Page 388
Suggested Citation:"Opening Remarks and Discussion, April 27." National Research Council. 2004. The Mathematical Sciences' Role in Homeland Security: Proceedings of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/10940.
×
Page 389
Suggested Citation:"Opening Remarks and Discussion, April 27." National Research Council. 2004. The Mathematical Sciences' Role in Homeland Security: Proceedings of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/10940.
×
Page 390
Suggested Citation:"Opening Remarks and Discussion, April 27." National Research Council. 2004. The Mathematical Sciences' Role in Homeland Security: Proceedings of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/10940.
×
Page 391
Suggested Citation:"Opening Remarks and Discussion, April 27." National Research Council. 2004. The Mathematical Sciences' Role in Homeland Security: Proceedings of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/10940.
×
Page 392
Suggested Citation:"Opening Remarks and Discussion, April 27." National Research Council. 2004. The Mathematical Sciences' Role in Homeland Security: Proceedings of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/10940.
×
Page 393

Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

367 Opening Remarks and Discussion, April 27 Transcript of Presentation 367

368 DR. CHAYES: I 'm not exactly sure what we are going to do in this session. We have a great session coming up at 9 o'clock. Let me tell you a couple of things about the room. We are filming this for the MSRI website, so that it will be archived. This is the only mike which we will hear in the room, but all the speakers should attempt to speak into those mikes, even though they won't seem as if they are being miked, because it is being picked up for the film. If you can remember, when you ask a question, it would be great if you would go to that mike over there and speak into that, just so that this is archived better. The second thing is that the temperature in the room -- I know that some people were freezing yesterday and other people claimed to be quite warm. It is considerably warmer on that side of the room, so if you are freezing, you can do your own temperature control by just moving from one side of the room to the other, if we haven't gotten the heating or cooling system working properly in here, which it seems like we haven't, actually, given the way the room feels. The purpose of this session, which I was just told a few minutes ago that I am chairing, is just to try to summarize what we talked about yesterday. This is a 368

369 very unusual workshop, as anyone who was here yesterday realizes. We have got people who are actually practitioners in various fields, which are related to homeland security, although the speakers themselves may not have thought in much detail about homeland security in the past. We have also got mathematicians, some of whom are really core mathematicians. What we hope to come out of this is that a lot of mathematicians who have not really thought about doing applied work in the past or certainly who have not thought about doing anything like homeland security, are now thinking about it. A lot of mathematicians who haven't made contributions to these kinds of efforts in the past want to make contributions in the future, so we need a research agenda and we don't want to do what mathematicians sometimes do, which is just make up a problem and then write in the beginning of your NSF proposal that this is relevant to such-and-such. We really want to talk to people in the field to find out what their real problems are, and set a research agenda for the community that people who are interested can get involved in. Hopefully, it will be interesting enough that many people will want to get involved. 369

370 I know that there were some comments yesterday that we didn't have time for, so I am hoping that some of you who had general comments to make -- I know that Andrew made some interesting general comments, but if others of you have general comments on homeland security, on the role of mathematics in homeland security, and if you are prepared to make those comments at this hour of the morning, this is your big chance. Does anybody have comments? I'll start calling on people. Sally. And, Sally, can you speak into that so that we can record you for posterity? DR. KELLER-McNULTY: I don't need to, because I was going to point to Kathy, who was making some important comments outside during coffee. DR. CHAYES: Oh, Kathy Laskey, wonderful. DR. KELLER-McNULTY: So I call on her to stand up and do that. DR. LASKEY: As I said to a few of you at the reception before and also in comments outside, I think we really have to take a systems approach to the homeland security issue. We think of ourselves as being part of a system that involves equipment, people, processes, and we want to improve our overall security process, and 370

371 mathematics plays a role in that. There are important mathematics challenges. One of the things that I want to avoid is people thinking I have this mathematical algorithm that I am going to use to solve problems of homeland security, or this mathematical theorem that I have just proved is going to solve homeland security. What you want to do is look for aspects of that system that can be improved. What we want to look at is the critical aspects. We want to be able to analyze the whole system and say, what are the bottlenecks, what are the problems. It may be that I can fix this piece of the system and it wouldn't do anything for overall system performance. It may be that the driver is something else. So we have to look at how all of the components of the system interact, and that in itself poses mathematical challenges. We were talking about gain theory. We were talking about economic and gain theoretic models of the actors in the system playing against each other. In order to solve those kinds of challenges, it requires the mathematicians to work with the political scientists, the anthropologists, the organizations, the psychologists, to analyze behaviors of organizations and what happens when we 371

