(This article appeared as a CCC BLOG post on June 16, 2022.)
Last month the Networking and Information Technology Research and Development (NITRD) program commemorated their 30th Anniversary in Washington D.C. You can read the full event recap here. In an effort to highlight the impact federal investments have had on the computing research community, the event featured five panels in which participants discussed key achievements in the field over the past decade and future directions going forward. Each panel focused on an important subarea of computer research: Computing at Scale, Networking and Security, Artificial Intelligence/Machine Learning, Privacy and the Internet of Things and Socially Responsible Computing.
Technological advancements are growing at an explosive rate around the world. As new technologies arise so do new security vulnerabilities and opportunities for infiltration of the networks that underpin these advances. Moderated by Bob Bonneau (OSD/DOD), Panel 2: Networking and Security, at NITRD’s 30th Anniversary Symposium, led a discussion between field experts Deborah Frincke (Sandia NL), Jim Kurose (UMA), and Chris Ramming (VMware) about key challenges and necessary advancements to ensure secure and trustworthy networks.
After brief introductions and first thoughts, Bonneau dove right in by asking panelists to identify leading issues in networking from both a design and security standpoint. Each panelist brought up a great point.
Frincke answered first stating that one of the key areas of focus should be the “human element” – how are we going to deal with networks that have been seriously breached around the globe when most of the people that operate them don’t have the education or expertise to look for anomalies or to fix things? Kurose agreed it was all about people, but in a spirit of healthy debate, countered that in some cases the best course of action isn’t to focus on ways to incorporate the human element, but to instead get people out of the loop. There are definitely components and places for human expertise but in some instances computation is more reliable than people or time scales.
Continuing off of the issues the panelists identified, Bonneau asked what critical new research questions needed to be solved in order to address them. Panelists offered a multitude of research questions ranging from how to mitigate the after effects of security breaches, to how to stitch all the services and capabilities being offered by networking in a way that keeps the zones of trust as small as possible? Keeping the zones of trust small is a core principle to the zero trust model, which was mentioned in various contexts throughout the panel. The zero trust model is a security framework requiring all users to be authenticated, authorized and continually validated.
The zero trust model is one solution to ensuring secure networks that actually came out of NITRD investments. Ramming encouraged NITRD to continue playing a role in getting researchers together to discuss and take action on capabilities and themes such as notions of zero trust.
“It’s not about NITRD promoting gaps or opportunities but about being the storyteller and being the organization that sorts of helps bring all these ideas together” – Chris Ramming
Frincke and Kurose identified two other themes vital to the computing research ecosystem that NITRD has and should continue to encourage, which is incorporating security thinking and principles into earlier stages of technology development and facilitating federally-funded interactions and collaborations between industry and academia. Kurose brought up the Tire Tracks diagram which traces today’s technologies and advancements back to federal investments such as these.
The panelists each predicted a trend in the networking and security field within the next ten to fifteen years. Frincke foresees researchers taking the societally beneficial technologies that we already have today and designing security into those networks and devices. Kurose anticipates a movement towards solving the uneven geographical distribution of educational resources and tools in software at scale. Ramming imagines new opportunities arising from a greater focus on data security and getting a grip on how to transmit, share and retain control of data.
In order to realize any of these predictions there needs to be an increase in properly trained and educated security professionals.
“One thing that’s common to any conversation about cybersecurity and networking is we do not have enough people who have the background to meet anywhere near a 10th of the needs that we’ve got.” – Deborah Frincke
The solution to this dilemma has two prongs: accessibility and education. Panelists agreed that there needs to be greater access to training and educational programs across the country. These programs need to incorporate rural, untapped areas of potential that have not had the opportunities or accessibility capabilities to be properly trained and as Kurose stated “use education to enable innovation across the country.” The important part is that we realize there isn’t one perfect solution that we haven’t thought of yet. To quote Kurose again, “There is no silver bullet. Double down on the work, double down on the funding, not think about it a little harder.”
Building off of the lack of diversity in the field caused by problems of accessibility, audience member Aruna Balasubramanian (Associate Professor at Stony Brook University), asked about possible implications in networking in security caused by the centralization. While applications are democratized, the stack itself is centralized. She brought up the recent example of companies gaining big control of Internet Service Providers.
Kurose pointed out that this is a repeating cycle throughout history: mostly centralized, regulated monopoly, breaking up and coming back together. While this trend may be expected, it is not to say that it won’t hold negative implications. Ramming cautioned that centralization in general is not good for security. Frincke piggybacked off of Ramming warning that if we privatize too much, then we get homogeneous winners. If attackers find one flaw in that security network then “all bets are off.”
Panel 2 touched on a lot of important topics in such a vital space. They navigated the conversations with a balance of celebration, caution and hope for the future. Thanks to federal investments, computing research has made huge strides towards realizing secure and trustworthy networks, but there is still much work to be done! You can check out the full panel recording on the CCC web page or on NITRD’s YouTube channel.
Look out for the next blog recap on Panel 3: Artificial Intelligence and Machine Learning!