by Jack Holt
When I was a boy, my grandfather taught me a Cherokee Proverb which I have pondered my entire life. It didn’t make much sense to me at the time, but the more I thought about it, and the more I grew, and the more I learned, and the more I did, and the more people I met, worked with, and engaged with, the more I began to see what the proverb meant.
I suppose that’s what proverbs are supposed to do. They guide you toward some universal truth that is unknowable at the time. Unknowable because you haven’t lived the time and it is time that is the critical factor.
While time is the critical factor, experience is the determining factor and thought multiplies the effect for it is what you give your thought to that determines what your experience is and the time you will give to a task and hence what you learn. This is true whether it’s cyberspace time or the “old-fashioned” variety of time!
The proverb stated: “If you listen to whispers, you will not hear screams.” For a close-knit, tribal people this meant paying attention to those around you. Even in a hyper-connected age like the one we experience in cyberspace, it means the health of the whole is the responsibility of the individual. It means an acculturated community. It means seeing the invisible…an invisible that transcends both the tribe and the physical world, if you look and listen closely enough.
Why do we so often miss seeing the invisible? Perhaps because we are looking and listening in the wrong places.
What makes people who they are? Why do they do what they do? How can we know such things? Time, experience, thoughtfulness: just as my grandfather inferred in his proverb.
Listening to people, learning from them, learning all we can about them. What are their proverbs, their poetry, and their music? These are the tools of enculturation: how we learn and apply values of a culture.
To know a people’s language is just the beginning, to know their thoughts is to know them. This is what it means to socialize. This is how we will ultimately exploit cyberspace as a species. In the meantime, let’s listen…
Showing posts with label Social Science. Show all posts
Showing posts with label Social Science. Show all posts
Saturday, February 5, 2011
Thursday, January 27, 2011
Are Passwords Part of The Problem?
by Bob Schapiro
How many new passwords did you have to create in the past few months?
Spam is the first culprit when people think of the clutter that’s choking the Internet, but passwords aren’t far behind. Passwords are a security “solution” that’s part of the problem.
In fact, with the CONFIKR virus living comfortably on millions of home computers, maybe all of this cyber-clutter is not just an annoyance; it’s an actual security threat.
A few months ago I attended a conference with people from all the big companies and government agencies. Many of the speakers wondered why the gosh-darn American public doesn’t take cyber-security seriously…at least seriously enough to create stronger passwords. The consensus was that people need more education.
I don’t think we’re dumb. We’re just overwhelmed.
Maybe my situation is unique. I enrolled for a course at a university and had to create four new passwords—one each for the registrar, bursar, health service and to get my email. This week I subscribed to a magazine and had to create three new passwords: One to manage my subscription, one for the online version and another for the environmental organization that publishes the magazine.
But the most galling experience comes from—who else?—my cell-phone company. I can’t name them for legal reasons but it’s a huge company known for really lousy reception. (Let them come to court and claim that distinction.)
When I got my new cell-phone, I had to get a “micro cell” device because I get zero reception in my home. In order to connect it, of course, I needed a “user name and password” distinct from the ones I already have with both the phone company and with the company that makes my phone. (If you’re counting, I needed three passwords just to make the first phone call from my home.)
While installing the configuration software—to get the warranty—I got one of those little drop-down boxes where I had to “agree” to their terms. The word “agree” was in the flashing blue box, in case I was confused about what I was supposed to do. (I put “agree” in ironic quotation marks because the word is supposed to mean that you actually concur with something.)
I don’t know what possessed me, but I decided to actually read the agreement. I scrolled through a few pages of tiny print before downloading the whole thing. It was over 200 pages! Of tiny type! I know there was fine print before the Internet, but this is insane. When I bought my first car I had to sign seven or eight pages of small print and I thought that was a lot.
We’ve all clicked that flashing “agree” button. We know how the world works now. Are you really going to return that piece of software—the one you’re already installing—because of sub-paragraph xvii on page 128?
But not so long ago, all you’d need for the warranty is keep the receipt.
What is the effect of all these meaningless passwords and agreements? Imagine if you only had to create five or six passwords…for your employer, your bank, a few others…do you think you might take them all more seriously? Most of us used to think twice before signing a long document. Now we don’t even look anymore. In fact, if you took all of this seriously, you wouldn’t be able to get through daily life in the cyber age.