372 do this and they do that, and the gaming aspects of it. But all those things have to go together as a system. DR. CHAYES: Let me ask you a question about that. What about mathematics? How does the system approach involve mathematics? Or are you simply saying that mathematicians must interact with these other groups? DR. LASKEY: There are mathematical systems. There are mathematical challenges in analyzing a system, breaking it into sub-systems, issues of modelling pieces of the system and how they interact, and different resolutions. I can model the economy at the macro level by flows of currency, or I can look at individual micro -- I forget the name of the person who gave the talk yesterday, where he was talking about the agent simulations. I can make the connection between the micro and the macro behavior. There are definitely mathematical challenges in that. There are system architectures we can design. Suppose we design our airport security architecture this way. This is what happens when people walk in the door. They go up to the counter and they present their security, and then they go through the lines and they do this. You can build a simulation of that, a mathematical model of it, and then simulate it, and then analyze different changes in 372

373 the system architecture and how that will impact on airport security. If I increase the sensitivity of this sensor when I am putting my luggage through, how is that going to impact on overall security? DR. CHAYES: And the economic implications of doing that also. DR. LASKEY: It is benefit tradeoffs, right. DR. CHAYES: Yes, cost-benefit. DR. LASKEY: But the issues of looking at these things not as a simulation that gives as an answer, because I don't think we can build a giant simulation of our security apparatus and then say, let me change this parameter and see what the classic implications are and the security implications. But we can analyze pieces of it. We can try to think globally as a system. DR. CHAYES: Peter? DR. BICKEL: I think what has to distinguish the short term and long term effects and the interaction with mathematics. I think Kathy has described the short term interactions which could benefit directly homeland security. On the other hand, we had yesterday a longer term question, which would be called for not only by the homeland security concerns, but more generally by society. 373

374 I am referring to Dave Donoho's presentation, or the discussion from Coifman. There you have these large problems, contributions to which will hopefully, in fact, I think almost surely, will move back possibly to directly affect how one can deal with problems of homeland security. So I think one has to distinguish between -- DR. CHAYES: Any other people volunteering to make comments before I call on someone? I would actually like to hear from someone from one of the funding agencies, or one of the agencies that would potentially fund. I see people almost heading towards the door at this point, looking away. This is what I do; I look away when I go through the airport security, so that they won't choose me. So I see all the people I know from the agencies, looking away. It is effective sometimes, but I know your names. But seriously, I think that one of the ways in which the mathematics community moves, since we are a fairly conservative community, is that we are energized by some of the federal agencies putting funds in various places. So I was wondering if anybody from the agencies would like to speak to the question of, if people here want to start doing work on some of the problems that we have discussed, how do you deal with very high dimensional 374

375 systems and some of the other problems that we have talked about, where would this fit in, in NSF and DACHA and DoD? Where would somebody apply to do this, and what is the infrastructure that exists already, or that we might want to implement to support these kinds of efforts? Deborah? You knew I was going to call on you. DR. LOCKHART: If I had to describe NSF's mission, it is to support basic research in science and education. So we respond to proposals that come. We don't necessarily put out special calls for proposals in a particular area, although sometimes we do. What I would say at this point on the best thing someone could do if they wanted to make a proposal in this area is simply to submit a proposal. We have a number of programs in our division that would certainly welcome such proposals. My own program in applied mathematics, I can see a number of the issues that we talked about yesterday being relevant to that. We have a program called computational methods for statistics and probability that I think would also be very, very response to proposals in these areas. So there already exists this venue for individuals who want to do research. 375

