Special Report: Computational Science — Behind Innovation and Discovery
Cyber security—a holistic approach
Do you worry about the security of your credit card when you buy something over the Internet? Or when you pay your bills electronically? What about business trade secrets communicated by email from engineering to manufacturing staff or sensitive data stored on local hard drives?
Computer scientists at Pacific Northwest National Laboratory are using a systems approach combined with a multidisciplinary team of experts to address cyber security issues such as these.
"The systems engineering approach doesn't focus on any one component of the devices involved in transmitting information," said Bryan McMillan, who manages PNNL's cyber security group. "Our multiscale approach spans the tiniest microchip up to the network of networks. We consider the components and the materials that make up individual components within computers."
PNNL engages experts in mathematics, physics, sociology and psychology and other fields as part of its multidisciplinary approach to better understand cyber security threats. "Trust levels change depending on who's using the computer and the context in which it's being used," McMillan said. "Computers themselves don't attack or hack or steal identity. People do. So we have to get into the mind of the human who's sitting behind the computer to understand his or her motivations and cultural or political drivers. At the same time, we need to understand the vulnerabilities of the computer."
One of the top challenges being researched by the PNNL team is first-of-a-kind violations of cyber security. Researchers look for anomalous patterns in normal Internet traffic that might indicate a potential threat to our national security. "We look beyond commonly identifiable human information such as text or messages," McMillan said. "We look at the unique signature tracks that computer systems leave in the ether."
Researchers are developing and deploying a variety of technologies for improving cyber security, beginning with a system similar to a flight simulator that is being used to train new computer scientists. The "flight simulator" allows systems administrators to experience cyber security attacks in different environments and take actions to effectively mitigate the attacks. In another effort to influence cyber security education, PNNL researchers are providing curriculum guidance to universities so that future graduates know how to produce the most secure software possible.
PNNL provides tools to the corporate Internet environment for stopping malicious code, which is a piece of code designed to damage a system or the data it contains. This technology can prevent malicious code from spreading from one computer to another, and it uses learning and prediction techniques to keep it ahead of potential hackers versus current approaches that catch and patch. It is being used at the Laboratory, which not only has a complex computer network but also collaborators around the world, sometimes in countries considered sensitive by the U.S. government.
The PNNL cyber security team also has developed sensors that monitor the global Internet, studying the behavior of attacks over long periods across multiple sites, looking for attacks that are very sophisticated and well coordinated.
Finally, PNNL's computer science group is teaming with energy and national security experts at the Laboratory to develop innovative ways to protect our national energy grid.
"We have devised unique ways of protecting the communications that control the delivery of power on those huge towers," McMillan said. "We also have developed first-of-a-kind firewalls specific to power systems to help screen out malicious information so that control center operators will have greater confidence in the information they are acting upon."