“Working in partnership with the communities represented here today, we will develop a new comprehensive strategy to secure America’s information and communications networks.” – President Barack Obama, May 29, 2009

…it is imperative that we achieve a “leap forward” in cybersecurity through development of “game changing” technologies.” ( Full Text) – Aneesh Chopra, U.S. Chief Technology Officer

The Federal Networking and Information Technology Research and Development (NITRD) Program, under guidance from the Office of Science and Technology Policy (OSTP), and the Office of the Assistant Secretary for Defense Networks and Information Integration held a National Cyber Leap Year Summit. The Summit gathered innovators from the academic and commercial sectors for an unconventional exploration of five fundamentally game-changing concepts in cybersecurity.

Logistics

  • Agenda
  • Date: August 17-19, 2009
  • Location: Arlington, Virginia

Summit Reports

Background Information

The Nation’s economic progress and social well-being now depend as heavily on cyberspace assets as on interest rates, roads and power plants, yet our digital infrastructure and its foundations are still far from providing the guarantees that can justify our reliance on them. The inadequacy of today’s cyberspace mechanisms to enforce the implicit values which underpin our way of life has gained attention at the highest levels of government. To respond to the President’s call to secure our nation’s cyber infrastructure, The White House Office of Science and Technology Policy (OSTP) and the agencies of the Federal Networking and Information Technology Research and Development (NITRD) Program have developed the Leap-Ahead Initiative. (NITRD agencies include AHRQ, DARPA, DOE, EPA, NARA, NASA, NIH, NIST, NOAA, NSA, NSF, OSD, and the DOD Research Labs.)

In October 2008, to begin to address this deficit, the Government kicked off a National Cyber Leap Year. That effort has proceeded on the premise that, while some progress on cybersecurity will be made by researching better solutions to today’s problems, some of those problems may well be too hard. The Leap Year has pursued a complementary approach: a search for ways to bypass the intractable problems. This approach we call changing the game, as in “if you are playing a game you can’t win, change the game!”

During the Leap Year, via a Request for Information (RFI) process, the technical community had an opportunity to submit ideas for changing the cyber game. The 238 RFI responses we received led to the five new games which this Summit will explore, games chosen both because the change shifts our focus to new problems, and because there appear to be technologies and/or business cases on the horizon which would be a force for that change. Summit participants will examine the forces of progress and inertia and recommend the most productive ways to induce the new games to materialize over the next decade.

  • Digital Provenance → basing trust decisions on verified assertions
  • Moving-target Defense → attacks only work once if at all
  • Hardware-enabled Trust → knowing when we’ve been had
  • Health-inspired Network Defense → move from forensics to real-time diagnosis
  • Cyber Economics → crime doesn’t pay

Taming this new frontier will require the contributions of many, so the Summit, like the Leap Year itself, should be seen as a tool for the community to use to build the shared way forward. The Summit’s outcomes will serve as an input to the Administration’s cybersecurity R&D agenda and as strategies for public-private actions to secure the Nation’s digital future.

Program Co-Chairs

CYBER ECONOMICS

  • Professor Alessandro Acquisti, Associate Professor of Information Technology and Public Policy, Heinz College, Carnegie Mellon University
  • Dr. William Horne, Research Manager, Systems Security Lab, HP Labs
  • Dr. Charles Palmer, Senior Technical Advisor, Institute for Information Infrastructure Protection (I3P), Dartmouth and CTO for Security & Privacy, IBM Research

DIGITAL PROVENANCE

  • Mr. Eric Fleischman, Boeing Technical Fellow, Boeing
  • Mr. Hugo Teufel III, Director, Advisory Services, PricewaterhouseCoopers
  • Professor Gene Tsudik, University of California, Irvine

NATURE-INSPIRED CYBER HEALTH (formerly as Health-Inspired Network Defense)

  • Professor Dipankar Dasgupta, Professor, Department of Computer Science, University of Memphis, Director, Center for Information Assurance, Director, Intelligent Security Systems Research Laboratory
  • Dr. Steve Hofmeyr, Research Engineer, Lawrence Berkeley National Laboratory
  • Professor Leor Weinberger, Assistant Professor of Chemistry and Biochemistry, UC San Diego

MOVING-TARGET DEFENSE

  • Professor Anup K. Ghosh, Chief Scientist & Research Professor, Center for Secure Information Systems, George Mason University
  • Mr. Ivan Krstić, Core OS Security Samurai, Apple
  • Dr. Dimitrios Pendarakis, Research Staff Member & Manager, Secure Systems Group, IBM T.J. Watson Research Center
  • Professor William H. Sanders, Donald Biggar Willett Professor of Engineering, Director Coordinated Science Laboratory and Information Trust Institute, University of Illinois

HARDWARE-ENABLED TRUST

  • Professor Fred Chong, Director, Computer Engineering Program, Director, Greenscale Center for Energy-Efficient Computing, Professor, Department of Computer Science, UC Santa Barbara
  • Professor Ruby B. Lee, Forrest G. Hamrick Professor in Engineering, Professor of Electrical Engineering and Computer Science, Director of Princeton Architecture Lab for Multimedia and Security, Princeton University
  • Dr. Claire Vishik, Security, Trust & Privacy Policy & Technology Manager, Intel

 

The Summit was managed by QinetiQ North America at the request of the NITRD Program, Office of the Assistant Secretary of Defense Networks and Information Integration, and the White House Office of Science and Technology Policy.