Section II Workshop I Concept, Goal, and Methodology Concept: The first workshop introduced the national security community to numerous issues related to protection of the infrastructure. Goal: The aim was to raise awareness of emergent critical vulnerabilities that result from the complexity of highly interconnected, networked, and shared infrastructures. Methodology: The workshop brought together practitioners from industry and government to discuss their perspectives on critical infrastructure protection and to lead a dialogue with participants on the concepts presented. The approach, promoted by the moderator Michael Schrage, was to create participatory panels of peer partnership between participants and speakers. This “360” learning process creates an environment in which issues and ideas flow freely. The challenge posed to presenters was to articulate their perspectives on confronting complexity and identify the two most critical issues. They were asked to link their perspectives to specific recommendations for next steps, such as areas needing further study, proposed technical or regulatory fixes, an awareness program, or a design principle that the workshop audience could use as a basis for further discussion and argument. The presenters were asked to provide an understandable technical definition of complexity and use it to illuminate a broader discussion of the policy choices and economic trade-offs confronting public- and private sector infrastructure management. This needed to be communicated in no more than twelve minutes to allow time for audience interaction. The presenters were asked to structure their talks to invite provocative questions and evoke constructive interactions on methods to apply complexity theory to technology adoption, organizational design, and policy. Ultimately, the success of the workshop was predicated on the support, commitment, and collaboration of three groups: the champions, the presenters, and the participants. The Champions: The workshop could not have happened without the support of both the Cyber Conflict Studies Association and the National Defense University. Mr. John Casciano, Maj Gen (Ret), CCSA President, provided constant support and suggestions to the workshop subcommittee. Lt Gen Michael Dunn, President of NDU, not only was instrumental in supporting CTNSP involvement in this effort, but added his own thoughts contributions on complexity and suggested follow-on activities. The Presenters: In his welcoming remarks, Lt Gen Dunn addressed complexity and cyber conflict as they relate to civilian and military infrastructure and gave his perspective on the way ahead. The workshop leads asked Dr. Harold Morowitz, a Robinson Professor in Biology and Natural Philosophy at George Mason University’s Krasnow Institute for Advance Studies, to set the stage with a breakfast keynote address discussing the “Implication of Complexity on Shared Infrastructures.” Morowitz is the author of numerous books, the former Editor-in-Chief of the journal Complexity, and a founding member of the Sante Fe Institute. An established authority in the area of biological networks, Morowitz is currently investigating the interface of biology and information sciences. A panel led by Dr. Dejan (Dan) Sobajic and Mr. Alan Paller followed Morowitz’s talk. Sobajic, Director of Grid Reliability and Power Markets at the Electric Power Research Institute (EPRI), spoke on “Power Grid Interconnectivity, Failures and Regulatory Interaction.” World-renowned in the area of neural networks, Sobajic is currently addressing reliability and security issues in the power grid and research into self-healing networks and smart grids. Mr. Paller, as Director of Research for the SANS Institute, oversees research on the top twenty Internet security threats, step-by-step security guides, and the SANS digests. Founder of the CIO Institute and Director of the Internet Storm Center, Paller led a discussion on the “Impact of Sound Security Practices on Mitigating Risks from Cyber Attacks.” Mr. Richard Clarke, founder and president of Good Harbor Consulting,
presented the keynote luncheon talk entitled, “A Machine Dominated
Future.” Clarke is the former National Coordinator for Security
Infrastructure Protection and Counter Terrorism at the National Security
Council. In this role, he led U.S. government efforts on counter terrorism,
cyber security, continuity of operations, domestic preparedness for weapons
of mass destruction, and international organized crime. Mr. Clarke served
in various leadership positions under Presidents Ronald W. Reagan, George
H. W. Bush, William J. Clinton, and George W. Bush. The afternoon sessions
included presentations by Dr. Daniel Geer and Dr. Gregory J. Rattray.
Geer, with over twenty-five years of experience in computer science and
information security, is a Principal of Geer Risk Services. Geer’s
former positions included leadership and technical positions at @Stake,
MIT’s Project Athena, and the Health Sciences Computer Facility
at Harvard University. Dr. Geer has published in RISK Digest
and Wired Magazine as well as well-known professional journals,
and is co-author of the Web Security Sourcebook1.
Geer led a panel on the “Cascading Effects and Ubiquitous Use of
Common Platforms and Protocols.” The second panelist Col (S) Gregory
Rattray, is the Director for Cyberspace Security, Office of Defense Policy
and Arms Control of the National Security Council. Rattray is responsible
to the Assistant to the President for National Security Affairs for development
and implementation of U.S. policy related to cyberspace security and telecommunications.
Rattray was formerly the Deputy Director for Defensive Information Warfare
on the Headquarters Air Force staff and has had numerous assignments in
intelligence and information operations. He is the author of Strategic
Warfare in Cyberspace2.
Rattray led a discussion on “Challenges for Securing Shared Infrastructure
against Large Scale Cyber Attack.” The Participants: To implement the participatory panel concept, invitations to the workshop were extended to members of the cyber defense community who have roles in researching, establishing, operating, and making policy to guide the development of our nation's cyber defense capabilities. The participants included representatives from government, the private sector, and academe. (A copy of the workshop agenda and a list of workshop participants can be found at Appendix A.) 1.Aviel D. Rubin, Dan Geer, and Marcus J. Ranum, Web Security Sourcebook: A Complete Guide to Web Security (John Wiley & Sons, 1999) 2.Gregory J. Rattray, Strategic Warfare in Cyberspace (Cambridge, MA: MIT Press, 2001)
|
||||