Peter Freeman
Cliff Jacobs
Andrea Norris
Dwayne Ramsey
Bill Cheswick
|
More than 120 cybersecurity
experts from some of the nation's top research institutions met Sept.
27–28 in Arlington, Virginia — just four miles from the White
House — to share information on a series of computer security
incidents last March and April at a number of high-performance computing
centers, universities, and national laboratories across the U.S. and
Europe.
|
Tom Bettge
|
NCAR's Scientific Computing Division organized the two-day workshop,
called "Cybersecurity Summit 2004" and held in Arlington,
Virginia, with support from the National Science Foundation (NSF).
Program chair Tom Bettge, SCD associate director, worked closely
with a 10-member program committee of representatives from universities
and government labs to organize the conference, which was by invitation
only.
"One of the problems we faced during the incidents last spring
was lack of communication among the institutions," Tom said. "A
primary reason for organizing this meeting was to bring together stakeholders
to discuss the incidents and how to better respond to future incidents."
Dr. Peter Freeman, assistant director of NSF's Computer and
Information Sciences Directorate, delivered the opening remarks. "Cybersecurity
is not a local or national problem — it's an international problem,"
he observed, stressing that security assurance is not an option but
a requirement.
Dr. Cliff Jacobs, head of the UCAR and Lower Atmospheric
Facilities Oversight Section in NSF's Division of Atmospheric Sciences,
concurred. "Cybersecurity is an integral part of the research
infrastructure," he said. "This conference is an important
step to share ideas and best practices to address the essential requirement
of providing cybersecurity infrastructure to the research community."
At the summit's plenary assembly, Dr. Andrea Norris, deputy
chief information officer and director of NSF's Division of Information
Systems, reported that, in the face of a changing threat environment,
commitment to security is a strategic priority as well as a continuous
process. Dr. Dwayne Ramsey, U.S. Department of Energy (DOE)
computer protection program manager at Lawrence Berkeley National Laboratory,
addressed federal cyber policy and assurance issues, highlighting the
DOE Cyber Security Program.
Keynote speaker Bill Cheswick, chief scientist at Lumeta Corporation
and co-author of Firewalls and Internet Security: Repelling the
Wily Hacker, explained why protecting research capabilities and
resources in a dynamic, distributed computing environment is a difficult
problem. At this point, he said, "the best we can hope for is
gradual mitigation, converging on a safer world."
The workshop included a presentation from an authority in the Criminal
Computer Intrustion Unit of the FBI's Cyber Intrusion Laboratory, who
noted that in an age of rich interconnections and global communications,
attacks on cybersecurity are an emerging threat. Two panel discussions
and five breakout sessions on topics such as security policies and
education, intrusion detection, and grid computing challenges gave
participants the chance to share information in a confidential setting.
Center managers, software engineers, and administrators of high-performance
systems and networks across the research community came out of the
sessions with new strategies for detecting and mitigating computer
intrusions.
"Clearly a conference like this is a terrific idea," said
Bill Cheswick at the end of the workshop. "When you have this
kind of community, you need to talk to each other, meet each other,
share ideas, learn what the best practices are. This is invaluable
stuff, no question about it. This is where a lot of the work gets done."
Cybersecurity Summit 2004 was the first step in laying the foundation
for a trust network that could be used in the event of future large-scale
security breaches, reducing the disruptive impact of such incidents
on the nation's research agenda. Increased cooperation among research
institutions on security policies, procedures, and incident response
will better protect the integrity of the nation's scientific computing
and data assets.
See also: "SCD
team welcomes experts to Cybersecurity Summit 2004"
— Lynda Lester
|