You probably have your own stories. We’d like to hear them. Just send them to words@sendsonline.org or make your comments to this blog below.
Not to boast—okay, to boast a little—SENDS has the attention of the major players who are shaping cyberspace. Participating in SENDS will help you be heard.
SENDS seeks to discover what is inherent in cyberspace. My guess is that passwords are not. In the future, you may just swipe your thumbprint at any computer…or there may be facial recognition.
Right now, a lot of so-called cyber-security is driven by marketers. Yet companies will stop these people if they see a downside. A few years ago many websites absolutely needed to know your social security number and mother’s maiden name “to help us protect you.” Then they discovered that they were liable if there was data theft…and all of a sudden, they decided that this information was not so vital after all.
What do you think is vital…and what is intrusive cyber-clutter? Let us know at words@sendsonline.org. We’ll pass it along.
Tuesday, January 18, 2011
The Evolution of Cyberspace: Virtual Worlds
By Craig Harm
It’s amazing how history can repeat itself, even in cyberspace.
Let’s first look at what may have been the beginning of internet-based direct social interactions, instant messaging (IM). Peer-to-peer functions like IM and chat started as early as the 1980s with bulletin board based chat. But it was in the early 1990’s with the modern network connectivity that Internet-wide, GUI-based messaging clients really began to take-off.
ICQ, AIM (formerly AOL Instant Messenger) and Windows Messenger were just a few examples of this capability. These services offered similar capabilities allowing users to create profiles, add users as friends, conduct real-time live chats via text services, exchange files and even conduct video chats. They allowed the development of true, though virtual social networks between people that had perhaps never physically met.
As technological capabilities continued to grow, so too did the evolution of IM. With the introduction of voice-over-IP (VoIP) new IM services began to take hold. Systems like Skype and Vonage allowed users to connect to telephones, both landlines and mobile, thus expanding the virtual social network capabilities even further.
Internet-based social networking began as only something “geeks” did and it was based on generalized online communities such as Theglobe.com (1994),] Geocities (1995) and Tripod.com (1995). But as the desire, capability and social culture evolved, new methods of social networking emerged. By the end of the 1990’s, technology was helping to develop more advanced features to meet the growing user need to find and manage friends on-line: to enhance a social network.
Out of the development of these new social networking methods a new generation of social networking sites began to emerge. One of the first, Friendster, soon became part of the Internet mainstream. Followed by MySpace and the professional’s social networking systems, LinkedIn there was a rapid increase in social networking sites' popularity.
Launched in February 2004, Facebook, a social network service website now with more than 600 million active users, is rapidly becoming symbolic of what internet-based social networking is about. In Facebook, users create a personal profile, add other users as friends and exchange messages, including automatic notifications when they update their profile. Additionally, users may join common interest user groups, organized by workplace, school, or college, or other characteristics. Facebook, the subject of the recent film The Social Network has garnered our interest, participation and consumed our on-line attention unlike any cyber phenomena, so far.
Enabled by expansive technological advancements, virtual, highly social worlds are emerging to meet evolving user needs for social interaction. Second Life (SL), launched in June 2003, is a virtual world accessible through the Web. Users, called “Residents”, interact with each other through personally created profiles called avatars. Residents create a personal profile, add other users as friends and exchange messages. In addition to these functions, which are similar in purpose to Facebook, residents can also explore, meet other residents, socialize, participate in individual and group activities, and create and trade virtual property and services with one another, or travel throughout the world. SL is designed on the premise that users can build virtual objects, either fictional or based on real items, and share, trade or sell them throughout the system.
Ever since two computers could be connected together, people have found new ways to compete with each other in games. Initially just point-to-point, person-to-person, over the last 10-15 years gaming has evolved to connect substantial numbers of players through the Web. With the emergence of Massively Multiplayer Online Role-Playing Games (MMORPG), enabled by high-speed networking and Flash- and Java- based technologies, an Internet revolution has occurred where websites can utilize streaming video, audio, and a whole new environment for user interactivity.
In the last 5 years or so, online gaming has exploded in popularity. Computer role-playing games in which a very large number of players interact with one another within a virtual game world are running on a constant presence through services such as Xbox Live (23 million members) and games like Runescape (150M) and World of Warcraft (12M). With so many members, online gaming is a serious cyberspace presence. When you couple this immense cyber presence with the $5-10 monthly membership fees, MMORPG is also BIG business.