376 But I want to follow up on something Felipe Hondure said yesterday. There is another vehicle that we started two or three years ago that I think can be very, very useful for those of you who are seeking support. That is a relatively new vehicle, research groups in mathematical sciences. We are currently beginning the process of recommending awards in the third round. The purpose of this program is support groups of researchers to work on what they think are important problems. These are the kinds of problems that require the collective expertise of either a group of mathematicians working together or a group of statisticians working together or mathematicians and statisticians working together with people in other disciplines. So the proposals can either be multidisciplinary or not, as the problem is described, and in terms of what is demanded in terms of expertise. The duration of such grants is three years, and the funding varies from $150 K to $350 K per year. So a number of the grants approach on the order of close to a million dollars over three years, which can support students, postdocs, et cetera. What is important is the timeliness of the problem, and I can't think of things more timely than this, of course the scientific quality, the 376

377 fact that a project has to make the case that the results will reflect -- that the group will be more than the sum of its parts. So that is certainly a vehicle. Now, in terms of when proposals come in, we are in the process of putting together our new solicitation for that right now. I would expect that the required letters of intent would be coming in sometime in August, and the proposals would be due sometime in mid-September, so there would be sufficient time. So it is not a hurry up, get this in tomorrow kind of program, but something that could reflect these middle and longer term issues that so many of you have talked about over the last day or so. So I think right now there are ways we can use our existing venues. I don't know if there is going to be a special kind of money available at NSF to broaden these kinds of things. That will be up to the President and Congress. But we don't have anything right now that -- but I suspect that if we do, we will be hearing about it. DR. KELLER-McNULTY: Jennifer, I'm going to pick on another person. I am going to make Sally get up and reiterate some of the things we were talking about at the reception in terms of trying to think of how -- 377

378 DR. CHAYES: This perhaps you can come up here DR. KELLER-McNULTY how do we actually start to areas to try to look at the are talking about, both short is not being picked up, so or go over there. To me, part of the issue is mobilize an effort in certain complexity of the problems we term and long term. At the reception we were talking about that a little bit, and Sally actually brought up some really good examples of historically where this has been done in the areas that started out with some problems, probably equally vague to some degree as what we are talking about in the homeland security. So Sally, do you want to comment on some of that? I don't know how one gets funding for this; that is sort of a secondary issue to me in terms of figuring out what are some models to jump start activity. DR. BLOWER: What we were talking about were problems that academics have, that we are all trying to work on specific problems. We can't suddenly switch because your funding depends on it. But one thing that perhaps would be a good idea is to put a team of people together for a month and give them a specific question and a specific mandate. They would spend a week talking about something and then two 378

379 weeks actually doing it, and the final week actually writing the manuscripts and getting them out. So you are taking people out of their normal environments but giving them a specific problem. For example, since I am on infectious diseases, that is immediately what comes to mind, to say with smallpox, and what could happen you might get teams of people, at different centers. So and they end up with a variety of different approaches, or you get a group effort at the end. So that would be a month's worth of work, but you could do that in a relatively short term. That is what happened with the foot and mouth epidemic in the U.K. People were switched onto that full time, and they came out with it relatively quickly. DR. LOCKHART: I just want to mention -- I can't really say any specifics right now, but there are a number of things that we are working on that would facilitate the formation of such groups. Watch this space; we may be able to tell you more in a month or two. DR. CHAYES: Right. I am allowed to say a little bit, since I am not bound. I don't know anything for certain, but it may be that there is an institute that may be funded which is designed for this type of program, which is designed to bring people together to solve a particular 379

380 problem. If such an institute were to be funded, I would assume -- and I am asking this of the granting agency that might do such funding -- whether it could be done on a short time scale. This is not clear. I now that the NSF can sometimes with relatively small amounts of money respond on scale. I think that for these particular very important. But the foot and mouth England they had to wait for a new funding cycle, a lot of animals would have died. So hopefully there will be a way of responding to this quickly. If these unsubstantiated rumors are true, there will be a a small time issues, it is disease, if in venue. Also, Bamf, which has been funded, has some monies set aside for small research groups. Bamf is also in a very nice area. So if you like to ski or you like the mountains, you might like it even more than Santa Fe. They certainly do have money for -- I think they are also called focused research groups. I'm sure many of you know, there is a new math institute at Bamf that is a collaboration of PINS, which is the Pacific Institute of Mathematical Sciences, and MSRI. It has some NSF funding, highly leveraged NSF funding. There are going to be on the order of 40 weekly workshops 380

