Friday, November 5, 2010

Cyberspace as "EcoSpace"

By Craig Harm and Carl Hunt

One of the ways we look at Cyberspace from a scientific perspective is to think of it as both a host for complex adaptive systems (CAS) and a massive complex adaptive system of its own. Today we talk about the latter. Cyberspace is complex in that it is a set of dynamic networks of interactions and relationships rather than a mere aggregation of static entities. It is adaptive in that its individual and collective behaviors change (coevolve) as a result of experience. Three key processes come from the studies of complex adaptive systems, also called complexity science. As we’ve noted elsewhere in the SENDS Blogs, these processes include exchange, self-organization and emergence.
In today’s blog we’ll build on previous articles to convey these same concepts within the context of a CAS. One of the key characteristics of a complex adaptive system is its dynamism. Complex systems operate under far from equilibrium conditions requiring a constant flow of energy to maintain the organization of the system. This constant flow of energy is created by agents (e.g., users and machines) within the system all involved in the process of exchange, self-organization and emergence.
The massive complex adaptive system that is cyberspace requires better understanding of both its benefits and its challenges to human individual and cultural evolution. Thinking about cyberspace in terms of emergence and the exchange-based interactions that drive emergence allows us to better visualize the changes we experience both individually and collectively as we navigate within cyberspace. Another recent invention that cyberspace has enabled, advanced computational modeling and simulation (such as agent-based modeling), are the keys to better visualizing the actual and possible changes evident within the environment.
The figure below helps to visualize the major interactions that take place to create both the opportunity and the requirements for exchange-based coevolution within cyberspace and its interacting elements. Exchange is at the heart of this interaction. The diagram (click to enlarge) also depicts several categories of emergence that are both products and components of the coevolving world of massive interconnectivity that cyberspace enables. There is continuous feedback, another component of CAS.
There are two basic forms of networks that coevolve with each other through exchange and emergence that compose cyberspace: the physical network and the social network that accommodate the production of something useful to humans. Emergences from human and machine behaviors, culture, governance and technological characteristics all synergize to produce what we recognize as the social and physical media of cyberspace: the network.
The services that we introduce to make cyberspace valuable and the threats to those services and accesses are also part of the coevolving landscapes that compose cyberspace. Finally, both natural and artificial (e.g., man-made) adaptations and coevolution take place that ensure cyberspace is a dynamic environment that truly requires scientific methods to study and understand.
The figure above should also serve to demonstrate how these interactions are more than interesting features of cyberspace, they are also codependent, coevolving consequences of cyberspace! They are the interacting parts of the ecology of cyberspace that compose the essence of the environment of cyberspace, including the threat. All of these things are not only present, they are required for cyberspace to be meaningful to humans. We must understand them both in the context of our physical worlds and in the virtual worlds that emerge from these interactions.
As an example using the diagram above, we can follow the scenario set forth for the first iteration of SENDSim. For the SENDSim scenario, agent-based representations of people and machines are engaged in exchange and are connected through: 1) a specific characterized intranet connected to the internet; and 2) customized user behavior based on interviews of a selected user population. As users interact with the network we find the first level of exchange. This exchange is further expanded by the principal influencers (Threats and Services, from the model above).
In the initial instantiation of SENDSim the threat is the conficker malware, and services are the basic and increased tasks performed by users, thus creating a second, more complex level of exchange (following the hierarchical nature of emergence as part of CAS). As a complex adaptive system, the exchanges in a cyberspace ecosystem generate “emergents”. In the case of cyberspace these emergents are depicted by resultant emergents that include Behavior, Culture, Governance and Technology.
The process of these complex exchanges occurring in cyberspace produces currently unpredictable results (but inferable through models). Just as natural evolution occurs in a biological ecosystem, cyberspace evolution occurs as a result of adaptations to the principle agents of users and networks. Resultant adaptations (Natural and Network) are generated which coevolve with the two principle exchange agents. This process of coevolution is occurring naturally as an attempt to bring the entire system to equilibrium. However, as a massive CAS, cyberspace is fluid with a constant flow of energy producing continual change in an enduring attempt to reach a final equilibrium that will never come to pass.