But, like all other technology-enabled cyberspace capabilities there is an evolution on-going. Powered by concepts discussed previously in these blogs (exchange, emergence and self-organization) online gaming is evolving. Social networking capabilities which previously required multiple services are routinely “packaged” into on-line gaming systems.
Enabled through a user-created avatar, players within Xbox Live, World of Warcraft and Runescape can now maintain social contact with friends on-line…in fact, they actually have to maintain and leverage these social networks to achieve objectives in the games they play!
Text, voice and video chat, status-updates, and profile creation are integral components of these online game systems. Users no longer need to go to separate individual sites and systems to maintain their social network. Convergence and coevolution are definitely at work in these environments.
For people though, the real evolution is not the integration of technical capabilities. It is the emergence of culture acceptance and user comfort with interacting with others inside of virtual worlds. Today’s younger generation processes an evolved skill set, mental accommodation, and social acceptance of interacting within these virtual worlds. They are in these worlds every day, for hours at a time.
For many users, the only interaction they have with some of their friends is within these worlds, where they are maintaining contact and staying informed of real world activities and events. It is as though there is an overlap for them of the real world and these virtual worlds, and the so-called barriers between them seem to blur through continued presence in virtual environments.
So what do I think Cyberspace 2020 will look like? Based on this evolution we’ve just discussed, I envision a cyberspace where users will no longer log onto a machine, open multiple applications, and interact with the Web via a browser.
In 2020, I see us “logging” into the Web through personalized devices directly into our virtual world. Many of us may even stay logged on constantly!
Acting through personally created profiles (through our avatars), we will interact with our social network just as we would face-to-face. It’s almost certain that we will even see our avatars empowered with new capabilities that allow them to interact on our behalf, buying movie tickets, making dinner reservations and so on.
Our virtual world will be our interface to the rest of the World Wide Web and people everywhere! Cyberspace 2020 will likely be even more interconnecting and more social, but it will almost certainly change the way we live, work and play.
Monday, January 10, 2011
Cyberspace Science and Cyberspace Security Science: Why Both?
by Carl Hunt
In an October, 2010 blog, I commented about the importance of asking “the right questions” in critical situations. “It’s the questions, not the answers, which most guide us in strategic thinking and understanding…And equally important, it is the order in which you ask questions and experience discovery through responses to those questions that help you form strategies.” I wrote these words citing the inspiration of mentor Dr. David Schum of George Mason University.
It’s an odd if fascinating experience to quote yourself from a previous writing to make a point, but it’s also boring and probably doesn’t raise many new challenges in thinking. So, I’ll try to springboard off that “inspirational” quote to distinguish why we need two “disciplines”: one the major and one the minor, to study cyberspace. It may turn out we need many more, but these two will provide a great start to test the limits of human thinking about connectivity!
Why do we need both a Science of Cyberspace and a Science of Cyberspace Security, the latter of which receives significantly more emphasis?
We require them both because they are so deeply interwoven that we need both a general understanding of the environment of cyberspace and we critically need to understand how to secure it. Science to secure cyberspace may have a shorter-term, technological focus, but together they may ultimately satisfy the requirement for prosperity in this new environment.
It will be scientific-based study, informed by the process of meaningful inquiry, that will help us see beyond a purely technological domain and restore some methodological insights into what is happening to man in the advent of the hyper-connected age of cyberspace.
You can probably tell by now that I consider a Science of Cyberspace to be the major discipline!
In considering both cyberspace in general and cyberspace security in particular, it’s about the questions we ask that drive new and hopefully relevant discovery, and that’s the construct I’ll use to discuss both efforts. The nature of these questions will help discern the differences in our quest to understand cyberspace from these two strongly related perspectives.
I’ll start with the Science of Cyberspace Security requirement based on a recently released government-sponsored effort called “Science of Cyberspace Security” published in November, 2010 by the MITRE Corporation and the JASON group.
If one didn’t already know it before reading this report, it’s easy to see why security demands the most attention since business, academia and government (and indeed the world’s economic systems) have built a critical reliance on what cyberspace offers in terms of connectivity and access. Cyberspace security is also a core component of the overall SENDS Project, including the SENDS modeling and simulation environment, SENDSim. It’s a vital topic!