381 there. If somebody has longer term plans, one cold apply for a workshop on one of these issues, but you can also bring together small groups of people to work on a particular problem. That has been funded. So any issues other than funding issues? I really liked what we heard at the end of the day yesterday, about high dimensional problems. I think that brings together not just statistics. There is a huge element of statistics in that, but I think that a lot of us realize that stat has a huge place in homeland security. One of the things that I would like to see more discussion of is how other areas of mathematics, especially core mathematics, are necessary to solve some of these problems. I think it is clear that they are necessary. When you get these large amounts of data, you need a statistical analysis, but you also need some geometry, anthropology. So I would like to hear either from somebody now in the next few minutes, or hopefully in the talks that we will hear today, how areas of mathematics that we generally think of as core mathematics are necessary to solve these problems, working hand in hand with statisticians and with applied people in the particular field. 381

382 I guess I am not going to hear that now, which is fine. Is Howard here? Howard should be here soon. Is anybody here from the 9 o'clock session? PARTICIPANT: Howard is outside. DR. CHAYES: Howard is outside. I will go get Howard, and then that session will start. (Brief recess.) DR. CHAYES: I am very excited about this next session. We are very lucky to have Howard Schmidt from the White House here. He is from the Office of Cyber Security, which is part of the White House. He was at Microsoft, running the security for Microsoft until he went to the White House a few months ago. It is Microsoft's loss, but hopefully it is cyber securityls gain. DR. SCHMIDT: Thank you very much. It is great to be here this morning. I think back to the first e-mail I got from Jennifer about this meeting. The title itself is somewhat very ominous as far as mathematics and sciences and homeland security. At first, I thought she was joking with me, in all honesty. As I started thinking about it, as I got the e- mail that said this really wasn't a joke, I started looking 382

into it and thinking, what better way to solve some of the issues that we have got that aren't going to be solved with guns, gates and guards and fences and stuff like that. So I thank you for the opportunity to be here. I am joined by some extremely distinguished folks on the panel and the follow-on review and discussion. I am just going to say their names for right now. After I asked everyone give me some little talking points on your bias and everything, I am probably going to let them do it, because I think I would not do them justice by introducing them my way, so I would like to have them do it themselves. In that vein, as we go through the session this morning, I would like to start out just framing some of the things we are looking at from the White House perspective in this area. As I have talked to the panelists -- and their presentation -- in the back of your mind, and I'm sure they will point it out specifically, look at some of the correlations between some of the things we are looking to accomplish in creating a national strategy in defending cyberspace, where is where one of our key focuses is, and some of the things that the panelists are going to be talking about. Going back to my previous comment about thinking this might be a joke, in reality this makes a lot of sense. 383

384 Listening to what they are going to say, you will see whether there is so much potential in using the talent to solve some of the key problems we have got. I'm not sure if it was Dorothy or someone at one point talked about the big encryption debate that was going around. The comment was made, if you think encryption is the answer to security, you understand neither security nor encryption. So when you look at the picture from the things we are trying to solve, it is just as complex as that. So with that, let me talk about some of the things that the President's Critical Infrastructure Protection Board is looking at as priorities, and then turn it over to my distinguished colleagues here. First and foremost, one of the things that we find to be in short supply is awareness. As we have gone around the country, we have talked to government leaders, we have talked to industry leaders. If you get outside that small sphere of security and you talk about security, you get the deer in the headlight look, so people start to drool, going, what are you talking about? Why do I care about this? So there is this component about the awareness and the education we really need to focus on, and build 384

that piece up. One of the ways we are looking at this right now through the education component is, we have created a scholarship program called Scholarships for Service. The National Science Foundation administers it. I think our biggest customer thus far has been the Department of Defense, where they allocate funds through NSF to scholarships to people in advanced degree programs in information assurance, information security. They do a one-for-one; if we pay for one year of tuition, they come back and do one year of government service, two years and two years, et cetera. The intent is to build the cadre of expertise that we have internal to the government, because we lose it regularly. Many go back and forth between the private sector. The discussion also goes, though, if we train these people and they come back and do two years of government service, they are going to be prime candidates to go in the public sector. My answer is, wonderful, because who are the owners and operators of the critical infrastructure that we care about? The private sector. So it is a win-win situation. We have a couple of years to beef up the government stuff, which we need desperate help on. At the 385

