[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[infowar.de] Cyber Sleuths Call For New 'Smart Swarms'
Das klingt wie Arquilla&Ronfeldt ca. 1995 versetzt mit Rheingolds auch
nicht mehr so neuer These der "Smart Mobs". Die NSA ist also mal wieder an
vorderster Front. ;-)
RB
http://www.internetnews.com/security/article.php/3599386
April 17, 2006
Cyber Sleuths Call For New 'Smart Swarms'
By Tim Scannell
Bees do it. And if the cyber-strategists working at such high-level
organizations as the National Security Agency and the Los Alamos National
Laboratory are right, 'smart swarming' may be en effective way to solve
even the toughest security problems.
The idea is to get lots of people focused on a security issue, or even a
programming problem, and then have them chisel away at the code and
examine how those pieces interact and work with all the total software.
Instead of looking at programming as just lines of code, these swarms of
people examine how each piece interrelates and works within a network.
"The key to robust security is network thinking," said W. David
Stephenson, principal at Stephenson Strategies, a company that works
closely with the Department of Homeland Security to develop defenses
against terrorist attacks on computer networks. He is also an expert in
the emerging science of social networks. This means he spends a lot of
time looking at the behavior patterns in ant hills and beehives and
applying them to networks and network design.
Stephenson was part of a contingent of security-minded thinkers who came
to Boston University recently to discuss new approaches to security and
privacy as part of an inaugural symposium hosted by the school's Center
for Reliable Information Systems and Cyber Security (RISCS). Most promoted
a mix of left-brain and right-brain thinking to tackle seemingly difficult
problems with a fresh approach.
Attending the one-day event was the cream of the security intelligentsia,
including Ron Rivest, one of the founders of RSA Security and now a
professor at MIT; and Radia Perlman, a member of the engineering elite at
Sun Microsystems and known for developing the technology behind routers.
One way is to look at security breaches or even a terrorist cyber-attack
as a control problem and not an accident or major crime, explained Nancy
Leveson, a professor of aeronautics and astronautics at MIT and pioneer in
the field of "software safety." In most cases, she said, people are
looking for someone to blame and as a result, they can miss the small
issues and control problems that led to the incident.
"You should not look at failure, but how well software controls and does
its job," she noted. "What happens is you start to see the larger picture
when you don't find someone to blame."
Sometimes the design of a network or security system is ultimately
responsible for its failure, said Sun's Perlman. Network security is bound
to fail, for example, if users are required to remember too many passwords
and ID structures. As a result, they scribble a password down on a piece
of paper, which can easily be found by an intruder.
One solution is to develop a third-party solution that automatically
maintains password and identities for each user, and "creates, advertises,
protects and then deletes these cryptographic keys," she said. This
"ephemerizer," as she called it, would automatically unlock and decrypt
message and applications. It would also shuffle and change encryption keys
to keep one step ahead of the bad guys, she noted.
The NSA and other government agencies hope to recruit more schools as
Centers of Academic Excellence, especially as the government moves toward
using more public standards and commercial products as opposed to custom
software solutions, said Richard George, technical director of the
information assurance directorate at the NSA. In layman's terms, he's the
NSA's head crypto honcho.
The NSA also hires a fair number of graduates from these schools, one of
whom went on to revamp security of The White House computer network not
long after leaving school.
"The issues and research problems associated with security and reliability
are most important and fundamental today," said Steve Palmer, co-director
of the RISCS.
"The center will bring together researchers and government agencies to
focus on these problems."
---------------------------------------------------------------------
To unsubscribe, e-mail: infowar -
de-unsubscribe -!
- infopeace -
de
For additional commands, e-mail: infowar -
de-help -!
- infopeace -
de