The JASON report provided answers, but what were the questions they addressed?
The report used nine basic questions to organize thinking within their findings, having been provided these questions by their government sponsorship (according to page 3 of the report, also where we find the start of the questions). The reader interested in cyberspace security should refer to the JASON report to form their own conclusions, but the idea of building a strategic position around important questions is the focus here.
As Dave Schum always advised, it really helps if you’re working with “the right questions.” All in all, it appears the government provided the JASON group with meaningful questions and they responded well within the framework of those questions. But, were they the “right questions?”
We need to ask how suitable the questions were to guide us in strategic thinking and understanding of cyberspace. Perhaps they were a reasonable start, yet they were narrowly focused on the “minor” discipline of the study of cyberspace: the Science of Cyberspace Security. To really be “the” questions that guide us in better understanding cyberspace, they must be broadened to address the entirety of the environment.
The questions provided, as rooted in scientific exploration as they were, did not get at the issues we’ve raised in SENDS about people and community as the key part of the solution space. Any line of inquiry for the study of the Science of Cyberspace will need to focus on people: people as users, people as designers, people as protectors, people as attackers and people as solutions. The JASON study addressed the questions they were provided well enough, but again, were they “the right questions?” Did these questions help objectively frame their responses and allow for full impartiality? After all, that’s a significant purpose of meaningful inquiry.
While we don’t have access to the instructions provided to the JASON panel, we do have the list of the questions they were provided by the sponsor. For those who focus on the role of people in cyberspace, it’s gratifying to see that question 5 did ask if social sciences, among others, could serve as topics that could “contribute to a science of cyber security?”
The body of the JASON study interwove important topics that are people-centric in their substance. These topics include game theory, trust, biologically-inspired immune responses and metric collection/ assessments. For the most part, however, the JASON group focused on technological prescriptions. A significant Department of Energy December, 2008 report, “A Scientific Research and Development Approach To Cyber Security,” cited over-reliance on a technology focus as a chief complaint, as has SENDS since its origins. SENDS found inspiration from the DOE work. Did the JASON line of inquiry enhance thinking in that regard? Readers should decide for themselves.
The sponsor’s questions did lead to one critical response from the report, however: “The most important attributes (of a Science of Cyberspace Security) would be the construction of a common language and a set of basic concepts about which the security community can develop a shared understanding.” We have asserted the same requirement from the beginning of SENDS (here and here, for example), as did the DOE imply in its report. It appears this principle applies to both a science of cyberspace security and a more general science of cyberspace (in fact, that’s a contributing factor to resolving wicked problems, another core component of SENDS).
But, there’s much more to understanding cyberspace and the questions we need to ask about it than cyberspace security. That’s why we need a broader “Science of Cyberspace.” To better secure cyberspace, it would be helpful to more fully understand what’s going on inside the environment as a whole. Some might argue that the immune system seems to work just fine without knowing all the details about the host it’s protecting or the characteristics of the attacker. But as the JASONs so rightly point out, an immune system is at best an inspiration for how to do better security.
In their study of systems, scientists and engineers typically try to address hard questions through broad understanding and awareness, and use an approach that provides deeper insights about the whole of a system. While studying the immune system may help with understanding how the body defends itself, studying the immune system alone does not suffice for the study of the entire human body. Likewise, studying the science of cyberspace security alone does not give us the broader understanding of the whole needed to study the entirety of the cyberspace system.
Since cyberspace is a socio-technological environment, built, explored and exploited by people (at least for the time being), we need to start understanding more about the ecology of the environment and how it’s changing human behavior as a whole. We’ve seen that cyberspace as a massively interconnecting environment has already altered the nature of crime and spying (people-centric activities), and thus why there is a critical need for a science of cyberspace security. That’s just one family of problems we face, however, because we don’t understand cyberspace holistically.
We need to ask questions about cyberspace, not just about cyberspace security. Broadening our aperture of questions helps us accomplish the main objectives of science: explain and predict. Many more questions need to be focused on the people part of cyberspace. We began that process from the earliest drafts of the Science of Cyberspace White Paper (first drafted in March, 2009, by the way, and now posted in its eighth major draft, noted above) and in our earliest blogs (here and here, for example).