same time, we have the opportunity for those folks to get some real, live, on the job training, move out into the private sector and then continue to proliferate the wonderful things they have learned. The other priority is the information sharing part. This is a wonderful forum for that as well. There is this pace of activity that goes on that you see in the newspaper all the time. I read one last night. There was a bunch of computer sites in Korea, in which the ill- intended people are doing things and using those to launch attacks on other systems around the world. That is a bad thing. But when you try to get details and you try to get some information, it is generally a standoff approach. We are not privy to a lot of the details. We are not privy to a lot of the things that could help us better protect ourselves. So this sharing amongst professionals, and there is no group that does it better than academia, and sharing that information and saying, let's figure out how this is going on, let's figure out the defenses to make it work accordingly. The other one is the R&D component. There is a true belief, at least in the government circle, and I think it is shared by some of my colleagues, I know when I was in the private sector, many of us talked about it, that there 386

is some wonderful R&D being done in the buildings where the walls that have no windows and being done in the venue of national security. There is some really great stuff being done by the researchers in the private sectors to generate things that can be used to bring to market to benefit the public. But there is some space in the middle that we are not sure what that space is. We think there is some really hard- core, thoughtful R&D that needs to be done that is not being funded. So we have asked the Congress to give us a boatload of money, in the tens of millions of dollars, to fund some key programs. People come to us and say, gee, I think we can do this, and this will help the overall package and we can help fund these things on the front end. So the R&D is extremely important. I want to touch on another thing that is a priority for us, and that is some pure technology things, the way the Internet was built. That is the domain name servers and border gateway protocols. If you are not familiar with this aspect of it, the domain name servers are those things, when you type in a name, it is converted to a number, when then identifies your address on the Internet. There are about 14 of them 387

388 out there. So if I wanted to disrupt activity in the online world, be it commercial or be it telecommunications, that is where I will go, because I can knock out those fairly handily because they are addressable from the Internet. They are addressable in spaces where they have to be able to have an in-band address to be able to communicate. So consequently, we have some real concerns about that. I don't think redundancy is the answer. In the border gateway protocols, the language they talk in is insecure. Many times it is done in unclear text. We see in this, particularly going back to the illustration I mentioned about career -- one of the things I cited was being able to create denial of service attacks as a result of it. Then there is the priority we have about standards and best practices. Many of you -- and Dorothy and I were just talking about this in the lobby, about the old Orange Book that effectively said, here is the standard to which you design things. Then no one can meet the standard, so consequently they start to give exemptions. Then exemptions led to almost total obliteration of the standard and say don't worry about it anymore, because nobody can meet it. 388

389 We have got to find a meaningful scientific way to say, we can bring this up. We can raise the standard so we can use the procurement power that we have both within government and outside of government to make sure that the development process meets what we need in the areas of security. Let me broaden security for just a moment, because I am almost fanatical in some cases about this. I want to use the word trust, because security is only a component of it. I will qualify that right now. You have got the security, you've got the privacy, you've got the availability component. There has been a lot of discussion of late -- this is a little bit notes here, but there has been a security is going to trump privacy. I oftentimes get asked, of a digression from my lot of discussion that where we are going to level? I don't know. We are still in this aftershock mode after what happened last year. So am I willing to give up a little bit of my privacy for security? I don't know that I will be six months from now, so I don't know what I'll feel. But I think fundamentally, the issue always comes across as an issue of trust. You have to have the security, you have to have the privacy, you have to have 389

390 the availability. So we are talking about the standards and best practices that we look to; those all play into it. The next one is something that is extremely worrisome to me as well as many of my colleagues, and that is digital control systems. Last year, there was an incident where a disgruntled employee left a company in Australia, went back in in an unauthorized manner, broke into the systems and reversed the flow of raw sewage. Instead of going into the raw sewage treatment plant, they went into one of the local parks. It is all because of accessibility to digital control systems. Look what we are seeing today. We are seeing a lot of these digital control systems being accessible or addressable from the Internet. It makes business sense, but it doesn't make security sense. Not only do we have directly accessible from the Internet, but we are finding some that are saying, no, we don't have any addressable space on the Internet, and you find out that they have digital control systems connected to an internal administrative LAN which is then connected to the Internet on the other side, which translates into, they are addressable from the Internet. That is very worrisome. It controls the power grid, it controls the water supplies in many instances. It 390

