Talking Cybersecurity in Washington

I recently participated in the Information and Infrastructure Integrity Initiative (I4) Annual Advisory Review meeting at the Department of Energy’s (DOE) Pacific Northwest National Lab (PNNL). (You can tell it’s a government thing given all the acronyms…) As part of PNNL, I4’s mission is to develop “innovative and proactive science and technology to prevent and counter acts of terrorism, or malice intended to disrupt the nation’s digital infrastructures resulting in a safer and more secure digital infrastructure.” I have served on the Advisory Board since its inception and have been wholly impressed with the quality of the research work done under the guidance of Initiative Lead Deb Frincke .

By mandate, I4 is to go on that bleeding edge that most commercial efforts would never consider given the risk of failure – and this is why we love being part of the Initiative. The I4 researchers toil to define the next-gen approaches needed to thwart the constantly-evolving threats to our national security. Predictive, adaptive, high-volume complexity challenges are the main project foci; “transformational” or “contributing” technologies to enhance the cybersecurity landscape is the ultimate goal. To achieve this, the researchers identify the cutting-edge theoretical approaches and then turn to PNNL to fund the development. The theories are morphed into prototypes, and those that are proven useful are then further honed and developed to handle the scale and demands of the government networks. The Advisory Board was established to help validate those projects or research efforts that have the greatest chances of success to further enhance the integrity of our infrastructures.

This year, we reviewed efforts in predictive systems – a requisite for proactive solutions and the eventual shift from the dominant signature-based security solutions that are hindering better computing integrity today. “Adaptive” is also an overriding mandate and without revealing too much, we are feeling confident that at least one research project is a potential game changer in a most subtle way by taking another approach. Using bioinformatics to address the security problem can lead to some very powerful developments. We also spent a good amount of time pondering SCADA-related assurance initiatives. Protecting our national infrastructure goes beyond IP-based traffic; without reliable electricity, none of the former matters. The lab has Henry Huang spearheading the research here and the IEEE Magazine named Henry its Outstanding Young Engineer.

The technologies developed here for government use can eventually find their way into the commercial market. Starlight is one example – a dynamic visualization tool that we first saw in action over six years ago. PNNL has licensed this technology to Future Point Systems and while the visualization market is still relatively nascent, the ever-growing amount of data and multiple applications for visual analytics to us is a clear, steady driver for mass adoption. How useful is 3 million links on a Google search result page, really? How would an intelligence agency analyst mine 14 million records including newspaper articles, blog entries, and images to identify and track a person of interest? Many of the problems that challenge the three-letter agencies are also relevant to the rest of us. Next-gen business intelligence solutions could clearly benefit from the lab’s efforts.

It isn’t just PNNL working on cutting edge technologies that can make their way into your company or home. The Idaho National Lab, another DOE facility, has spun out a few hits of its own, most recently RFinity, a secure RFID communications technology. RFinity is an example of a product of lab research that has a high probability of commercial viability, so the founders used the “technology transfer process” to spin out of the lab, license the technologies, and raise capital to get rolling. This is being overseen and managed by IANS Faculty and now RFinity CEO Aaron Turner.

Recent efforts have been made to enhance the process of getting technologies from these labs into your hands. In particular, PNNL has Gary Morgan specifically charged with getting the I4 (and other lab) technologies into the commercial market thus potentially greatly increasing our overall security posture.

As IANS Faculty in Residence, I am excited to share my involvement in I4 with the IANS community. We look forward to advising you on the adoption of future solutions to information security problems as these technologies reach the commercial market.