We also need not be put off when we find evidence or results that refute our hypotheses (another term for questions), either. It’s just as important to publish findings that surprise us and rebut previously held notions as it is to present results that confirm our initial positions. Science is about impartiality and repeatability of objectively derived findings. A recent piece in the New Yorker Magazine, entitled “The Truth Wears Off: Is there something wrong with the scientific method?” bears that out.
In a sense, trying to do a science of cyberspace security without at least simultaneously doing a more general science of cyberspace may fall into the category of the cautions of the New Yorker piece…we need to ask questions about the whole environment, not just part of it. That’s the approach SENDS and the Science of Cyberspace are taking. Our success, however, will be in large part because of the insightful work the JASONs, the DOE and others are doing, just as they may also benefit from SENDS.
Cyberspace is immense, and it will take all we humans have to understand it, explore it, exploit it and protect it. We’re all in this together.
Monday, January 3, 2011
Enhancing SENDSim With Optimization
by David Davis
The distinction between a person interacting with SENDSim to study a problem and the use of an optimizer to find solutions is an important one. A human’s interaction with SENDSim may well rely on the human’s past experience and intuition. Human operators or analysts may configure the simulated network as they have done in the past, unaware that there are better configurations and better uses of network resources.
An optimizer is able to explore new strategies, view the results of thousands of scenarios, and find new techniques and outcomes that experts may have overlooked.
There are a number of advantages to linking an optimizer with a simulation like SENDSim. These advantages include the potential to:
• find different solutions than those a human expert would discover
• find better solutions than those a human expert would unearth
• improve on the solutions produced by human experts
• find solutions more quickly than a human expert
• react to changing conditions more quickly than a human expert
These points are worth making in more detail.
An optimizer can find different solutions from those a human expert would find because it is not bound by its experience—it approaches the problem without preconceptions. In computer security, this feature may be especially beneficial, since we may be able to use diverse novel solutions to avoid a configuration monoculture that can more easily be exploited by malware.
An optimizer can find better solutions because it is able to consider many more solutions than a human expert would typically have time to consider.
An optimizer can improve on solutions produced by human experts, if it uses the human’s solution as a base for optimization and begins the optimization process there.
An optimizer can find solutions more quickly than a human expert if the optimizer uses a network of computers or grid computing to consider large numbers of solutions in parallel.
An optimizer reacts to changing conditions more quickly than an expert, in that it can accommodate changes in technology and changes in policy options without being bound by the way it has solved problems in the past.
An optimizer is a good tool for understanding what-if situations. What if we had a better firewall? What if we had instantaneous reaction to attacks? Humans have a more difficult time finding good solutions when technology changes significantly. An optimizer, working without presuppositions, adjusts to changes without difficulty.
In addition to these advantages, optimization allows us to better understand what-if scenarios. The design documents for SENDSim describe a range of questions that can be studied using SENDSim. Let's consider several of them, together with the way that an optimizer would add value to a human’s study of those questions.
How can a change in policy (enforced by Human Resources, for example, or enforced by technology) increase network security without decreasing worker productivity?
Suppose we are considering a change in network policy. An optimizer can be used to discover what other changes in policy and/or changes in worker behaviors would best be instituted together with the change that is envisioned. Human experts who have not worked with the new policy in place may not be aware of other changes that will increase its impact and decrease its negative effects.
Design documents for SENDSim describe a range of questions that can be studied using SENDSim. Here I’ll consider several of them and describe the way that an optimizer would add value to a human’s study of those questions.
Q: Which solution results in a better outcome: expanding the IT security and administration staff or educating and empowering workers?
An optimizer can be used to explore a wide range of potential changes, finding the best combination of new approaches to security. Making changes to a complicated network often has unintended consequences—some of them undesirable. SENDSim will model these consequences. The optimizer can discover and exploit the desirable, unintended consequences while it avoids the undesirable ones.
Q: What does the timescale of a Conficker infection look like, given my particular network and worker profiles? What aspects of my worker policies and network policy are enabling or counteracting the spread?
An optimizer can be used to find the best combination of worker behaviors and network policies to slow the spread of an infection. In a complicated situation, like that of a working computer network, the best action to take in a new situation can be unlike anything seen in an expert’s prior experience.