In considering cyberspace as a complex adaptive system, it is logical to compare it to nature’s massive complex adaptive system, a biological ecosystem. In this context, we could think of the ecology of cyberspace as an "EcoSpace", as the title of this blog suggests. Using terms from complexity science, the evolution of cyberspace can then be thought of as a similar type ecosystem: coevolving while constantly striving for equilibrium.

Monday, November 1, 2010

High School Students’ First Milestone in Cyber Security Certification

by Joseph Cuenco, Executive Director, Science Center of Pinellas County, FL

The Science Center of Pinellas County (SCPC), St Petersburg, FL, has teamed up with Raytheon, SRI International, and St. Petersburg College in creating an innovative cyber security educational program that will prepare high-school level students for testing in industry recognized certifications. The Science Center of Pinellas County and Raytheon have been affiliated with the SENDS Project for almost a year now and are consulting on the educational curricula task.

The program’s focus on practical training and knowledge helps qualify students for credits towards a two or four-year degree in “Network Security” from St. Petersburg College, an academic partner to SCPC. The program objective is to prepare students for careers in cyber security -- with the skills and knowledge necessary to protect national, corporate, and civilian networks; provide them STEM (Science, Technology, Engineering and Math) foundation components; and help them learn about career placement opportunities with the best companies.

We are currently exploring with the SENDS Project and our Raytheon instructors how we might tap the SENDS Collaboration Substrate to enhance the educational program. We want to help students and teachers expand their repertoire of planning and modeling tools to assist in decision-making about tough cyber security problems, and offer them the SENDS cyberspace laboratory environment for experimentation and testing of new ideas.

Students have just completed the first module of the Cyber Security Certification, the CompTIA A+ hardware and software component. Many are opting for taking the certification tests in the next few weeks versus waiting until the end of the 15-week program. Preliminary data indicates that many of these students (ranging from 9th graders to seniors) are presently qualified to pass the CompTIA A+ certification exams now, even before completion of the training!

Why this Course? Understanding the student’s rational for undertaking the program helps to explain their excellent progress. Our interviews with students tell us that they greatly desire to qualify for internships in cyber security as well as further qualify for armed services and government programs such as the US Cyber Corps. Equally important, they really desire to expand their knowledge in the field and use this training in the real world.

There is another aspect to this Cyber Security Certification program that has engaged these students: the conceptual frame of cyber security provides a great deal of cache – particularly around the dividing line between the “white hats” and “black hats.” Cyber ethics and the module on cyber law obviously make very clear student’s obligations and requirements in these areas. Yet, this still continues to be an intriguing area for them. One aspect is fairly clear from the high schooler’s viewpoint. Learning the skills of a cyber ninja is beyond cool. It’s empowering!

Student and Adult Learner Synergy. Our present student base is comprised of high school students mixed with adult students, in a university-based learning environment. The adults are more interested in obtaining job skills and certifications which will enhance their portfolio of employment skills. There is one dynamic that we are beginning to learn more about – what each of the student segments can “learn” from one another or share in an osmosis-like environment. These high schooler’s appear to learn and think almost as fast as today’s dual-core processors, challenging the older students to learn differently, as well.

For the adults, there appears to be much more rigor and thought required into learning new concepts; almost certainly requiring a great deal more energy at the end of the work day to be receptive to brain stimulation. Can the two segments benefit one another in this learning process? Our observations suggest that the answer is yes: there are benefits to both populations of students.

What can the adults provide the younger students? They help to focus on structure and rigor of their learning process. These adults obviously possess a great deal more experience having gone through various levels of formal and informal training. Tools, process, and discipline have been necessary in order for their desired educational goals to be achieved. Our high school students are observing that some of these “adult approaches” to learning might be useful to them too. It’s a great mix of youthful energy and more experienced academic rigor!

Industry Perspectives. A key element to learning cyber security foundations through the teaching of industry experts is understanding the practical application of these concepts in the work environment. The students learn to frame their questions in important ways. What are the benefits from working with virtual machines? Why is the documentation really important? What was the worst case of troubleshooting I’ve had? What is the optimal humidity setting for a server room? (I asked that one).

Our cyber ninjas are beginning to quickly develop their skills, and we are all beginning to better understand the role cyberspace and cyberspace security play in our future. We may just learn as much from our students as they learn from us!