391 controls the water flowing over many dams to generate electricity. There is a whole bunch of things that are being controlled by digital control devices right now. When we talk to some of the people that are involved in the technology designing some of these things - - this is something that maybe you all can collectively help with -- they say, we would like to do more. But what happens is, even if we are looking to do a simple thing like authentication a digital control system, when we are talking nanosecond switching time, there is no way to authenticate something and still do the switching in an appropriate manner. So we need to figure out a scientific way to be able to do the authentication without losing the gating factor, that we have to do switching of these things. It is a complex problem, and it is only going to be solved by some of the activity that you all are doing. DR. BORGS: I don't understand that. If I can go in from the Internet to reverse the flow of the sewage system, this is not necessarily to make it -- PARTICIPANT: An example. There are other examples. DR. SCHMIDT: Yes, that was a very broad example from something that was very public in the news. 391

392 DR. BORGS: But where you are worried about this outside the controls, that should not -- DR. CHAYES: The electricity, for example. DR. SCHMIDT: For example, last year there was a storm in the Pacific Northwest. A tree blew down in Oregon and the lights went out in Tucson, Arizona, 1500 miles away. It is all because of the switching controls. Many of the switching controls, for example, in the power grid are based on very, very slight fluctuations in electrical usage that would cause the entire system to switch over to another grid to provide power. Those are the sort of instantaneous controls that need to be switched, but there has also got to be the ability to do them on an authenticated mechanism. That is what I am referring to. Lastly, and by all means no less importantly, would be the issues around securing the future systems. I love wireless. I don't know how many of you use it in here, but I couldn't live without it. I did it when I was at Microsoft, I use it at my home now, and I love it, but it is not the most secure environment right now because it hasn't been designed as such. We have grave concerns about it. 392

393 Many agencies are talking about outlawing the use of it. So consequently, there are issues around the authentication piece, about the encryption piece, future generation systems that we are looking at. So with that, I took this about what we and other opportunity to talk concerned about in framing a broad perspective, before I turn it over to my distinguished colleagues to talk about their concerns . Thank you very much. I'd like to start out by asking Dorothy Denning to step up and give us her thoughts on it. Thank you. 393

Next: Communications and Computer Security »
The Mathematical Sciences' Role in Homeland Security: Proceedings of a Workshop Get This Book
×
Buy Paperback | $147.00
MyNAP members save 10% online.
Login or Register to save!
Download Free PDF

Mathematical sciences play a key role in many important areas of Homeland Security including data mining and image analysis and voice recognition for intelligence analysis, encryption and decryption for intelligence gathering and computer security, detection and epidemiology of bioterriost attacks to determine their scope, and data fusion to analyze information coming from simultaneously from several sources.

This report presents the results of a workshop focusing on mathematical methods and techniques for addressing these areas. The goal of the workshop is to help mathematical scientists and policy makers understand the connections between mathematical sciences research and these homeland security applications.

  1. ×

    Welcome to OpenBook!

    You're looking at OpenBook, NAP.edu's online reading room since 1999. Based on feedback from you, our users, we've made some improvements that make it easier than ever to read thousands of publications on our website.

    Do you want to take a quick tour of the OpenBook's features?

    No Thanks Take a Tour »
  2. ×

    Show this book's table of contents, where you can jump to any chapter by name.

    « Back Next »
  3. ×

    ...or use these buttons to go back to the previous chapter or skip to the next one.

    « Back Next »
  4. ×

    Jump up to the previous page or down to the next one. Also, you can type in a page number and press Enter to go directly to that page in the book.

    « Back Next »
  5. ×

    To search the entire text of this book, type in your search term here and press Enter.

    « Back Next »
  6. ×

    Share a link to this book page on your preferred social network or via email.

    « Back Next »
  7. ×

    View our suggested citation for this chapter.

    « Back Next »
  8. ×

    Ready to take your reading offline? Click here to buy this book in print or download it as a free PDF, if available.

    « Back Next »
Stay Connected!