Q: How might my staff react to combat a “zero-day” Conficker attack? How would network functionality and worker productivity change, and hopefully recover, over time?
An optimizer can find the best combination of network configuration and worker policies in order to minimize the impact of a zero-day event. In some cases, the optimizer might even uncover solutions that have not been seen or practiced before.
Q: What combination of policy and network design will help me meet my security and productivity goals?
The optimizer can be given a “budget” of dollars to spend and a limit on the magnitude of changes it can make to network policies. It will find the best way to spend that budget and institute changes within constraints in order to trade off improvements in network security while allowing workers to do their jobs.
The ability of an optimizer to provide high-quality answers to these types of questions is one of the strengths of the synergies we find in simulation enhanced with optimization. We’ll explore more opportunities to integrate simulation and optimization in future blogs.
NOTE: Dr. David Davis is the president of VGO Associates, one of the original participants in the SENDS Consortium.
SENDSim is designed for human experimentation. In the initial tests of SENDSim, a human will modify policies, procedures, and other parts of a network strategy, and then observe the effects as the simulation shows how a network with those policies, procedures, and strategies is impacted by the introduction of malicious software code like Conficker.
Human interaction is one valuable use of SENDSim. Perhaps equally valuable is another capability of the system—optimization. Use of an optimizer in conjunction with SENDSim allows us to find the best policies and procedures, given the constraints and various goals that are set by the user.
An optimizer is a computerized technique that finds very good solutions, often by exploring more solutions than a human would have time or inclination to explore. Optimizers can use the techniques humans would use to find solutions, but in addition they frequently use techniques for finding solutions that are unlike those a human would look employ. For this reason, optimizers often find solutions that are unlike those humans would find, and that are better.
Human interaction is one valuable use of SENDSim. Perhaps equally valuable is another capability of the system—optimization. Use of an optimizer in conjunction with SENDSim allows us to find the best policies and procedures, given the constraints and various goals that are set by the user.
An optimizer is a computerized technique that finds very good solutions, often by exploring more solutions than a human would have time or inclination to explore. Optimizers can use the techniques humans would use to find solutions, but in addition they frequently use techniques for finding solutions that are unlike those a human would look employ. For this reason, optimizers often find solutions that are unlike those humans would find, and that are better.
An optimizer is able to explore new strategies, view the results of thousands of scenarios, and find new techniques and outcomes that experts may have overlooked.
There are a number of advantages to linking an optimizer with a simulation like SENDSim. These advantages include the potential to:
• find different solutions than those a human expert would discover
• find better solutions than those a human expert would unearth
• improve on the solutions produced by human experts
• find solutions more quickly than a human expert
• react to changing conditions more quickly than a human expert
These points are worth making in more detail.
An optimizer can find different solutions from those a human expert would find because it is not bound by its experience—it approaches the problem without preconceptions. In computer security, this feature may be especially beneficial, since we may be able to use diverse novel solutions to avoid a configuration monoculture that can more easily be exploited by malware.
An optimizer can find better solutions because it is able to consider many more solutions than a human expert would typically have time to consider.
An optimizer can improve on solutions produced by human experts, if it uses the human’s solution as a base for optimization and begins the optimization process there.
An optimizer can find solutions more quickly than a human expert if the optimizer uses a network of computers or grid computing to consider large numbers of solutions in parallel.
An optimizer reacts to changing conditions more quickly than an expert, in that it can accommodate changes in technology and changes in policy options without being bound by the way it has solved problems in the past.
An optimizer is a good tool for understanding what-if situations. What if we had a better firewall? What if we had instantaneous reaction to attacks? Humans have a more difficult time finding good solutions when technology changes significantly. An optimizer, working without presuppositions, adjusts to changes without difficulty.
In addition to these advantages, optimization allows us to better understand what-if scenarios. The design documents for SENDSim describe a range of questions that can be studied using SENDSim. Let's consider several of them, together with the way that an optimizer would add value to a human’s study of those questions.
How can a change in policy (enforced by Human Resources, for example, or enforced by technology) increase network security without decreasing worker productivity?
Suppose we are considering a change in network policy. An optimizer can be used to discover what other changes in policy and/or changes in worker behaviors would best be instituted together with the change that is envisioned. Human experts who have not worked with the new policy in place may not be aware of other changes that will increase its impact and decrease its negative effects.
Design documents for SENDSim describe a range of questions that can be studied using SENDSim. Here I’ll consider several of them and describe the way that an optimizer would add value to a human’s study of those questions.
Q: Which solution results in a better outcome: expanding the IT security and administration staff or educating and empowering workers?
An optimizer can be used to explore a wide range of potential changes, finding the best combination of new approaches to security. Making changes to a complicated network often has unintended consequences—some of them undesirable. SENDSim will model these consequences. The optimizer can discover and exploit the desirable, unintended consequences while it avoids the undesirable ones.
Q: What does the timescale of a Conficker infection look like, given my particular network and worker profiles? What aspects of my worker policies and network policy are enabling or counteracting the spread?
An optimizer can be used to find the best combination of worker behaviors and network policies to slow the spread of an infection. In a complicated situation, like that of a working computer network, the best action to take in a new situation can be unlike anything seen in an expert’s prior experience.
Q: How might my staff react to combat a “zero-day” Conficker attack? How would network functionality and worker productivity change, and hopefully recover, over time?
An optimizer can find the best combination of network configuration and worker policies in order to minimize the impact of a zero-day event. In some cases, the optimizer might even uncover solutions that have not been seen or practiced before.
Q: What combination of policy and network design will help me meet my security and productivity goals?
The optimizer can be given a “budget” of dollars to spend and a limit on the magnitude of changes it can make to network policies. It will find the best way to spend that budget and institute changes within constraints in order to trade off improvements in network security while allowing workers to do their jobs.
The ability of an optimizer to provide high-quality answers to these types of questions is one of the strengths of the synergies we find in simulation enhanced with optimization. We’ll explore more opportunities to integrate simulation and optimization in future blogs.
NOTE: Dr. David Davis is the president of VGO Associates, one of the original participants in the SENDS Consortium.
Thursday, December 30, 2010
SENDS 2010: The Year in Review
by Carl Hunt, Bob Schapiro and Craig Harm
In sports, when an underdog team surprises everyone and gets into the playoffs, they can’t wait until the next game. That’s what the SENDS team is feeling right now: the thrill of anticipation as we see our season extended and the team getting better and better when it counts.
Our goal has always been to empower the public to create the future of cyberspace and become part of the SENDS team. A few months ago, we were in the odd position of being able to open positions on the team, but not having a lot of people to join. Now that is changing...fast.
From the beginning, SENDS has been fortunate to enjoy the active participation of great thinkers...including some of the people who actually set the course for the future of the Internet. Most of these people work for the government and major software firms, hired for their expertise in cyber-security. But as scientists, they wish to transcend that role and discover what makes cyberspace tick. They know this can only be discovered by working with the people who use the Internet every day; in short, almost everyone – it’s a big team!
That’s where SENDS comes in.
To be blunt, until a few months ago, our resources for reaching the public were not what we hoped they’d be. But the seeds we planted started to thrive, growing stronger every day. With this posting, we have now published 31 blogs in the 3½ months from the first entry. We’ve been fortunate to be highlighted in several online fora, including James Fallows’ Atlantic Magazine blog, the DoD’s Armed with Science blog, and an interesting site called “OhMyGov!” We’ve even been invited to two Highlands’ Forum meetings to talk about SENDS and participate in discussions of Design in Cyberspace.
The important thing is that you are reading this blog...and if you’re like most of the people who now read and contribute, six months ago you had no idea what SENDS was. You joined the team!
In 2011, we look forward to empowering people in many ways, as with our initiative for you to help create the new vocabulary of cyberspace. In fact, thanks to contributors, we have a lot to build on to strengthen and broaden the team. As 2010 draws to a close, however, it’s worth talking about the direction the SENDS Pilot project has traveled from its inception and to try to put it into context. That, along with new team members’ contributions, creates the synergy for 2011.
SENDS began in 2009 as a proposal to address the observations of a December, 2008 US Department of Energy White Paper entitled “A Scientific Research and Development Approach To Cyber Security.” Thus, SENDS began as a project to address cyberspace security, expanding on several of the thoughts from that very fine DOE paper.
It became clear after a 90-day study, however, that in order for the US and indeed all users of cyberspace to explore and exploit the environment, security was necessary but not a sufficient condition to unleash the potential cyberspace has to enhance prosperity on a national and global scale. We took this challenge to potential government sponsors and they agreed.
In a June, 2010 interagency, multidisciplinary forum in Arlington, VA, the current SENDS Pilot Project was initiated, identifying four main tasks to accomplish in the 12-month pilot.
As we embarked on the project, new ideas came to light as a result of the collaboration of the diverse SENDS participants. The SENDS tasks were still relevant, but we found that we needed to look through the lenses of living systems and ecology to develop holistic perspectives about the greatest connecting fabric mankind has known.
Several prominent advisors told us that the ecological perspective is a valuable way to think about the challenges of cyberspace prosperity and security, particularly when considered through the standpoint of what is found in wicked problem resolution literature. The wicked problem resolution advice is good because it also helps us think about the social context of problem definition and resolution: it’s a people challenge, just as are cyberspace prosperity and security.
We took this good advice and blended it with the thoughts of guest bloggers to produce what we think is an objective viewpoint about how cyberspace is emerging around us and how it will affect us in the future. We looked at people, processes and technology as a convergent and emergent phenomenon (starting here). These insights have been continuously informed by multiple perspectives, possible through the connectivity that cyberspace offers.
This holistic view is why SENDS is more than just another cyberspace security project.
Through the efforts of a variety of authors, the SENDS Blog has been fortunate to provide diverse perspectives on the SENDS tasks through several backgrounds…the SENDS wiki site has augmented and expanded these perspectives.
Broad thinking about one of the two most long-term focused SENDS tasks, Education and Academic Curricula, for example, has led to contributions from no less than four authors about this important topic. We have had the good fortune to hear from a school teacher in Canada, an Emmy-Award winning documentary director/ producer, a director of a nationally recognized science center in Florida and a retired military officer (here and here), each sharing distinctive perceptions about how America must look at education in the connected age.
Another long-term task, a Center for Cyberspace Science, has generated equally important and diverse perspectives, ranging from the use of advanced modeling and simulation capabilities to the development of a “cyberspace laboratory.” When put into the context of better understanding concepts like community in cyberspace and formulating meaningful inquiry about this new environment, a center for studying the remarkable power of cyberspace connectivity seems mandatory for better understanding this new world.
The task to develop relevant models and simulations (M&S) as a “laboratory” for cyberspace is indeed one of the tasks we have invested considerable resources in. The SENDS M&S team collected data from a variety of subject matter experts, including military, law enforcement and commercial practitioners to develop SENDSim. This M&S environment, shown in its early stages here, is one of the first products of the Center.
We are also developing SENDSim to become a useful tool to gain insights on the kind of socio-technological convergence issues we’ve been discussing above. Speaking of understanding socio-technological convergence, the SENDS team has also been fortunate to publish the insights of a senior media analyst to help clarify challenges to look at cyberspace in this way (here and here). We’ve even had an innovative software developer write about the development of programming languages in the context of socio-technological convergence and ecology!
Another early product of the Center is a White Paper on the Development of a Science of Cyberspace, that while in early draft form, may serve as a framework for the consideration of important topics to demonstrate how such a discipline would be studied. We will see more similar products from the Center as the Pilot continues, and we expect to write about them here in this blog.
The first six months of the SENDS Pilot Project have been exciting, and chronicling it within the pages of the SENDS Blog has been rewarding considering the diversity of the authors who have contributed. The remaining six months of the Pilot should be equally rewarding as we see the maturity of SENDSim emerge.
We look forward to experiencing greater government, commercial, academic and even individual relationships as we improve on the Science White Paper through more diverse input, and synergize SENDS through collaboration with other efforts. We also look forward to formalizing relationships that move the Center for Cyberspace Science into a suitable home.
In coming weeks, we’ll port over this blog and much of the wiki material to a SENDS-dedicated site at www.sendsonline.org. We’ll announce the movement of the site in this blog and on the wiki when we’re up and running. Please visit us there, and continue to send your thoughts to words@sendsonline.org or through comments within this blog.
It’s been a great first six months for the rapidly growing SENDS team and we can hardly wait for the next six. The playoffs await and the season continues!
Subscribe to:
Posts (Atom)